pool/virt-manager
SHA256
22
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-1.2
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

2 Commits
slfo-main ... slfo-1.2

Author SHA256 Message Date
Charles Arnold
12080b5991 - bsc#1252105 - Unable to create an SEV-SNP enabled guest with 
virt-manager. This simplifies the code from what used to be
  required for sev while adding initial tdx support.
  virtman-add-launch-security-support.patch
- Dropped patches rolled into above the patch.
  virtman-add-sev-memory-support.patch
  virtinst-dont-require-uefi-for-sev-snp.patch
- Add support for creating TDX guests in virt-install (jsc#PED-9265)
  053-virtinst-add-support-for-creating-TDX-guests.patch
 2025-11-20 10:58:44 -07:00
Charles Arnold
379a98c5f8 - Fix issues with detection of openSUSE Leap 16. 
virtinst-add-sle16-detection-support.patch
- Adjust how we detect sles16 as the media layout changes.
  (bsc#1244685) (bsc#1249466)
  virtinst-add-sle16-detection-support.patch
- bsc#1247865 - sles 16.0 rc3 KVM virt-manager detects windows 2025
  as 2022
  virtinst-windows-server-detection.patch
 2025-09-16 10:04:07 -06:00
12 changed files with 773 additions and 262 deletions
Expand all files Collapse all files

4
051-fix-default-start_folder-to-None.patch
View File

@@ -4,11 +4,9 @@ Date: Tue Jun 10 09:22:10 2025 +0200:
Git: 62f976a61b0363b9e6a0eac1fd2e8553d24d5457
diff --git a/virtManager/storagebrowse.py b/virtManager/storagebrowse.py
index 8e8239b4d..d8c70c925 100644
--- a/virtManager/storagebrowse.py
+++ b/virtManager/storagebrowse.py
@@ -176,6 +176,7 @@ class vmmStorageBrowser(vmmGObjectUI):
@@ -181,6 +181,7 @@ class vmmStorageBrowser(vmmGObjectUI):
data = _BrowseReasonMetadata(self._browse_reason)
gsettings_key = data.gsettings_key

4
052-Add-Ctrl+Alt+Shift+Esc-key-command-for-loginds-SecureAttentionKey.patch
View File

@@ -7,11 +7,9 @@ logind now supports a new key binding https://github.com/systemd/systemd/pull/29
Ctrl+Alt+Shift+Esc that emits SecureAttentionKey to allow login managers to start
or switch back to the greeter
diff --git a/virtManager/details/console.py b/virtManager/details/console.py
index 54b587772..e68bb9ac8 100644
--- a/virtManager/details/console.py
+++ b/virtManager/details/console.py
@@ -120,6 +120,7 @@ def build_keycombo_menu(on_send_key_fn):
@@ -119,6 +119,7 @@ def build_keycombo_menu(on_send_key_fn):
make_item("<Control><Alt>BackSpace", ["Control_L", "Alt_L", "BackSpace"])
make_item("<Control><Alt>Delete", ["Control_L", "Alt_L", "Delete"])

339
053-virtinst-add-support-for-creating-TDX-guests.patch Normal file
View File

@@ -0,0 +1,339 @@
Subject: virtinst: add support for creating TDX guests
From: Daniel P. Berrangé berrange@redhat.com Tue Jul 8 14:25:17 2025 +0100
Date: Mon Jul 28 15:12:08 2025 +0200:
Git: 1ead880b2e51ae3fab5e103c05fd9cb1c921ec89
A minimal config to enable TDX, with support for attestation
would be
$ virt-install
...args...
--boot uefi \
--machine q35 \
--launchSecurity type=tdx,quoteGenerationService=on
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
--- /dev/null
+++ b/tests/data/cli/compare/virt-install-x86_64-launch-security-tdx-full.xml
@@ -0,0 +1,83 @@
+<domain type="kvm">
+ <name>vm1</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os firmware="efi">
+ <type arch="x86_64" machine="q35">hvm</type>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <vmport state="off"/>
+ </features>
+ <cpu mode="host-passthrough"/>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type="usb" model="ich9-ehci1"/>
+ <controller type="usb" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <controller type="pci" model="pcie-root"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <interface type="bridge">
+ <source bridge="testsuitebr0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000e"/>
+ </interface>
+ <console type="pty"/>
+ <channel type="spicevmc">
+ <target type="virtio" name="com.redhat.spice.0"/>
+ </channel>
+ <input type="tablet" bus="usb"/>
+ <tpm model="tpm-crb">
+ <backend type="emulator"/>
+ </tpm>
+ <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+ <image compression="off"/>
+ </graphics>
+ <sound model="ich9"/>
+ <video>
+ <model type="qxl"/>
+ </video>
+ <redirdev bus="usb" type="spicevmc"/>
+ <redirdev bus="usb" type="spicevmc"/>
+ </devices>
+ <launchSecurity type="tdx">
+ <policy>0x10000000</policy>
+ <mrConfigId>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrConfigId>
+ <mrOwner>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwner>
+ <mrOwnerConfig>ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v</mrOwnerConfig>
+ <quoteGenerationService path="/var/run/tdx-qgs/qgs.socket"/>
+ </launchSecurity>
+</domain>
--- /dev/null
+++ b/tests/data/cli/compare/virt-install-x86_64-launch-security-tdx-qgs.xml
@@ -0,0 +1,79 @@
+<domain type="kvm">
+ <name>vm1</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os firmware="efi">
+ <type arch="x86_64" machine="q35">hvm</type>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <vmport state="off"/>
+ </features>
+ <cpu mode="host-passthrough"/>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type="usb" model="ich9-ehci1"/>
+ <controller type="usb" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <controller type="pci" model="pcie-root"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <interface type="bridge">
+ <source bridge="testsuitebr0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000e"/>
+ </interface>
+ <console type="pty"/>
+ <channel type="spicevmc">
+ <target type="virtio" name="com.redhat.spice.0"/>
+ </channel>
+ <input type="tablet" bus="usb"/>
+ <tpm model="tpm-crb">
+ <backend type="emulator"/>
+ </tpm>
+ <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+ <image compression="off"/>
+ </graphics>
+ <sound model="ich9"/>
+ <video>
+ <model type="qxl"/>
+ </video>
+ <redirdev bus="usb" type="spicevmc"/>
+ <redirdev bus="usb" type="spicevmc"/>
+ </devices>
+ <launchSecurity type="tdx">
+ <quoteGenerationService/>
+ </launchSecurity>
+</domain>
--- /dev/null
+++ b/tests/data/cli/compare/virt-install-x86_64-launch-security-tdx.xml
@@ -0,0 +1,79 @@
+<domain type="kvm">
+ <name>vm1</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os firmware="efi">
+ <type arch="x86_64" machine="q35">hvm</type>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <vmport state="off"/>
+ </features>
+ <cpu mode="host-passthrough"/>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type="usb" model="ich9-ehci1"/>
+ <controller type="usb" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <controller type="pci" model="pcie-root"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <controller type="pci" model="pcie-root-port"/>
+ <interface type="bridge">
+ <source bridge="testsuitebr0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000e"/>
+ </interface>
+ <console type="pty"/>
+ <channel type="spicevmc">
+ <target type="virtio" name="com.redhat.spice.0"/>
+ </channel>
+ <input type="tablet" bus="usb"/>
+ <tpm model="tpm-crb">
+ <backend type="emulator"/>
+ </tpm>
+ <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+ <image compression="off"/>
+ </graphics>
+ <sound model="ich9"/>
+ <video>
+ <model type="qxl"/>
+ </video>
+ <redirdev bus="usb" type="spicevmc"/>
+ <redirdev bus="usb" type="spicevmc"/>
+ </devices>
+ <launchSecurity type="tdx">
+ <policy>0x10000000</policy>
+ </launchSecurity>
+</domain>
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -1814,6 +1814,27 @@ def _make_testcases():
testfunc = _create_testfunc(cmd, do_setup)
globals()[name] = testfunc
+c.add_compare(
+ "--boot uefi --machine q35 --launchSecurity type=tdx,policy=0x10000000",
+ "x86_64-launch-security-tdx",
+ prerun_check="11.6.0",
+)
+c.add_compare(
+ "--boot uefi --machine q35 --launchSecurity type=tdx,quoteGenerationService=on",
+ "x86_64-launch-security-tdx-qgs",
+ prerun_check="11.6.0",
+)
+c.add_compare(
+ "--boot uefi --machine q35 --launchSecurity type=tdx,policy=0x10000000,mrConfigId=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,mrOwner=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,mrOwnerConfig=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,quoteGenerationSocket=/var/run/tdx-qgs/qgs.socket",
+ "x86_64-launch-security-tdx-full",
+ prerun_check="11.6.0",
+)
+c.add_invalid(
+ "--machine pc --launchSecurity type=tdx,policy=0x10000000",
+ grep="TDX launch security requires a Q35 UEFI machine",
+ prerun_check="11.6.0",
+)
+
_make_testcases()
atexit.register(cleanup)
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -5041,6 +5041,11 @@ class ParserLaunchSecurity(VirtCLIParser
cls.add_arg("kernelHashes", "kernelHashes", is_onoff=True)
cls.add_arg("authorKey", "authorKey", is_onoff=True)
cls.add_arg("vcek", "vcek", is_onoff=True)
+ cls.add_arg("mrConfigId", "mrConfigId")
+ cls.add_arg("mrOwner", "mrOwner")
+ cls.add_arg("mrOwnerConfig", "mrOwnerConfig")
+ cls.add_arg("quoteGenerationService", "quoteGenerationService", is_onoff=True)
+ cls.add_arg("quoteGenerationSocket", "quoteGenerationSocket")
###########################
--- a/virtinst/domain/launch_security.py
+++ b/virtinst/domain/launch_security.py
@@ -23,6 +23,11 @@ class DomainLaunchSecurity(XMLBuilder):
kernelHashes = XMLProperty("./@kernelHashes", is_yesno=True)
authorKey = XMLProperty("./@authorKey", is_yesno=True)
vcek = XMLProperty("./@vcek", is_yesno=True)
+ mrConfigId = XMLProperty("./mrConfigId")
+ mrOwner = XMLProperty("./mrOwner")
+ mrOwnerConfig = XMLProperty("./mrOwnerConfig")
+ quoteGenerationService = XMLProperty("./quoteGenerationService", is_bool=True)
+ quoteGenerationSocket = XMLProperty("./quoteGenerationService/@path")
def _set_defaults_sev(self, guest):
if not guest.os.is_q35() or not guest.is_uefi():
@@ -42,8 +47,14 @@ class DomainLaunchSecurity(XMLBuilder):
if not guest.os.is_q35() or not guest.is_uefi():
raise RuntimeError(_("SEV-SNP launch security requires a Q35 UEFI machine"))
+ def _set_defaults_tdx(self, guest):
+ if not guest.os.is_q35() or not guest.is_uefi():
+ raise RuntimeError(_("TDX launch security requires a Q35 UEFI machine"))
+
def set_defaults(self, guest):
if self.type == "sev":
return self._set_defaults_sev(guest)
elif self.type == "sev-snp":
return self._set_defaults_sev_snp(guest)
+ elif self.type == "tdx":
+ return self._set_defaults_tdx(guest)

45
virt-manager.changes
View File

@@ -1,3 +1,40 @@
-------------------------------------------------------------------
Fri Oct 17 16:25:09 MDT 2025 - carnold@suse.com
- bsc#1252105 - Unable to create an SEV-SNP enabled guest with
virt-manager. This simplifies the code from what used to be
required for sev while adding initial tdx support.
virtman-add-launch-security-support.patch
- Dropped patches rolled into above the patch.
virtman-add-sev-memory-support.patch
virtinst-dont-require-uefi-for-sev-snp.patch
-------------------------------------------------------------------
Thu Sep 11 13:52:31 MDT 2025 - carnold@suse.com
- Fix issues with detection of openSUSE Leap 16.
virtinst-add-sle16-detection-support.patch
-------------------------------------------------------------------
Wed Aug 13 16:46:43 MDT 2025 - carnold@suse.com
- Adjust how we detect sles16 as the media layout changes.
(bsc#1244685) (bsc#1249466)
virtinst-add-sle16-detection-support.patch
-------------------------------------------------------------------
Tue Aug 12 14:23:56 MDT 2025 - carnold@suse.com
- bsc#1247865 - sles 16.0 rc3 KVM virt-manager detects windows 2025
as 2022
virtinst-windows-server-detection.patch
-------------------------------------------------------------------
Mon Jul 28 10:49:22 MDT 2025 - carnold@suse.com
- Add support for creating TDX guests in virt-install (jsc#PED-9265)
053-virtinst-add-support-for-creating-TDX-guests.patch
-------------------------------------------------------------------
Wed Jun 18 14:06:18 MDT 2025 - carnold@suse.com
@@ -3474,7 +3511,7 @@ Wed Jan 22 11:03:50 MST 2014 - carnold@suse.com
- Add sles12/sled12 as supported distros
-------------------------------------------------------------------
Thu Jan 07 14:25:13 MDT 2014 - carnold@suse.com
Tue Jan 07 14:25:13 MST 2014 - carnold@suse.com
- Translate virt-install.ycp to virt-install.rb
Added virt-install.rb
@@ -3491,7 +3528,7 @@ Sat Dec 14 16:49:34 CET 2013 - ohering@suse.de
- Pass --prefix to setup.py to fix build in 12.2 and older
-------------------------------------------------------------------
Mon Dec 9 16:35:32 MDT 2013 - carnold@suse.com
Mon Dec 9 16:35:32 MST 2013 - carnold@suse.com
- Allow vm-install to be launched from the menu as an independent
process.
@@ -3503,7 +3540,7 @@ Mon Dec 9 18:34:01 UTC 2013 - cbosdonnat@suse.com
virtman-support-unsafe-migration.patch
-------------------------------------------------------------------
Mon Nov 25 16:12:07 MDT 2013 - carnold@suse.com
Mon Nov 25 16:12:07 MST 2013 - carnold@suse.com
- fate#316388: virt-manager: Support the latest version (0.10.x or newer)
virt-manager-0.10.0.tar.bz2
@@ -3938,7 +3975,7 @@ Wed Mar 23 08:31:23 MDT 2011 - carnold@novell.com
virtman-connect-consoles-fix.diff
-------------------------------------------------------------------
Thu Mar 21 13:34:41 MST 2011 - carnold@novell.com
Thu Mar 21 13:34:41 MDT 2011 - carnold@novell.com
- Update to virt-manager 0.8.6
* SPICE support (requires spice-gtk) (Marc-André Lureau)

7
virt-manager.spec
View File

@@ -1,5 +1,5 @@
#
# spec file
# spec file for package virt-manager
#
# Copyright (c) 2025 SUSE LLC
#
@@ -86,6 +86,7 @@ Patch49: 049-virt-install-detect-wayland-in-order-to-start-virt-viewer.pa
Patch50: 050-Validation-allow-spaces-disallow-slashes.patch
Patch51: 051-fix-default-start_folder-to-None.patch
Patch52: 052-Add-Ctrl+Alt+Shift+Esc-key-command-for-loginds-SecureAttentionKey.patch
Patch53: 053-virtinst-add-support-for-creating-TDX-guests.patch
Patch100: revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch
# SUSE Only
Patch150: virtman-desktop.patch
@@ -99,7 +100,7 @@ Patch156: virtinst-set-qemu-emulator.patch
Patch203: virtman-load-stored-uris.patch
Patch204: virtman-add-tooltip-to-firmware.patch
Patch205: virtman-modify-gui-defaults.patch
Patch206: virtman-add-sev-memory-support.patch
Patch206: virtman-add-launch-security-support.patch
Patch220: virtinst-default-xen-to-qcow2-format.patch
Patch221: virtinst-detect-oes-distros.patch
Patch222: virtinst-vol-default-nocow.patch
@@ -136,7 +137,6 @@ Patch284: virtinst-add-slem60-detection-support.patch
Patch285: virtinst-windows-server-detection.patch
Patch286: virtinst-drop-removeprefix-usage.patch
Patch287: virtinst-add-sle16-detection-support.patch
Patch288: virtinst-dont-require-uefi-for-sev-snp.patch
BuildArch: noarch
@@ -302,6 +302,7 @@ donttest="$donttest or testCLI0458virt_clone"
donttest="$donttest or testCLI0460virt_clone"
donttest="$donttest or testCLI0461virt_clone"
donttest="$donttest or testCLI0468virt_clone"
donttest="$donttest or testCLI0475virt_clone"
donttest="$donttest or test_virtinstall_no_testsuite"
donttest="$donttest or testCheckXMLBuilderProps"
donttest="$donttest or testCheckCLISuboptions"

85
virtinst-add-sle16-detection-support.patch
View File

@@ -2,35 +2,59 @@ Index: virt-manager-5.0.0/virtinst/install/urldetect.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/install/urldetect.py
+++ virt-manager-5.0.0/virtinst/install/urldetect.py
@@ -279,6 +279,10 @@ class _SUSEContent(object):
@@ -265,10 +265,11 @@ class _SUSEContent(object):
# Special case, parse version out of a line like this
# cpe:/o:opensuse:opensuse:13.2,openSUSE
- if (not distro_version and
- re.match("^.*:.*,openSUSE*", self.content_dict["DISTRO"])):
- distro_version = self.content_dict["DISTRO"].rsplit(
- ",", 1)[0].strip().rsplit(":")[4]
+ if not distro_version:
+ if "DISTRO" in self.content_dict and re.match("^.*:.*,openSUSE*", self.content_dict["DISTRO"]):
+ distro_version = self.content_dict["DISTRO"].rsplit(",", 1)[0].strip().rsplit(":")[4]
+ elif "openSUSE" in self.product_name:
+ distro_version = self.product_name.strip().rsplit(' ')[1]
distro_version = distro_version.strip()
if "Enterprise" in self.product_name or "SLES" in self.product_name or "Micro" in self.product_name:
@@ -279,6 +280,14 @@ class _SUSEContent(object):
else:
if "SUSE SL Micro" in self.product_name:
sle_version = self.product_name.strip().rsplit(' ')[3]
+ elif "SUSE SLES Full" in self.product_name:
+ elif "SLES Full" in self.product_name or "SUSE SLES" in self.product_name:
+ # For SLES 16
+ sle_version = self.product_name.strip().rsplit(' ')[3]
+ sle_version = sle_version.rstrip(".0")
+ sle_version = self.product_name.strip().rsplit(' ')
+ for num in sle_version:
+ num = num.rstrip(".0")
+ if num.isnumeric():
+ sle_version = num
+ break
else:
sle_version = self.product_name.strip().rsplit(' ')[4]
if len(self.product_name.strip().rsplit(' ')) > 5 and not " Micro " in self.product_name:
@@ -521,10 +525,16 @@ class _SuseDistro(_RHELDistro):
@@ -518,13 +527,20 @@ class _SuseDistro(_RHELDistro):
if not cache.checked_for_suse_content:
cache.checked_for_suse_content = True
+ # The content file exists in sles12 and older
content_str = cache.acquire_file_content("content")
if content_str is None:
products_str = cache.acquire_file_content("media.1/products")
+ if not products_str:
+ # For SLES16 install iso (not agama)
+ # For SLES16 and Leap 16 install iso
+ products_str = cache.acquire_file_content("install/media.1/products")
if products_str:
products_str = products_str.replace('/', ' ,', 1)
products_str = "DISTRO " + products_str.replace('-', ' ')
media_str = cache.acquire_file_content("media.1/media")
+ if not media_str:
+ # For SLES16 install iso (not agama)
+ # For SLES16 and Leap 16 install iso
+ media_str = cache.acquire_file_content("install/media.1/media")
if media_str:
media_arch = "x86_64"
if 'aarch64' in media_str:
@@ -582,6 +592,10 @@ class _SuseDistro(_RHELDistro):
@@ -582,6 +598,10 @@ class _SuseDistro(_RHELDistro):
self._kernel_paths.append(
("suseboot/linux64", "suseboot/initrd64"))
@@ -41,3 +65,48 @@ Index: virt-manager-5.0.0/virtinst/install/urldetect.py
# Tested with SLES 12 for ppc64le, all s390x
self._kernel_paths.append(
("boot/%s/linux" % tree_arch,
@@ -675,7 +695,7 @@ class _SLESDistro(_SuseDistro):
PRETTY_NAME = "SLES"
matching_distros = ["sles"]
_variant_prefix = "sles"
- _suse_regex = [".*SUSE Linux Enterprise Server*", ".*SUSE SLES*"]
+ _suse_regex = [".*SUSE Linux Enterprise Server*", ".*SLES Full*", ".*SUSE SLES*"]
famregex = ".*SUSE Linux Enterprise.*"
@@ -970,17 +990,17 @@ def _build_distro_list(osobj):
allstores = [
# Libosinfo takes priority
_LibosinfoDistro,
- _FedoraDistro,
- _RHELDistro,
- _CentOSDistro,
- _OLDistro,
_SLEDistro,
_SLESDistro,
+ _OpensuseDistro,
_SLEHPCDistro,
_SLEDDistro,
- _OpensuseDistro,
_MICRODistro,
_CAASPDistro,
+ _FedoraDistro,
+ _RHELDistro,
+ _CentOSDistro,
+ _OLDistro,
_OESDistro,
_DebianDistro,
_UbuntuDistro,
Index: virt-manager-5.0.0/virtManager/createvm.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/createvm.py
+++ virt-manager-5.0.0/virtManager/createvm.py
@@ -31,7 +31,7 @@ from .storagebrowse import vmmStorageBro
from .vmwindow import vmmVMWindow
# Number of seconds to wait for media detection
-DETECT_TIMEOUT = 20
+DETECT_TIMEOUT = 30
DEFAULT_MEM = 1024

17
virtinst-dont-require-uefi-for-sev-snp.patch
View File

@@ -1,17 +0,0 @@
References: bsc#1239013
virt-install incorrectly assumes SEV-SNP guests require EFI firmware
via a pflash device. For SNP guests, the firmware must be provided
as a ROM device.
--- virt-manager-5.0.0/virtinst/domain/launch_security.py.orig 2025-03-06 10:02:31.600954861 -0700
+++ virt-manager-5.0.0/virtinst/domain/launch_security.py 2025-03-06 14:42:46.001355525 -0700
@@ -43,7 +43,7 @@ class DomainLaunchSecurity(XMLBuilder):
self.policy = "0x07"
def _set_defaults_sev_snp(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
+ if not guest.os.is_q35():
raise RuntimeError(_("SEV-SNP launch security requires a Q35 UEFI machine"))
def set_defaults(self, guest):

2
virtinst-set-default-nic.patch
View File

@@ -5,7 +5,7 @@ Index: virt-manager-5.0.0/virtinst/devices/interface.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/devices/interface.py
+++ virt-manager-5.0.0/virtinst/devices/interface.py
@@ -366,6 +366,9 @@ class DeviceInterface(Device):
@@ -363,6 +363,9 @@ class DeviceInterface(Device):
return "e1000e"
if not guest.os.is_x86():
return None

14
virtinst-windows-server-detection.patch
View File

@@ -1,20 +1,22 @@
References: bsc#1194323
Windows server 2k16, 2k19, and 2k22 have the volumen ID
Windows server 2k16, 2k19, 2k22, and 2k25 have the volume ID
so libosinfo can't really tell them apart.
This hack after detecting a windows ISO just looks at the
ISO filename for an extra clue.
Index: virt-manager-4.2.0/virtinst/install/installer.py
Index: virt-manager-5.0.0/virtinst/install/installer.py
===================================================================
--- virt-manager-4.2.0.orig/virtinst/install/installer.py
+++ virt-manager-4.2.0/virtinst/install/installer.py
@@ -545,6 +545,14 @@ class Installer(object):
--- virt-manager-5.0.0.orig/virtinst/install/installer.py
+++ virt-manager-5.0.0/virtinst/install/installer.py
@@ -545,6 +545,16 @@ class Installer(object):
osguess = OSDB.guess_os_by_iso(self.cdrom)
if osguess:
ret = osguess[0]
+ # Hack because windows ISOs contain same volume ID
+ if ret and ret.startswith("win"):
+ if "windows_server_2022" in self.cdrom:
+ if "windows_server_2025" in self.cdrom:
+ ret = "win2k25"
+ elif "windows_server_2022" in self.cdrom:
+ ret = "win2k22"
+ elif "windows_server_2019" in self.cdrom:
+ ret = "win2k19"

300
virtman-add-launch-security-support.patch Normal file
View File

@@ -0,0 +1,300 @@
References: bsc#1196806, bsc#1252105, jsc#SLE-18834
Add a button on the Customize dialog for launch security.
Support AMD SEV, SEV-ES, and SEV-SNP
Support Intel TDX
Index: virt-manager-5.0.0/ui/details.ui
===================================================================
--- virt-manager-5.0.0.orig/ui/details.ui
+++ virt-manager-5.0.0/ui/details.ui
@@ -1927,7 +1927,20 @@
</packing>
</child>
<child>
- <placeholder/>
+ <object class="GtkCheckButton" id="launch-security">
+ <property name="label" translatable="yes">Enable launch security</property>
+ <property name="visible">True</property>
+ <property name="can-focus">True</property>
+ <property name="receives-default">False</property>
+ <property name="halign">start</property>
+ <property name="use-underline">True</property>
+ <property name="draw-indicator">True</property>
+ <signal name="toggled" handler="on_mem_launch_security_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left-attach">1</property>
+ <property name="top-attach">4</property>
+ </packing>
</child>
</object>
<packing>
Index: virt-manager-5.0.0/virtManager/details/details.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/details/details.py
+++ virt-manager-5.0.0/virtManager/details/details.py
@@ -49,6 +49,7 @@ from ..delete import vmmDeleteStorage
EDIT_MEM,
EDIT_MEM_SHARED,
+ EDIT_MEM_LS,
EDIT_AUTOSTART,
EDIT_BOOTORDER,
@@ -86,7 +87,7 @@ from ..delete import vmmDeleteStorage
EDIT_FS,
- EDIT_HOSTDEV_ROMBAR) = range(1, 38)
+ EDIT_HOSTDEV_ROMBAR) = range(1, 39)
# Columns in hw list model
@@ -422,6 +423,7 @@ class vmmDetails(vmmGObjectUI):
"on_mem_maxmem_changed": _e(EDIT_MEM),
"on_mem_memory_changed": self._curmem_changed_cb,
"on_mem_shared_access_toggled": _e(EDIT_MEM_SHARED),
+ "on_mem_launch_security_toggled": _e(EDIT_MEM_LS),
"on_boot_list_changed": self._boot_list_changed_cb,
"on_boot_moveup_clicked": self._boot_moveup_clicked_cb,
@@ -1500,6 +1502,9 @@ class vmmDetails(vmmGObjectUI):
if self._edited(EDIT_MEM_SHARED):
kwargs["mem_shared"] = self.widget("shared-memory").get_active()
+ if self._edited(EDIT_MEM_LS):
+ kwargs["lsmem"] = self.widget("launch-security").get_active()
+
return self._change_config(
self.vm.define_memory, kwargs,
hotplug_args=hotplug_args)
@@ -2007,6 +2012,14 @@ class vmmDetails(vmmGObjectUI):
curmem.set_value(int(round(vm_cur_mem)))
maxmem.set_value(int(round(vm_max_mem)))
+ domcaps = self.vm.get_domain_capabilities()
+ show_ls = domcaps.supports_launch_security()
+ self.widget("launch-security").set_sensitive(show_ls and self.is_customize_dialog)
+ if self.vm.get_launch_security_type():
+ self.widget("launch-security").set_active(True)
+ else:
+ self.widget("launch-security").set_active(False)
+
shared_mem, shared_mem_err = self.vm.has_shared_mem()
self.widget("shared-memory").set_active(shared_mem)
self.widget("shared-memory").set_sensitive(not bool(shared_mem_err))
Index: virt-manager-5.0.0/virtManager/object/domain.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/object/domain.py
+++ virt-manager-5.0.0/virtManager/object/domain.py
@@ -675,7 +675,7 @@ class vmmDomain(vmmLibvirtObject):
guest.memoryBacking.access_mode = access_mode
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL,
- mem_shared=_SENTINEL):
+ mem_shared=_SENTINEL, lsmem=_SENTINEL):
guest = self._make_xmlobj_to_define()
if memory != _SENTINEL:
@@ -684,6 +684,18 @@ class vmmDomain(vmmLibvirtObject):
guest.memory = int(maxmem)
if mem_shared != _SENTINEL:
self._edit_shared_mem(guest, mem_shared)
+ if lsmem != _SENTINEL:
+ if lsmem is True:
+ domcaps = self.get_domain_capabilities()
+ if domcaps.supports_sev_launch_security():
+ guest.launchSecurity.type = "sev"
+ guest.launchSecurity.set_defaults(guest)
+ elif domcaps.supports_tdx_launch_security():
+ guest.launchSecurity.type = "tdx"
+ guest.launchSecurity.set_defaults(guest)
+ else:
+ guest.launchSecurity.type = None
+ guest.launchSecurity.policy = None
self._redefine_xmlobj(guest)
@@ -1319,6 +1331,9 @@ class vmmDomain(vmmLibvirtObject):
def get_description(self):
return self.get_xmlobj().description
+ def get_launch_security_type(self):
+ return self.get_xmlobj().launchSecurity.type
+
def get_boot_order(self):
legacy = not self.can_use_device_boot_order()
return self.xmlobj.get_boot_order(legacy=legacy)
Index: virt-manager-5.0.0/virtinst/domcapabilities.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/domcapabilities.py
+++ virt-manager-5.0.0/virtinst/domcapabilities.py
@@ -86,9 +86,16 @@ def _make_capsblock(xml_root_name):
return TmpClass
-################################
-# SEV launch security handling #
-################################
+###################
+# Launch security #
+###################
+
+
+class _LAUNCHSECURITY(XMLBuilder):
+ XML_NAME = "launchSecurity"
+ supported = XMLProperty("./@supported", is_yesno=True)
+ sectype = XMLProperty("./@sectype")
+
class _SEV(XMLBuilder):
XML_NAME = "sev"
@@ -96,6 +103,11 @@ class _SEV(XMLBuilder):
maxESGuests = XMLProperty("./maxESGuests")
+class _TDX(XMLBuilder):
+ XML_NAME = "tdx"
+ supported = XMLProperty("./@supported", is_yesno=True)
+
+
#############################
# Misc toplevel XML classes #
#############################
@@ -122,6 +134,8 @@ class _Features(_CapsBlock):
XML_NAME = "features"
gic = XMLChildProperty(_make_capsblock("gic"), is_single=True)
sev = XMLChildProperty(_SEV, is_single=True)
+ tdx = XMLChildProperty(_TDX, is_single=True)
+ launchSecurity = XMLChildProperty(_LAUNCHSECURITY, is_single=True)
hyperv = XMLChildProperty(_make_capsblock("hyperv"), is_single=True)
@@ -405,20 +419,58 @@ class DomainCapabilities(XMLBuilder):
return self._features
- ########################
- # Misc support methods #
- ########################
+ ###########################
+ # Launch Security Methods #
+ ###########################
- def supports_sev_launch_security(self, check_es=False):
+ def supports_sev_launch_security(self):
"""
Returns False if either libvirt doesn't advertise support for SEV at
all (< libvirt-4.5.0) or if it explicitly advertises it as unsupported
on the platform
"""
- if check_es:
- return bool(self.features.sev.supported and
- self.features.sev.maxESGuests)
- return bool(self.features.sev.supported)
+ if bool(self.features.sev.supported):
+ return True
+ return False
+
+ def supports_tdx_launch_security(self):
+ """
+ Returns False if either libvirt doesn't advertise support for TDX at
+ all (< libvirt-11.5.0) or if it explicitly advertises it as unsupported
+ on the platform
+ """
+ if bool(self.features.tdx.supported):
+ return True
+ return False
+
+ def supports_launch_security(self):
+ """
+ Return True if host supports any kind of launch security.
+ """
+ if self.supports_sev_launch_security() or self.supports_tdx_launch_security():
+ return True
+ return False
+
+ def get_launch_security_type(self):
+ """
+ Return the type of launch security. This is ether AMD's sev-snp,
+ sev-es, or sev. For Intel return tdx. Otherwise return None.
+ """
+ if bool(self.features.sev.supported):
+ if bool(self.features.launchSecurity.supported):
+ if "sev-snp" in self.features.launchSecurity.get_xml():
+ return "sev-snp"
+ if bool(self.features.sev.maxESGuests):
+ return "sev-es"
+ return "sev"
+ elif bool(self.features.tdx.supported):
+ return "tdx"
+ return None
+
+
+ ########################
+ # Misc support methods #
+ ########################
def supports_video_bochs(self):
"""
Index: virt-manager-5.0.0/virtinst/domain/launch_security.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/domain/launch_security.py
+++ virt-manager-5.0.0/virtinst/domain/launch_security.py
@@ -1,3 +1,4 @@
+from ..logger import log
from ..xmlbuilder import XMLBuilder, XMLProperty
@@ -30,31 +31,38 @@ class DomainLaunchSecurity(XMLBuilder):
quoteGenerationSocket = XMLProperty("./quoteGenerationService/@path")
def _set_defaults_sev(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
- raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
+ if not guest.os.is_q35():
+ if self.type == "sev-snp":
+ raise RuntimeError(_("SEV-SNP launch security requires a Q35 UEFI machine"))
+ raise RuntimeError(_("SEV launch security requires a Q35 machine"))
+ # Libvirt will select the appropriate firmware file if not specified
+ # as long as we enable efi.
+ if not guest.is_uefi():
+ guest.os.firmware = 'efi'
# The 'policy' is a mandatory 4-byte argument for the SEV firmware.
# If missing, we use 0x03 for the original SEV implementation and
- # 0x07 for SEV-ES.
+ # 0x07 for SEV-ES. 0x00030000 for SEV-SNP.
# Reference: https://libvirt.org/formatdomain.html#launch-security
if self.policy is None:
domcaps = guest.lookup_domcaps()
+ sev_type = domcaps.get_launch_security_type()
self.policy = "0x03"
- if domcaps.supports_sev_launch_security(check_es=True):
- self.policy = "0x07"
-
- def _set_defaults_sev_snp(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
- raise RuntimeError(_("SEV-SNP launch security requires a Q35 UEFI machine"))
+ if sev_type is not None:
+ if sev_type == "sev-snp":
+ self.type = "sev-snp"
+ self.policy = "0x00030000"
+ elif sev_type == "sev-es":
+ self.policy = "0x07"
def _set_defaults_tdx(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
+ if not guest.os.is_q35():
raise RuntimeError(_("TDX launch security requires a Q35 UEFI machine"))
+ if not guest.is_uefi():
+ guest.os.firmware = 'efi'
def set_defaults(self, guest):
- if self.type == "sev":
+ if self.type == "sev" or self.type == "sev-snp":
return self._set_defaults_sev(guest)
- elif self.type == "sev-snp":
- return self._set_defaults_sev_snp(guest)
elif self.type == "tdx":
return self._set_defaults_tdx(guest)

216
virtman-add-sev-memory-support.patch
View File

@@ -1,216 +0,0 @@
References: bsc#1196806, jsc#SLE-18834
Index: virt-manager-5.0.0/ui/details.ui
===================================================================
--- virt-manager-5.0.0.orig/ui/details.ui
+++ virt-manager-5.0.0/ui/details.ui
@@ -1927,7 +1927,20 @@
</packing>
</child>
<child>
- <placeholder/>
+ <object class="GtkCheckButton" id="launch-security">
+ <property name="label" translatable="yes">Enable launch security</property>
+ <property name="visible">True</property>
+ <property name="can-focus">True</property>
+ <property name="receives-default">False</property>
+ <property name="halign">start</property>
+ <property name="use-underline">True</property>
+ <property name="draw-indicator">True</property>
+ <signal name="toggled" handler="on_mem_launch_security_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left-attach">1</property>
+ <property name="top-attach">4</property>
+ </packing>
</child>
</object>
<packing>
Index: virt-manager-5.0.0/virtManager/details/details.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/details/details.py
+++ virt-manager-5.0.0/virtManager/details/details.py
@@ -49,6 +49,7 @@ from ..delete import vmmDeleteStorage
EDIT_MEM,
EDIT_MEM_SHARED,
+ EDIT_MEM_SEV,
EDIT_AUTOSTART,
EDIT_BOOTORDER,
@@ -86,7 +87,7 @@ from ..delete import vmmDeleteStorage
EDIT_FS,
- EDIT_HOSTDEV_ROMBAR) = range(1, 38)
+ EDIT_HOSTDEV_ROMBAR) = range(1, 39)
# Columns in hw list model
@@ -422,6 +423,7 @@ class vmmDetails(vmmGObjectUI):
"on_mem_maxmem_changed": _e(EDIT_MEM),
"on_mem_memory_changed": self._curmem_changed_cb,
"on_mem_shared_access_toggled": _e(EDIT_MEM_SHARED),
+ "on_mem_launch_security_toggled": _e(EDIT_MEM_SEV),
"on_boot_list_changed": self._boot_list_changed_cb,
"on_boot_moveup_clicked": self._boot_moveup_clicked_cb,
@@ -1500,6 +1502,9 @@ class vmmDetails(vmmGObjectUI):
if self._edited(EDIT_MEM_SHARED):
kwargs["mem_shared"] = self.widget("shared-memory").get_active()
+ if self._edited(EDIT_MEM_SEV):
+ kwargs["sevmem"] = self.widget("launch-security").get_active()
+
return self._change_config(
self.vm.define_memory, kwargs,
hotplug_args=hotplug_args)
@@ -2007,6 +2012,14 @@ class vmmDetails(vmmGObjectUI):
curmem.set_value(int(round(vm_cur_mem)))
maxmem.set_value(int(round(vm_max_mem)))
+ domcaps = self.vm.get_domain_capabilities()
+ show_sev = domcaps.supports_sev_launch_security()
+ self.widget("launch-security").set_sensitive(show_sev and self.is_customize_dialog)
+ if self.vm.get_launch_security_type():
+ self.widget("launch-security").set_active(True)
+ else:
+ self.widget("launch-security").set_active(False)
+
shared_mem, shared_mem_err = self.vm.has_shared_mem()
self.widget("shared-memory").set_active(shared_mem)
self.widget("shared-memory").set_sensitive(not bool(shared_mem_err))
Index: virt-manager-5.0.0/virtManager/object/domain.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/object/domain.py
+++ virt-manager-5.0.0/virtManager/object/domain.py
@@ -675,15 +675,33 @@ class vmmDomain(vmmLibvirtObject):
guest.memoryBacking.access_mode = access_mode
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL,
- mem_shared=_SENTINEL):
+ mem_shared=_SENTINEL, sevmem=_SENTINEL):
guest = self._make_xmlobj_to_define()
+ def _set_rombar(guest, value):
+ # Ideally turning rombar off would be done automatically
+ # by either libvirt or qemu when SEV is detected.
+ for nic in guest.devices.interface:
+ nic.set_rom_bar(value)
+
if memory != _SENTINEL:
guest.currentMemory = int(memory)
if maxmem != _SENTINEL:
guest.memory = int(maxmem)
if mem_shared != _SENTINEL:
self._edit_shared_mem(guest, mem_shared)
+ if sevmem != _SENTINEL:
+ if sevmem is True:
+ domcaps = self.get_domain_capabilities()
+ guest.launchSecurity.type = "sev"
+ guest.launchSecurity.set_defaults(guest)
+ guest.memoryBacking.set_locked(True)
+ _set_rombar(guest, "off")
+ else:
+ guest.launchSecurity.type = None
+ guest.launchSecurity.policy = None
+ guest.memoryBacking.set_locked(False)
+ _set_rombar(guest, None)
self._redefine_xmlobj(guest)
@@ -1319,6 +1337,9 @@ class vmmDomain(vmmLibvirtObject):
def get_description(self):
return self.get_xmlobj().description
+ def get_launch_security_type(self):
+ return self.get_xmlobj().launchSecurity.type
+
def get_boot_order(self):
legacy = not self.can_use_device_boot_order()
return self.xmlobj.get_boot_order(legacy=legacy)
Index: virt-manager-5.0.0/virtinst/domain/memorybacking.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/domain/memorybacking.py
+++ virt-manager-5.0.0/virtinst/domain/memorybacking.py
@@ -27,6 +27,9 @@ class DomainMemoryBacking(XMLBuilder):
XML_NAME = "memoryBacking"
_XML_PROP_ORDER = ["hugepages", "nosharepages", "locked", "pages"]
+ def set_locked(self, value):
+ self.locked = value
+
hugepages = XMLProperty("./hugepages", is_bool=True)
nosharepages = XMLProperty("./nosharepages", is_bool=True)
locked = XMLProperty("./locked", is_bool=True)
Index: virt-manager-5.0.0/virtinst/domcapabilities.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/domcapabilities.py
+++ virt-manager-5.0.0/virtinst/domcapabilities.py
@@ -93,6 +93,9 @@ def _make_capsblock(xml_root_name):
class _SEV(XMLBuilder):
XML_NAME = "sev"
supported = XMLProperty("./@supported", is_yesno=True)
+ cbitpos = XMLProperty("./cbitpos")
+ reducedPhysBits = XMLProperty("./reducedPhysBits")
+ maxGuests = XMLProperty("./maxGuests")
maxESGuests = XMLProperty("./maxESGuests")
@@ -420,6 +423,9 @@ class DomainCapabilities(XMLBuilder):
self.features.sev.maxESGuests)
return bool(self.features.sev.supported)
+ def supports_sev_es_launch_security(self):
+ return bool(self.features.sev.supported and self.features.sev.maxESGuests)
+
def supports_video_bochs(self):
"""
Returns False if either libvirt or qemu do not have support to bochs
Index: virt-manager-5.0.0/virtinst/domain/launch_security.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/domain/launch_security.py
+++ virt-manager-5.0.0/virtinst/domain/launch_security.py
@@ -25,8 +25,12 @@ class DomainLaunchSecurity(XMLBuilder):
vcek = XMLProperty("./@vcek", is_yesno=True)
def _set_defaults_sev(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
- raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
+ if not guest.os.is_q35():
+ raise RuntimeError(_("SEV launch security requires a Q35 machine"))
+ # Libvirt will select the appropriate firmware file if not specified
+ # as long as we enable efi.
+ if not guest.is_uefi():
+ guest.os.firmware = 'efi'
# The 'policy' is a mandatory 4-byte argument for the SEV firmware.
# If missing, we use 0x03 for the original SEV implementation and
Index: virt-manager-5.0.0/virtinst/devices/interface.py
===================================================================
--- virt-manager-5.0.0.orig/virtinst/devices/interface.py
+++ virt-manager-5.0.0/virtinst/devices/interface.py
@@ -311,6 +311,9 @@ class DeviceInterface(Device):
portForward = XMLChildProperty(_PortForward)
+ def set_rom_bar(self, value):
+ self.rom_bar = value
+
#############
# Build API #
Index: virt-manager-5.0.0/virtManager/addhardware.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/addhardware.py
+++ virt-manager-5.0.0/virtManager/addhardware.py
@@ -1434,6 +1434,9 @@ class vmmAddHardware(vmmGObjectUI):
mac = self.widget("create-mac-address").get_text()
dev = self._netlist.build_device(mac, model)
+ if self.vm.get_launch_security_type() == "sev":
+ dev.set_rom_bar("off")
+
return dev
def _build_input(self):

2
virtman-fix-restore-vm-menu-selection.patch
View File

@@ -7,7 +7,7 @@ Index: virt-manager-5.0.0/virtManager/object/domain.py
===================================================================
--- virt-manager-5.0.0.orig/virtManager/object/domain.py
+++ virt-manager-5.0.0/virtManager/object/domain.py
@@ -1612,7 +1612,8 @@ class vmmDomain(vmmLibvirtObject):
@@ -1606,7 +1606,8 @@ class vmmDomain(vmmLibvirtObject):
return (self.is_stoppable() or
self.status() in [libvirt.VIR_DOMAIN_CRASHED])
def is_runable(self):