diff --git a/71-sev.rules b/71-sev.rules
new file mode 100644
index 00000000..00c3eba2
--- /dev/null
+++ b/71-sev.rules
@@ -0,0 +1 @@
+KERNEL=="sev", MODE="0660", GROUP="kvm"
diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes
index 6e1fb634..27004585 100644
--- a/qemu-testsuite.changes
+++ b/qemu-testsuite.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug  9 03:27:38 UTC 2018 - ldewey@suse.com
+
+- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604).
+  71-sev.rules
+
 -------------------------------------------------------------------
 Fri Aug  3 14:05:49 UTC 2018 - brogers@suse.com
 
diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec
index b2a49988..407fb320 100644
--- a/qemu-testsuite.spec
+++ b/qemu-testsuite.spec
@@ -128,6 +128,7 @@ Source12:       supported.x86.txt
 Source13:       supported.s390.txt
 Source14:       supported.arm.txt
 Source15:       supported.ppc.txt
+Source16:       71-sev.rules
 # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch
 # This patch queue is auto-generated from https://github.com/openSUSE/qemu
 Patch0001:      0001-XXX-dont-dump-core-on-sigabort.patch
@@ -1277,6 +1278,9 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.tx
 install -D -m 0755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat
 install -D -m 0644 %{SOURCE4} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+install -D -m 0644 %{SOURCE16} %{buildroot}%{_udevrulesdir}/71-sev.rules
+%endif
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
 %endif
 install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
@@ -1316,6 +1320,9 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
   fi
 %endif
   %udev_rules_update
+  %ifarch %ix86 x86_64
+    %_bindir/udevadm trigger -y sev || :
+  %endif
   %_bindir/udevadm trigger -y kvm || :
 %ifarch s390x
   sysctl vm.allocate_pgste=1 || :
@@ -1395,6 +1402,9 @@ fi
 %_bindir/kvm_stat
 %doc %_mandir/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+%{_udevrulesdir}/71-sev.rules
+%endif
 %{_udevrulesdir}/80-kvm.rules
 %ifarch s390x
 %_libexecdir/modules-load.d/kvm.conf
diff --git a/qemu.changes b/qemu.changes
index 6e1fb634..27004585 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug  9 03:27:38 UTC 2018 - ldewey@suse.com
+
+- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604).
+  71-sev.rules
+
 -------------------------------------------------------------------
 Fri Aug  3 14:05:49 UTC 2018 - brogers@suse.com
 
diff --git a/qemu.spec b/qemu.spec
index 0ea4d42c..43ee1260 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -128,6 +128,7 @@ Source12:       supported.x86.txt
 Source13:       supported.s390.txt
 Source14:       supported.arm.txt
 Source15:       supported.ppc.txt
+Source16:       71-sev.rules
 # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch
 # This patch queue is auto-generated from https://github.com/openSUSE/qemu
 Patch0001:      0001-XXX-dont-dump-core-on-sigabort.patch
@@ -1277,6 +1278,9 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.tx
 install -D -m 0755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat
 install -D -m 0644 %{SOURCE4} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+install -D -m 0644 %{SOURCE16} %{buildroot}%{_udevrulesdir}/71-sev.rules
+%endif
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
 %endif
 install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
@@ -1316,6 +1320,9 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
   fi
 %endif
   %udev_rules_update
+  %ifarch %ix86 x86_64
+    %_bindir/udevadm trigger -y sev || :
+  %endif
   %_bindir/udevadm trigger -y kvm || :
 %ifarch s390x
   sysctl vm.allocate_pgste=1 || :
@@ -1395,6 +1402,9 @@ fi
 %_bindir/kvm_stat
 %doc %_mandir/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+%{_udevrulesdir}/71-sev.rules
+%endif
 %{_udevrulesdir}/80-kvm.rules
 %ifarch s390x
 %_libexecdir/modules-load.d/kvm.conf
diff --git a/qemu.spec.in b/qemu.spec.in
index d2fc4104..7bd01849 100644
--- a/qemu.spec.in
+++ b/qemu.spec.in
@@ -128,6 +128,7 @@ Source12:       supported.x86.txt
 Source13:       supported.s390.txt
 Source14:       supported.arm.txt
 Source15:       supported.ppc.txt
+Source16:       71-sev.rules
 # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch
 # This patch queue is auto-generated from https://github.com/openSUSE/qemu
 PATCH_FILES
@@ -1197,6 +1198,9 @@ ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.tx
 install -D -m 0755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat
 install -D -m 0644 %{SOURCE4} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+install -D -m 0644 %{SOURCE16} %{buildroot}%{_udevrulesdir}/71-sev.rules
+%endif
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules
 %endif
 install -D -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/qemu-ga@.service
@@ -1236,6 +1240,9 @@ if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then
   fi
 %endif
   %udev_rules_update
+  %ifarch %ix86 x86_64
+    %_bindir/udevadm trigger -y sev || :
+  %endif
   %_bindir/udevadm trigger -y kvm || :
 %ifarch s390x
   sysctl vm.allocate_pgste=1 || :
@@ -1315,6 +1322,9 @@ fi
 %_bindir/kvm_stat
 %doc %_mandir/man1/kvm_stat.1.gz
 %endif
+%ifarch %ix86 x86_64
+%{_udevrulesdir}/71-sev.rules
+%endif
 %{_udevrulesdir}/80-kvm.rules
 %ifarch s390x
 %_libexecdir/modules-load.d/kvm.conf