- Upstream bug fixes (bsc#1027942)

b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
  0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
  90e13549-Fix-build-with-setuptools-61+.patch
  424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
- Modified virtman-add-sev-memory-support.patch
- Renamed upstream patches
  virtman-pr381-setuptools-61.patch to
    46dc0616-setup-add-bits-for-setuptools-61.patch
  virtman-34662fe-argcomplete.patch to
    34662fec-tests-Fix-with-latest-argcomplete.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-manager?expand=0&rev=571

0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch

@@ -0,0 +1,68 @@
+Subject: cli: Add iothreadids attributes thread_pool_min and thread_pool_max
+From: Lin Ma lma@suse.com Fri Jul 29 19:16:05 2022 +0800
+Date: Mon Aug 1 11:32:23 2022 -0400:
+Git: 0d84bcfbfa2aa08396e836cb37fd0df167a6f6a4
+
+These two optional attributes allow setting lower and upper boundary for
+number of worker threads for given IOThread. For example:
+
+--iothreads iothreads=2,\
+iothreadids.iothread0.id=1,\
+iothreadids.iothread1.id=2,\
+iothreadids.iothread1.thread_pool_min=8,\
+iothreadids.iothread1.thread_pool_max=16
+
+Signed-off-by: Lin Ma <lma@suse.com>
+
+--- a/tests/data/cli/compare/virt-install-many-devices.xml
++++ b/tests/data/cli/compare/virt-install-many-devices.xml
+@@ -12,7 +12,7 @@
+   <iothreads>5</iothreads>
+   <iothreadids>
+     <iothread id="1"/>
+-    <iothread id="2"/>
++    <iothread id="2" thread_pool_min="8" thread_pool_max="16"/>
+   </iothreadids>
+   <memory>65536</memory>
+   <currentMemory>65536</currentMemory>
+--- a/tests/test_cli.py
++++ b/tests/test_cli.py
+@@ -540,7 +540,7 @@ memorytune0.vcpus=0-3,memorytune0.node0.
+ --memorybacking size=1,unit='G',nodeset=0,1,nosharepages=yes,locked=yes,discard=yes,allocation.mode=immediate,access_mode=shared,source_type=file,hugepages.page.size=12,hugepages.page1.size=1234,hugepages.page1.unit=MB,hugepages.page1.nodeset=2
+ 
+ 
+---iothreads iothreads=5,iothreadids.iothread1.id=1,iothreadids.iothread2.id=2
++--iothreads iothreads=5,iothreadids.iothread0.id=1,iothreadids.iothread1.id=2,iothreadids.iothread1.thread_pool_min=8,iothreadids.iothread1.thread_pool_max=16
+ 
+ 
+ --metadata title=my-title,description=my-description,uuid=00000000-1111-2222-3333-444444444444,genid=e9392370-2917-565e-692b-d057f46512d6,genid_enable=yes
+--- a/virtinst/cli.py
++++ b/virtinst/cli.py
+@@ -2612,7 +2612,11 @@ class ParserIOThreads(VirtCLIParser):
+         # Options for IOThreads config
+         cls.add_arg("iothreads", "iothreads")
+         cls.add_arg("iothreadids.iothread[0-9]*.id", "id",
+-                find_inst_cb=cls.iothreads_find_inst_cb)
++                    find_inst_cb=cls.iothreads_find_inst_cb)
++        cls.add_arg("iothreadids.iothread[0-9]*.thread_pool_min",
++                    "thread_pool_min", find_inst_cb=cls.iothreads_find_inst_cb)
++        cls.add_arg("iothreadids.iothread[0-9]*.thread_pool_max",
++                    "thread_pool_max", find_inst_cb=cls.iothreads_find_inst_cb)
+ 
+ 
+ ###################
+--- a/virtinst/guest.py
++++ b/virtinst/guest.py
+@@ -67,9 +67,11 @@ class _DomainDevices(XMLBuilder):
+ 
+ class _IOThreadID(XMLBuilder):
+     XML_NAME = "iothread"
+-    _XML_PROP_ORDER = ["id"]
++    _XML_PROP_ORDER = ["id", "thread_pool_min", "thread_pool_max"]
+ 
+     id = XMLProperty("./@id", is_int=True)
++    thread_pool_min = XMLProperty("./@thread_pool_min", is_int=True)
++    thread_pool_max = XMLProperty("./@thread_pool_max", is_int=True)
+ 
+ 
+ class Guest(XMLBuilder):

34662fec-tests-Fix-with-latest-argcomplete.patch

@@ -1,15 +1,12 @@
-From 34662fecc9535c7d8d0a8e7d42fafa4b9e005c89 Mon Sep 17 00:00:00 2001
+Subject: tests: Fix with latest argcomplete
-From: Cole Robinson <crobinso@redhat.com>
+From: Cole Robinson crobinso@redhat.com Mon Jun 13 12:55:31 2022 -0400
-Date: Mon, 13 Jun 2022 12:55:31 -0400
+Date: Mon Jun 13 13:20:01 2022 -0400:
-Subject: [PATCH] tests: Fix with latest argcomplete
+Git: 34662fecc9535c7d8d0a8e7d42fafa4b9e005c89
 
 Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- virtinst/cli.py | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/virtinst/cli.py b/virtinst/cli.py
-index 52be9f298..c42fc0f0a 100644
+index 52be9f29..c42fc0f0 100644
 --- a/virtinst/cli.py
 +++ b/virtinst/cli.py
 @@ -552,7 +552,15 @@ def autocomplete(parser):
@@ -29,7 +26,7 @@ index 52be9f298..c42fc0f0a 100644
          kwargs["exit_method"] = sys.exit
  
      # This fdopen hackery is to avoid argcomplete debug_stream behavior
-@@ -568,7 +576,7 @@ def fake_fdopen_cb(*args, **kwargs):
+@@ -568,7 +576,7 @@ def autocomplete(parser):
              argcomplete.autocomplete(parser, **kwargs)
          except SystemExit:
              if xmlutil.in_testsuite():

424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch

@@ -0,0 +1,158 @@
+Subject: launch_security: Use SEV-ES policy=0x07 if host supports it
+From: Charles Arnold carnold@suse.com Wed Aug 3 08:47:02 2022 -0400
+Date: Wed Aug 3 08:47:35 2022 -0400:
+Git: 424283ad1db9c4da519fac698486967e6b6557b0
+
+
+--- /dev/null
++++ b/tests/data/cli/compare/virt-install-amd-sev.xml
+@@ -0,0 +1,89 @@
++<domain type="kvm">
++  <name>linux2020</name>
++  <uuid>00000000-1111-2222-3333-444444444444</uuid>
++  <metadata>
++    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
++      <libosinfo:os id="http://libosinfo.org/linux/2020"/>
++    </libosinfo:libosinfo>
++  </metadata>
++  <memory>65536</memory>
++  <currentMemory>65536</currentMemory>
++  <vcpu>2</vcpu>
++  <os>
++    <type arch="x86_64" machine="q35">hvm</type>
++    <loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE.fd</loader>
++    <boot dev="hd"/>
++  </os>
++  <features>
++    <acpi/>
++    <apic/>
++    <vmport state="off"/>
++  </features>
++  <cpu mode="host-passthrough"/>
++  <clock offset="utc">
++    <timer name="rtc" tickpolicy="catchup"/>
++    <timer name="pit" tickpolicy="delay"/>
++    <timer name="hpet" present="no"/>
++  </clock>
++  <pm>
++    <suspend-to-mem enabled="no"/>
++    <suspend-to-disk enabled="no"/>
++  </pm>
++  <devices>
++    <emulator>/usr/bin/qemu-system-x86_64</emulator>
++    <disk type="file" device="disk">
++      <driver name="qemu" type="qcow2" discard="unmap"/>
++      <source file="/var/lib/libvirt/images/linux2020.qcow2"/>
++      <target dev="vda" bus="virtio"/>
++    </disk>
++    <controller type="usb" model="qemu-xhci" ports="15"/>
++    <controller type="pci" model="pcie-root"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <controller type="pci" model="pcie-root-port"/>
++    <interface type="bridge">
++      <source bridge="testsuitebr0"/>
++      <mac address="00:11:22:33:44:55"/>
++      <model type="virtio"/>
++    </interface>
++    <console type="pty"/>
++    <channel type="unix">
++      <source mode="bind"/>
++      <target type="virtio" name="org.qemu.guest_agent.0"/>
++    </channel>
++    <channel type="spicevmc">
++      <target type="virtio" name="com.redhat.spice.0"/>
++    </channel>
++    <input type="tablet" bus="usb"/>
++    <tpm model="tpm-crb">
++      <backend type="emulator"/>
++    </tpm>
++    <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
++      <image compression="off"/>
++    </graphics>
++    <sound model="ich9"/>
++    <video>
++      <model type="virtio"/>
++    </video>
++    <redirdev bus="usb" type="spicevmc"/>
++    <redirdev bus="usb" type="spicevmc"/>
++    <memballoon model="virtio"/>
++    <rng model="virtio">
++      <backend model="random">/dev/urandom</backend>
++    </rng>
++  </devices>
++  <launchSecurity type="sev">
++    <policy>0x07</policy>
++  </launchSecurity>
++</domain>
+--- a/tests/test_cli.py
++++ b/tests/test_cli.py
+@@ -1098,6 +1098,7 @@ c.add_compare("--connect " + utils.URIs.
+ c.add_compare("--connect %(URI-KVM-X86)s --os-variant fedora26 --graphics spice --controller usb,model=none", "graphics-usb-disable")
+ c.add_compare("--osinfo generic --boot uefi --disk size=1", "boot-uefi")
+ c.add_compare("--osinfo generic --boot uefi --disk size=1 --tpm none --connect " + utils.URIs.kvm_x86_oldfirmware, "boot-uefi-oldcaps")
++c.add_compare("--osinfo linux2020 --boot uefi --launchSecurity sev --connect " + utils.URIs.kvm_amd_sev, "amd-sev")
+ 
+ c.add_invalid("--disk none --location nfs:example.com/fake --nonetworks", grep="NFS URL installs are no longer supported")
+ c.add_invalid("--disk none --boot network --machine foobar", grep="domain type None with machine 'foobar'")
+--- a/virtinst/domain/launch_security.py
++++ b/virtinst/domain/launch_security.py
+@@ -22,13 +22,15 @@ class DomainLaunchSecurity(XMLBuilder):
+         if not guest.os.is_q35() or not guest.is_uefi():
+             raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
+ 
+-        # 'policy' is a mandatory 4-byte argument for the SEV firmware,
+-        # if missing, let's use 0x03 which, according to the table at
+-        # https://libvirt.org/formatdomain.html#launchSecurity:
+-        # (bit 0) - disables the debugging mode
+-        # (bit 1) - disables encryption key sharing across multiple guests
++        # The 'policy' is a mandatory 4-byte argument for the SEV firmware.
++        # If missing, we use 0x03 for the original SEV implementation and
++        # 0x07 for SEV-ES.
++        # Reference: https://libvirt.org/formatdomain.html#launchSecurity
+         if self.policy is None:
++            domcaps = guest.lookup_domcaps()
+             self.policy = "0x03"
++            if domcaps.supports_sev_launch_security(check_es=True):
++                self.policy = "0x07"
+ 
+     def set_defaults(self, guest):
+         if self.type == "sev":
+--- a/virtinst/domcapabilities.py
++++ b/virtinst/domcapabilities.py
+@@ -93,6 +93,7 @@ def _make_capsblock(xml_root_name):
+ class _SEV(XMLBuilder):
+     XML_NAME = "sev"
+     supported = XMLProperty("./@supported", is_yesno=True)
++    maxESGuests = XMLProperty("./maxESGuests")
+ 
+ 
+ #############################
+@@ -390,12 +391,15 @@ class DomainCapabilities(XMLBuilder):
+     # Misc support methods #
+     ########################
+ 
+-    def supports_sev_launch_security(self):
++    def supports_sev_launch_security(self, check_es=False):
+         """
+         Returns False if either libvirt doesn't advertise support for SEV at
+         all (< libvirt-4.5.0) or if it explicitly advertises it as unsupported
+         on the platform
+         """
++        if check_es:
++            return bool(self.features.sev.supported and
++                        self.features.sev.maxESGuests)
+         return bool(self.features.sev.supported)
+ 
+     def supports_video_bochs(self):

46dc0616-setup-add-bits-for-setuptools-61.patch

@@ -1,7 +1,7 @@
-From c6fc4524d4448259ea85f93f85898b64a4380154 Mon Sep 17 00:00:00 2001
+Subject: setup: add bits for setuptools-61
-From: Peter Alfredsen <crabbedhaloablution@icloud.com>
+From: Peter Alfredsen crabbedhaloablution@icloud.com Tue Apr 5 22:04:20 2022 +0200
-Date: Tue, 5 Apr 2022 22:04:20 +0200
+Date: Wed Apr 13 08:35:40 2022 -0400:
-Subject: [PATCH] setup: add bits for setuptools-61
+Git: 46dc0616308a73d1ce3ccc6d716cf8bbcaac6474
 
 Quoting https://github.com/pypa/setuptools/issues/3227
 "Setuptools >= 61, intentionally changes the way packages are built in the
@@ -15,15 +15,12 @@ Quoting https://github.com/pypa/setuptools/issues/3227
 
 Bug: https://bugs.gentoo.org/836645
 Signed-off-by: Peter Alfredsen <crabbedhaloablution@icloud.com>
----
- setup.py | 1 +
- 1 file changed, 1 insertion(+)
 
 diff --git a/setup.py b/setup.py
-index e95acd39f..7e47e7c71 100755
+index e95acd39..7e47e7c7 100755
 --- a/setup.py
 +++ b/setup.py
-@@ -547,4 +547,5 @@ def run(self):
+@@ -547,4 +547,5 @@ setuptools.setup(
      },
  
      distclass=VMMDistribution,

90e13549-Fix-build-with-setuptools-61+.patch

@@ -0,0 +1,32 @@
+Subject: Fix build with setuptools 61+
+From: Miro Hrončok miro@hroncok.cz Tue Aug 2 16:39:36 2022 +0200
+Date: Tue Aug 2 12:05:39 2022 -0400:
+Git: 90e13549b4f2dd74b3343a3a28c30f31c20032d5
+
+    + ./setup.py configure --default-hvs qemu,xen,lxc
+    error: Multiple top-level packages discovered in a flat-layout: ['po', 'ui', 'man', 'data', 'virtinst', 'virtManager'].
+    To avoid accidental inclusion of unwanted files or directories,
+    setuptools will not proceed with this build.
+    If you are trying to create a single distribution with multiple packages
+    on purpose, you should not rely on automatic discovery.
+    Instead, consider the following options:
+    1. set up custom discovery (`find` directive with `include` or `exclude`)
+    2. use a `src-layout`
+    3. explicitly set `py_modules` or `packages` with a list of names
+    To find more information, look for "package discovery" on setuptools docs.
+
+Downstream bug report: https://bugzilla.redhat.com/2113754
+diff --git a/setup.py b/setup.py
+index 6a546606..b45d315a 100755
+--- a/setup.py
++++ b/setup.py
+@@ -530,6 +530,9 @@ setuptools.setup(
+             glob.glob("virtinst/install/*.py")),
+     ],
+ 
++    # stop setuptools 61+ thinking we want to include everything automatically
++    py_modules=[],
++
+     cmdclass={
+         'build': my_build,
+         'build_i18n': my_build_i18n,

b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch

@@ -0,0 +1,23 @@
+Subject: domain: cpu: Clear 'migratable' when changing to custom cpu
+From: Lin Ma lma@suse.com Wed Jul 20 14:53:32 2022 +0800
+Date: Mon Aug 1 10:11:43 2022 -0400:
+Git: b8a77805b0606191c368f8aaf8254f2569b7278a
+
+Otherwise going host-passthrough -> custom can cause libvirt validation
+error due to libvirt fills the default value(migratable='on') for the
+host-passthrough in domain XML.
+
+Signed-off-by: Lin Ma <lma@suse.com>
+
+diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
+index e40c5307..5de42b4e 100644
+--- a/virtinst/domain/cpu.py
++++ b/virtinst/domain/cpu.py
+@@ -358,6 +358,7 @@ class DomainCpu(XMLBuilder):
+ 
+     def set_model(self, guest, val):
+         log.debug("setting cpu model %s", val)
++        self.migratable = None
+         if val:
+             self.mode = "custom"
+             if not self.match:

virt-manager.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Aug  3 14:51:34 MDT 2022 - carnold@suse.com
+
+- Upstream bug fixes (bsc#1027942)
+  b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
+  0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
+  90e13549-Fix-build-with-setuptools-61+.patch
+  424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
+- Modified virtman-add-sev-memory-support.patch
+- Renamed upstream patches
+  virtman-pr381-setuptools-61.patch to
+    46dc0616-setup-add-bits-for-setuptools-61.patch
+  virtman-34662fe-argcomplete.patch to
+    34662fec-tests-Fix-with-latest-argcomplete.patch
+
 -------------------------------------------------------------------
 Tue Jul 19 10:03:04 UTC 2022 - Ben Greiner <code@bnavigator.de>
 

virt-manager.spec

@@ -43,8 +43,12 @@ Source3:        virt-manager-supportconfig
 # Upstream Patches
 Patch1:         revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch
 Patch2:         d51541e1-Fix-UI-rename-with-firmware-efi.patch
-Patch3:         https://github.com/virt-manager/virt-manager/pull/381.patch#/virtman-pr381-setuptools-61.patch
+Patch3:         46dc0616-setup-add-bits-for-setuptools-61.patch
-Patch4:         https://github.com/virt-manager/virt-manager/commit/34662fecc9535c7d8d0a8e7d42fafa4b9e005c89.patch#/virtman-34662fe-argcomplete.patch
+Patch4:         34662fec-tests-Fix-with-latest-argcomplete.patch
+Patch5:         b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
+Patch6:         0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
+Patch7:         90e13549-Fix-build-with-setuptools-61+.patch
+Patch8:         424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
 # SUSE Only
 Patch70:        virtman-desktop.patch
 Patch71:        virtman-kvm.patch

virtinst-add-pvh-support.patch

@@ -32,7 +32,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -886,7 +886,7 @@ class Guest(XMLBuilder):
+@@ -888,7 +888,7 @@ class Guest(XMLBuilder):
  
          usb_tablet = False
          usb_keyboard = False

virtinst-s390x-disable-graphics.patch

@@ -4,7 +4,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -198,7 +198,10 @@ class Guest(XMLBuilder):
+@@ -200,7 +200,10 @@ class Guest(XMLBuilder):
          self.skip_default_channel = False
          self.skip_default_sound = False
          self.skip_default_usbredir = False
@@ -16,7 +16,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
          self.skip_default_rng = False
          self.skip_default_tpm = False
          self.x86_cpu_default = self.cpu.SPECIAL_MODE_APP_DEFAULT
-@@ -347,7 +350,7 @@ class Guest(XMLBuilder):
+@@ -349,7 +352,7 @@ class Guest(XMLBuilder):
          if not os_support:
              return False
  
@@ -25,7 +25,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
              return True
  
          return False  # pragma: no cover
-@@ -933,7 +936,7 @@ class Guest(XMLBuilder):
+@@ -935,7 +938,7 @@ class Guest(XMLBuilder):
          self.add_device(dev)
  
      def _add_default_video_device(self):

virtinst-set-qemu-emulator.patch

@@ -5,7 +5,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -778,6 +778,10 @@ class Guest(XMLBuilder):
+@@ -780,6 +780,10 @@ class Guest(XMLBuilder):
          self._add_default_tpm()
  
          self.clock.set_defaults(self)

virtinst-smbios-unsupported-for-xenpv.patch

@@ -4,7 +4,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -687,6 +687,8 @@ class Guest(XMLBuilder):
+@@ -689,6 +689,8 @@ class Guest(XMLBuilder):
              self.type != "kvm"):
              log.warning(  # pragma: no cover
                      "KVM acceleration not available, using '%s'", self.type)

virtman-add-sev-memory-support.patch

@@ -108,7 +108,7 @@ Index: virt-manager-4.0.0/virtManager/object/domain.py
 +            if sevmem is True:
 +                domcaps = self.get_domain_capabilities()
 +                guest.launchSecurity.type = "sev"
-+                guest.launchSecurity.set_defaults(guest, domcaps.supports_sev_es_launch_security())
++                guest.launchSecurity.set_defaults(guest)
 +                guest.memoryBacking.set_locked(True)
 +                _set_rombar(guest, "off")
 +            else:
@@ -147,19 +147,18 @@ Index: virt-manager-4.0.0/virtinst/domcapabilities.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/domcapabilities.py
 +++ virt-manager-4.0.0/virtinst/domcapabilities.py
-@@ -93,6 +93,10 @@ def _make_capsblock(xml_root_name):
+@@ -93,6 +93,9 @@ def _make_capsblock(xml_root_name):
  class _SEV(XMLBuilder):
      XML_NAME = "sev"
      supported = XMLProperty("./@supported", is_yesno=True)
 +    cbitpos = XMLProperty("./cbitpos")
 +    reducedPhysBits = XMLProperty("./reducedPhysBits")
 +    maxGuests = XMLProperty("./maxGuests")
-+    maxESGuests = XMLProperty("./maxESGuests")
+     maxESGuests = XMLProperty("./maxESGuests")
  
  
- #############################
+@@ -402,6 +405,9 @@ class DomainCapabilities(XMLBuilder):
-@@ -398,6 +402,9 @@ class DomainCapabilities(XMLBuilder):
+                         self.features.sev.maxESGuests)
-         """
          return bool(self.features.sev.supported)
  
 +    def supports_sev_es_launch_security(self):
@@ -172,14 +171,12 @@ Index: virt-manager-4.0.0/virtinst/domain/launch_security.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/domain/launch_security.py
 +++ virt-manager-4.0.0/virtinst/domain/launch_security.py
-@@ -18,9 +18,13 @@ class DomainLaunchSecurity(XMLBuilder):
+@@ -19,8 +19,12 @@ class DomainLaunchSecurity(XMLBuilder):
-     dhCert = XMLProperty("./dhCert")
      kernelHashes = XMLProperty("./@kernelHashes", is_yesno=True)
  
--    def _set_defaults_sev(self, guest):
+     def _set_defaults_sev(self, guest):
 -        if not guest.os.is_q35() or not guest.is_uefi():
 -            raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
-+    def _set_defaults_sev(self, guest, sev_es):
 +        if not guest.os.is_q35():
 +            raise RuntimeError(_("SEV launch security requires a Q35 machine"))
 +        # Libvirt will select the appropriate firmware file if not specified
@@ -187,23 +184,8 @@ Index: virt-manager-4.0.0/virtinst/domain/launch_security.py
 +        if not guest.is_uefi():
 +            guest.os.firmware = 'efi'
  
-         # 'policy' is a mandatory 4-byte argument for the SEV firmware,
+         # The 'policy' is a mandatory 4-byte argument for the SEV firmware.
-         # if missing, let's use 0x03 which, according to the table at
+         # If missing, we use 0x03 for the original SEV implementation and
-@@ -28,8 +32,11 @@ class DomainLaunchSecurity(XMLBuilder):
-         # (bit 0) - disables the debugging mode
-         # (bit 1) - disables encryption key sharing across multiple guests
-         if self.policy is None:
--            self.policy = "0x03"
-+            if sev_es:
-+                self.policy = "0x07"
-+            else:
-+                self.policy = "0x03"
- 
--    def set_defaults(self, guest):
-+    def set_defaults(self, guest, sev_es=False):
-         if self.type == "sev":
--            return self._set_defaults_sev(guest)
-+            return self._set_defaults_sev(guest, sev_es)
 Index: virt-manager-4.0.0/virtinst/devices/interface.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/devices/interface.py