References: bsc#1196806, jsc#SLE-18834
Index: virt-manager-4.1.0/ui/details.ui
===================================================================
--- virt-manager-4.1.0.orig/ui/details.ui
+++ virt-manager-4.1.0/ui/details.ui
@@ -1925,7 +1925,20 @@
-
+
+
+ 1
+ 4
+
Index: virt-manager-4.1.0/virtManager/details/details.py
===================================================================
--- virt-manager-4.1.0.orig/virtManager/details/details.py
+++ virt-manager-4.1.0/virtManager/details/details.py
@@ -49,6 +49,7 @@ from ..delete import vmmDeleteStorage
EDIT_MEM,
EDIT_MEM_SHARED,
+ EDIT_MEM_SEV,
EDIT_AUTOSTART,
EDIT_BOOTORDER,
@@ -86,7 +87,7 @@ from ..delete import vmmDeleteStorage
EDIT_FS,
- EDIT_HOSTDEV_ROMBAR) = range(1, 38)
+ EDIT_HOSTDEV_ROMBAR) = range(1, 39)
# Columns in hw list model
@@ -422,6 +423,7 @@ class vmmDetails(vmmGObjectUI):
"on_mem_maxmem_changed": _e(EDIT_MEM),
"on_mem_memory_changed": self._curmem_changed_cb,
"on_mem_shared_access_toggled": _e(EDIT_MEM_SHARED),
+ "on_mem_launch_security_toggled": _e(EDIT_MEM_SEV),
"on_boot_list_changed": self._boot_list_changed_cb,
"on_boot_moveup_clicked": self._boot_moveup_clicked_cb,
@@ -1498,6 +1500,9 @@ class vmmDetails(vmmGObjectUI):
if self._edited(EDIT_MEM_SHARED):
kwargs["mem_shared"] = self.widget("shared-memory").get_active()
+ if self._edited(EDIT_MEM_SEV):
+ kwargs["sevmem"] = self.widget("launch-security").get_active()
+
return self._change_config(
self.vm.define_memory, kwargs,
hotplug_args=hotplug_args)
@@ -2004,6 +2009,14 @@ class vmmDetails(vmmGObjectUI):
curmem.set_value(int(round(vm_cur_mem)))
maxmem.set_value(int(round(vm_max_mem)))
+ domcaps = self.vm.get_domain_capabilities()
+ show_sev = domcaps.supports_sev_launch_security()
+ self.widget("launch-security").set_sensitive(show_sev and self.is_customize_dialog)
+ if self.vm.get_launch_security_type():
+ self.widget("launch-security").set_active(True)
+ else:
+ self.widget("launch-security").set_active(False)
+
shared_mem, shared_mem_err = self.vm.has_shared_mem()
self.widget("shared-memory").set_active(shared_mem)
self.widget("shared-memory").set_sensitive(not bool(shared_mem_err))
Index: virt-manager-4.1.0/virtManager/object/domain.py
===================================================================
--- virt-manager-4.1.0.orig/virtManager/object/domain.py
+++ virt-manager-4.1.0/virtManager/object/domain.py
@@ -706,15 +706,33 @@ class vmmDomain(vmmLibvirtObject):
guest.memoryBacking.access_mode = access_mode
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL,
- mem_shared=_SENTINEL):
+ mem_shared=_SENTINEL, sevmem=_SENTINEL):
guest = self._make_xmlobj_to_define()
+ def _set_rombar(guest, value):
+ # Ideally turning rombar off would be done automatically
+ # by either libvirt or qemu when SEV is detected.
+ for nic in guest.devices.interface:
+ nic.set_rom_bar(value)
+
if memory != _SENTINEL:
guest.currentMemory = int(memory)
if maxmem != _SENTINEL:
guest.memory = int(maxmem)
if mem_shared != _SENTINEL:
self._edit_shared_mem(guest, mem_shared)
+ if sevmem != _SENTINEL:
+ if sevmem is True:
+ domcaps = self.get_domain_capabilities()
+ guest.launchSecurity.type = "sev"
+ guest.launchSecurity.set_defaults(guest)
+ guest.memoryBacking.set_locked(True)
+ _set_rombar(guest, "off")
+ else:
+ guest.launchSecurity.type = None
+ guest.launchSecurity.policy = None
+ guest.memoryBacking.set_locked(False)
+ _set_rombar(guest, None)
self._redefine_xmlobj(guest)
@@ -1328,6 +1346,9 @@ class vmmDomain(vmmLibvirtObject):
def get_description(self):
return self.get_xmlobj().description
+ def get_launch_security_type(self):
+ return self.get_xmlobj().launchSecurity.type
+
def get_boot_order(self):
legacy = not self.can_use_device_boot_order()
return self.xmlobj.get_boot_order(legacy=legacy)
Index: virt-manager-4.1.0/virtinst/domain/memorybacking.py
===================================================================
--- virt-manager-4.1.0.orig/virtinst/domain/memorybacking.py
+++ virt-manager-4.1.0/virtinst/domain/memorybacking.py
@@ -27,6 +27,9 @@ class DomainMemoryBacking(XMLBuilder):
XML_NAME = "memoryBacking"
_XML_PROP_ORDER = ["hugepages", "nosharepages", "locked", "pages"]
+ def set_locked(self, value):
+ self.locked = value
+
hugepages = XMLProperty("./hugepages", is_bool=True)
nosharepages = XMLProperty("./nosharepages", is_bool=True)
locked = XMLProperty("./locked", is_bool=True)
Index: virt-manager-4.1.0/virtinst/domcapabilities.py
===================================================================
--- virt-manager-4.1.0.orig/virtinst/domcapabilities.py
+++ virt-manager-4.1.0/virtinst/domcapabilities.py
@@ -93,6 +93,9 @@ def _make_capsblock(xml_root_name):
class _SEV(XMLBuilder):
XML_NAME = "sev"
supported = XMLProperty("./@supported", is_yesno=True)
+ cbitpos = XMLProperty("./cbitpos")
+ reducedPhysBits = XMLProperty("./reducedPhysBits")
+ maxGuests = XMLProperty("./maxGuests")
maxESGuests = XMLProperty("./maxESGuests")
@@ -404,6 +407,9 @@ class DomainCapabilities(XMLBuilder):
self.features.sev.maxESGuests)
return bool(self.features.sev.supported)
+ def supports_sev_es_launch_security(self):
+ return bool(self.features.sev.supported and self.features.sev.maxESGuests)
+
def supports_video_bochs(self):
"""
Returns False if either libvirt or qemu do not have support to bochs
Index: virt-manager-4.1.0/virtinst/domain/launch_security.py
===================================================================
--- virt-manager-4.1.0.orig/virtinst/domain/launch_security.py
+++ virt-manager-4.1.0/virtinst/domain/launch_security.py
@@ -19,8 +19,12 @@ class DomainLaunchSecurity(XMLBuilder):
kernelHashes = XMLProperty("./@kernelHashes", is_yesno=True)
def _set_defaults_sev(self, guest):
- if not guest.os.is_q35() or not guest.is_uefi():
- raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
+ if not guest.os.is_q35():
+ raise RuntimeError(_("SEV launch security requires a Q35 machine"))
+ # Libvirt will select the appropriate firmware file if not specified
+ # as long as we enable efi.
+ if not guest.is_uefi():
+ guest.os.firmware = 'efi'
# The 'policy' is a mandatory 4-byte argument for the SEV firmware.
# If missing, we use 0x03 for the original SEV implementation and
Index: virt-manager-4.1.0/virtinst/devices/interface.py
===================================================================
--- virt-manager-4.1.0.orig/virtinst/devices/interface.py
+++ virt-manager-4.1.0/virtinst/devices/interface.py
@@ -287,6 +287,9 @@ class DeviceInterface(Device):
self.type = nettype
self.source = source
+ def set_rom_bar(self, value):
+ self.rom_bar = value
+
##################
# Default config #
Index: virt-manager-4.1.0/virtManager/addhardware.py
===================================================================
--- virt-manager-4.1.0.orig/virtManager/addhardware.py
+++ virt-manager-4.1.0/virtManager/addhardware.py
@@ -1444,6 +1444,9 @@ class vmmAddHardware(vmmGObjectUI):
mac = self.widget("create-mac-address").get_text()
dev = self._netlist.build_device(mac, model)
+ if self.vm.get_launch_security_type() == "sev":
+ dev.set_rom_bar("off")
+
return dev
def _build_input(self):