Hello community, here is the log from the commit of package virt-manager for openSUSE:Factory checked in at 2017-06-15 11:25:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virt-manager (Old) and /work/SRC/openSUSE:Factory/.virt-manager.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "virt-manager" Thu Jun 15 11:25:38 2017 rev:152 rq:503738 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/virt-manager/virt-manager.changes 2017-05-16 14:46:31.363600603 +0200 +++ /work/SRC/openSUSE:Factory/.virt-manager.new/virt-manager.changes 2017-06-15 11:26:06.376420764 +0200 @@ -1,0 +2,22 @@ +Wed Jun 7 11:29:02 MDT 2017 - [email protected] + +- bsc#1042709 - unable to create VM with SLE4SAP SP1 over network + install + virtinst-fix-sle-distro-parsing.patch + +------------------------------------------------------------------- +Mon Jun 5 11:38:58 MDT 2017 - [email protected] + +- bsc#1027942 - virt-manager: Missing upstream bug fixes + f38c56c9-add-support-for-SMM-feature.patch + 24f9d053-add-support-for-loader-secure-attribute.patch + 4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch + b690908a-enable-secure-feature-together-with-smm-for-UEFI.patch + +------------------------------------------------------------------- +Thu May 25 16:31:57 MDT 2017 - [email protected] + +- bsc#1027942 - virt-manager: Missing upstream bug fixes + 93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch + +------------------------------------------------------------------- New: ---- 24f9d053-add-support-for-loader-secure-attribute.patch 4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch 93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch b690908a-enable-secure-feature-together-with-smm-for-UEFI.patch f38c56c9-add-support-for-SMM-feature.patch virtinst-fix-sle-distro-parsing.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virt-manager.spec ++++++ --- /var/tmp/diff_new_pack.0YGOnV/_old 2017-06-15 11:26:07.620245182 +0200 +++ /var/tmp/diff_new_pack.0YGOnV/_new 2017-06-15 11:26:07.620245182 +0200 @@ -47,7 +47,12 @@ Patch7: f341352c-remove-redundant-error-string.patch Patch8: ff3b4dc5-dont-overwrite-install-bootorder.patch Patch9: 2099a194-reset-guest-domain-to-none-on-domain-creation-error.patch -Patch10: 7aee124d-fix-multiple-warnings-2.patch +Patch10: 93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch +Patch11: 7aee124d-fix-multiple-warnings-2.patch +Patch12: f38c56c9-add-support-for-SMM-feature.patch +Patch13: 24f9d053-add-support-for-loader-secure-attribute.patch +Patch14: 4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch +Patch15: b690908a-enable-secure-feature-together-with-smm-for-UEFI.patch # SUSE Only Patch70: virtman-desktop.patch Patch71: virtman-kvm.patch @@ -86,6 +91,7 @@ Patch162: virtinst-refresh_before_fetch_pool.patch Patch163: virtinst-use-xenpae-kernel-for-32bit.patch Patch164: virtinst-use-qemu-for-cdrom-device.patch +Patch165: virtinst-fix-sle-distro-parsing.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -179,6 +185,11 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 # SUSE Only %patch70 -p1 %patch71 -p1 @@ -217,6 +228,7 @@ %patch162 -p1 %patch163 -p1 %patch164 -p1 +%patch165 -p1 %build %if %{qemu_user} ++++++ 2099a194-reset-guest-domain-to-none-on-domain-creation-error.patch ++++++ --- /var/tmp/diff_new_pack.0YGOnV/_old 2017-06-15 11:26:07.708232761 +0200 +++ /var/tmp/diff_new_pack.0YGOnV/_new 2017-06-15 11:26:07.708232761 +0200 @@ -21,10 +21,10 @@ Signed-off-by: Christophe Fergeau <[email protected]> -diff --git a/virtinst/guest.py b/virtinst/guest.py -index c8c3d14c..39975199 100644 ---- a/virtinst/guest.py -+++ b/virtinst/guest.py +Index: virt-manager-1.4.1/virtinst/guest.py +=================================================================== +--- virt-manager-1.4.1.orig/virtinst/guest.py ++++ virt-manager-1.4.1/virtinst/guest.py @@ -408,6 +408,7 @@ class Guest(XMLBuilder): exc_info = sys.exc_info() try: ++++++ 24f9d053-add-support-for-loader-secure-attribute.patch ++++++ References: rbz#1387479 Subject: virt-install: add support for loader secure attribute From: Pavel Hrdina [email protected] Thu Jan 26 16:11:31 2017 +0100 Date: Thu Jun 1 09:58:46 2017 +0200: Git: 24f9d05329a485c21325fc2e93a283b832359d05 Signed-off-by: Pavel Hrdina <[email protected]> Index: virt-manager-1.4.1/man/virt-install.pod =================================================================== --- virt-manager-1.4.1.orig/man/virt-install.pod +++ virt-manager-1.4.1/man/virt-install.pod @@ -514,13 +514,14 @@ correct UEFI parameters, libvirt needs t via domcapabilities XML, so this will likely only work if using properly configured distro packages. -=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd> +=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd,loader_secure=no> Specify that the virtual machine use the custom OVMF binary as boot firmware, mapped as a virtual flash chip. In addition, request that libvirt instantiate the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore template. This is the recommended UEFI setup, and should be used if ---boot uefi doesn't know about your UEFI binaries. +--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware +supports Secure boot feature you can enable it via loader_secure. =back Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml =================================================================== --- /dev/null +++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml @@ -0,0 +1,29 @@ +<domain type="test"> + <name>foobar</name> + <uuid>00000000-1111-2222-3333-444444444444</uuid> + <memory>65536</memory> + <currentMemory>65536</currentMemory> + <vcpu>1</vcpu> + <os> + <type arch="i686">hvm</type> + <loader secure="yes">/path/to/loader</loader> + <boot dev="hd"/> + </os> + <features> + <pae/> + </features> + <clock offset="utc"/> + <pm> + <suspend-to-mem enabled="no"/> + <suspend-to-disk enabled="no"/> + </pm> + <devices> + <emulator>/usr/bin/test-hv</emulator> + <controller type="usb" index="0" model="none"/> + <interface type="user"> + <mac address="00:11:22:33:44:55"/> + </interface> + <input type="mouse" bus="ps2"/> + <console type="pty"/> + </devices> +</domain> Index: virt-manager-1.4.1/tests/clitest.py =================================================================== --- virt-manager-1.4.1.orig/tests/clitest.py +++ virt-manager-1.4.1/tests/clitest.py @@ -561,6 +561,14 @@ c.add_compare("--features smm=on", "feat c.add_invalid("--features smm=on --machine pc") +######################## +# Boot install options # +######################## + +c = vinst.add_category("boot", "--nographics --noautoconsole --import --disk none --controller usb,model=none") +c.add_compare("--boot loader=/path/to/loader,loader_secure=yes", "boot-loader-secure") + + #################################################### # CPU/RAM/numa and other singleton VM config tests # #################################################### Index: virt-manager-1.4.1/virtinst/cli.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/cli.py +++ virt-manager-1.4.1/virtinst/cli.py @@ -1573,6 +1573,13 @@ class ParserBoot(VirtCLIParser): inst.os.smbios_mode = val self.optdict["smbios_mode"] = val + def set_loader_secure_cb(self, inst, val, virtarg): + if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_LOADER_SECURE): + raise RuntimeError("secure attribute for loader is not supported " + "by libvirt.") + inst.os.loader_secure = val + return val + def noset_cb(self, inst, val, virtarg): pass @@ -1609,6 +1616,8 @@ ParserBoot.add_arg("os.dtb", "dtb") ParserBoot.add_arg("os.loader", "loader") ParserBoot.add_arg("os.loader_ro", "loader_ro", is_onoff=True) ParserBoot.add_arg("os.loader_type", "loader_type") +ParserBoot.add_arg("os.loader_secure", "loader_secure", is_onoff=True, + cb=ParserBoot.set_loader_secure_cb) ParserBoot.add_arg("os.nvram", "nvram") ParserBoot.add_arg("os.nvram_template", "nvram_template") ParserBoot.add_arg("os.kernel_args", "kernel_args", Index: virt-manager-1.4.1/virtinst/osxml.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/osxml.py +++ virt-manager-1.4.1/virtinst/osxml.py @@ -116,6 +116,7 @@ class OSXML(XMLBuilder): loader = XMLProperty("./loader") loader_ro = XMLProperty("./loader/@readonly", is_yesno=True) loader_type = XMLProperty("./loader/@type") + loader_secure = XMLProperty("./loader/@secure", is_yesno=True) smbios_mode = XMLProperty("./smbios/@mode") nvram = XMLProperty("./nvram") nvram_template = XMLProperty("./nvram/@template") Index: virt-manager-1.4.1/virtinst/support.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/support.py +++ virt-manager-1.4.1/virtinst/support.py @@ -362,6 +362,7 @@ SUPPORT_DOMAIN_STATE = _make(function="v SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD", version="1.2.8", hv_version={"qemu": 0}) SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0") +SUPPORT_DOMAIN_LOADER_SECURE = _make(version="2.1.0") ############### ++++++ 4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch ++++++ References: rbz#1387479 Subject: virtinst: if required by UEFI enable SMM feature and set q35 machine type From: Pavel Hrdina [email protected] Mon Feb 6 13:46:06 2017 +0100 Date: Thu Jun 1 09:58:46 2017 +0200: Git: 4f8e795c6a7158b3da48f65322cabfae1d110cae If we detect that the UEFI image is build to require SMM feature we should configure the guest to enable SMM feature and set q35 machine type. Without this user wouldn't be able to boot the guest. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1387479 Signed-off-by: Pavel Hrdina <[email protected]> Index: virt-manager-1.4.1/tests/capabilities-xml/kvm-x86_64-domcaps-q35.xml =================================================================== --- /dev/null +++ virt-manager-1.4.1/tests/capabilities-xml/kvm-x86_64-domcaps-q35.xml @@ -0,0 +1,126 @@ +<domainCapabilities> + <path>/home/phrdina/work/qemu/x86_64-softmmu/qemu-system-x86_64</path> + <domain>kvm</domain> + <machine>pc-q35-2.9</machine> + <arch>x86_64</arch> + <vcpu max='288'/> + <os supported='yes'> + <loader supported='yes'> + <value>/usr/share/ovmf/OVMF_CODE.secboot.fd</value> + <enum name='type'> + <value>rom</value> + <value>pflash</value> + </enum> + <enum name='readonly'> + <value>yes</value> + <value>no</value> + </enum> + </loader> + </os> + <cpu> + <mode name='host-passthrough' supported='yes'/> + <mode name='host-model' supported='yes'> + <model fallback='forbid'>Skylake-Client</model> + <vendor>Intel</vendor> + <feature policy='require' name='ss'/> + <feature policy='require' name='vmx'/> + <feature policy='require' name='hypervisor'/> + <feature policy='require' name='tsc_adjust'/> + <feature policy='require' name='clflushopt'/> + <feature policy='require' name='xsaves'/> + <feature policy='require' name='pdpe1gb'/> + <feature policy='require' name='invtsc'/> + </mode> + <mode name='custom' supported='yes'> + <model usable='yes'>qemu64</model> + <model usable='yes'>qemu32</model> + <model usable='no'>phenom</model> + <model usable='yes'>pentium3</model> + <model usable='yes'>pentium2</model> + <model usable='yes'>pentium</model> + <model usable='yes'>n270</model> + <model usable='yes'>kvm64</model> + <model usable='yes'>kvm32</model> + <model usable='yes'>coreduo</model> + <model usable='yes'>core2duo</model> + <model usable='no'>athlon</model> + <model usable='yes'>Westmere</model> + <model usable='yes'>Skylake-Client</model> + <model usable='yes'>SandyBridge</model> + <model usable='yes'>Penryn</model> + <model usable='no'>Opteron_G5</model> + <model usable='no'>Opteron_G4</model> + <model usable='no'>Opteron_G3</model> + <model usable='yes'>Opteron_G2</model> + <model usable='yes'>Opteron_G1</model> + <model usable='yes'>Nehalem</model> + <model usable='yes'>IvyBridge</model> + <model usable='yes'>Haswell</model> + <model usable='yes'>Haswell-noTSX</model> + <model usable='yes'>Conroe</model> + <model usable='yes'>Broadwell</model> + <model usable='yes'>Broadwell-noTSX</model> + <model usable='yes'>486</model> + </mode> + </cpu> + <devices> + <disk supported='yes'> + <enum name='diskDevice'> + <value>disk</value> + <value>cdrom</value> + <value>floppy</value> + <value>lun</value> + </enum> + <enum name='bus'> + <value>fdc</value> + <value>scsi</value> + <value>virtio</value> + <value>usb</value> + <value>sata</value> + </enum> + </disk> + <graphics supported='yes'> + <enum name='type'> + <value>sdl</value> + <value>vnc</value> + <value>spice</value> + </enum> + </graphics> + <video supported='yes'> + <enum name='modelType'> + <value>vga</value> + <value>cirrus</value> + <value>vmvga</value> + <value>qxl</value> + <value>virtio</value> + </enum> + </video> + <hostdev supported='yes'> + <enum name='mode'> + <value>subsystem</value> + </enum> + <enum name='startupPolicy'> + <value>default</value> + <value>mandatory</value> + <value>requisite</value> + <value>optional</value> + </enum> + <enum name='subsysType'> + <value>usb</value> + <value>pci</value> + <value>scsi</value> + </enum> + <enum name='capsType'/> + <enum name='pciBackend'> + <value>default</value> + <value>kvm</value> + <value>vfio</value> + </enum> + </hostdev> + </devices> + <features> + <gic supported='no'/> + </features> +</domainCapabilities> + + Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml =================================================================== --- /dev/null +++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml @@ -0,0 +1,61 @@ +<domain type="kvm"> + <name>foobar</name> + <uuid>00000000-1111-2222-3333-444444444444</uuid> + <memory>65536</memory> + <currentMemory>65536</currentMemory> + <vcpu>1</vcpu> + <os> + <type arch="x86_64" machine="q35">hvm</type> + <loader readonly="yes" type="pflash">/usr/share/ovmf/OVMF_CODE.secboot.fd</loader> + <boot dev="hd"/> + </os> + <features> + <acpi/> + <apic/> + <smm state="on"/> + <vmport state="off"/> + </features> + <cpu mode="custom" match="exact"> + <model>Opteron_G4</model> + </cpu> + <clock offset="utc"> + <timer name="rtc" tickpolicy="catchup"/> + <timer name="pit" tickpolicy="delay"/> + <timer name="hpet" present="no"/> + </clock> + <pm> + <suspend-to-mem enabled="no"/> + <suspend-to-disk enabled="no"/> + </pm> + <devices> + <emulator>/usr/bin/qemu-kvm</emulator> + <controller type="usb" index="0" model="ich9-ehci1"/> + <controller type="usb" index="0" model="ich9-uhci1"> + <master startport="0"/> + </controller> + <controller type="usb" index="0" model="ich9-uhci2"> + <master startport="2"/> + </controller> + <controller type="usb" index="0" model="ich9-uhci3"> + <master startport="4"/> + </controller> + <interface type="bridge"> + <source bridge="eth0"/> + <mac address="00:11:22:33:44:55"/> + </interface> + <input type="mouse" bus="ps2"/> + <graphics type="spice" port="-1" tlsPort="-1" autoport="yes"> + <image compression="off"/> + </graphics> + <console type="pty"/> + <channel type="spicevmc"> + <target type="virtio" name="com.redhat.spice.0"/> + </channel> + <sound model="ich6"/> + <video> + <model type="qxl"/> + </video> + <redirdev bus="usb" type="spicevmc"/> + <redirdev bus="usb" type="spicevmc"/> + </devices> +</domain> Index: virt-manager-1.4.1/tests/clitest.py =================================================================== --- virt-manager-1.4.1.orig/tests/clitest.py +++ virt-manager-1.4.1/tests/clitest.py @@ -71,6 +71,7 @@ test_files = { 'URI-TEST-DEFAULT': utils.uri_test_default, 'URI-TEST-REMOTE': utils.uri_test_remote, 'URI-KVM': utils.uri_kvm, + 'URI-KVM-Q35': utils.uri_kvm_q35, 'URI-KVM-SESSION': utils.uri_kvm_session, 'URI-KVM-REMOTE': utils.uri_kvm + ",remote", 'URI-KVM-NODOMCAPS': utils.uri_kvm_nodomcaps, @@ -771,6 +772,9 @@ c.add_invalid("--disk none --boot networ c.add_invalid("--nodisks --boot network --arch mips --virt-type kvm") # Invalid domain type for arch c.add_invalid("--nodisks --boot network --paravirt --arch mips") # Invalid arch/virt combo +c = vinst.add_category("kvm-q35", "--connect %(URI-KVM-Q35)s --noautoconsole", compare_check=support.SUPPORT_CONN_VMPORT) +c.add_compare("--boot uefi --disk none", "boot-uefi") + ###################### # LXC specific tests # Index: virt-manager-1.4.1/tests/utils.py =================================================================== --- virt-manager-1.4.1.orig/tests/utils.py +++ virt-manager-1.4.1/tests/utils.py @@ -37,10 +37,12 @@ uri_test_remote = uri_test + ",remote" _uri_qemu = "%s,qemu" % uri_test _uri_kvm_domcaps = (_uri_qemu + _domcapsprefix + "kvm-x86_64-domcaps.xml") +_uri_kvm_domcaps_q35 = (_uri_qemu + _domcapsprefix + "kvm-x86_64-domcaps-q35.xml") _uri_kvm_aarch64_domcaps = (_uri_qemu + _domcapsprefix + "kvm-aarch64-domcaps.xml") uri_kvm_nodomcaps = (_uri_qemu + _capsprefix + "kvm-x86_64.xml") uri_kvm_rhel = (_uri_kvm_domcaps + _capsprefix + "kvm-x86_64-rhel7.xml") uri_kvm = (_uri_kvm_domcaps + _capsprefix + "kvm-x86_64.xml") +uri_kvm_q35 = (_uri_kvm_domcaps_q35 + _capsprefix + "kvm-x86_64.xml") uri_kvm_session = uri_kvm + ",session" uri_kvm_armv7l = (_uri_kvm_domcaps + _capsprefix + "kvm-armv7l.xml") Index: virt-manager-1.4.1/virtManager/domain.py =================================================================== --- virt-manager-1.4.1.orig/virtManager/domain.py +++ virt-manager-1.4.1/virtManager/domain.py @@ -698,6 +698,7 @@ class vmmDomain(vmmLibvirtObject): guest.os.loader = loader guest.os.loader_type = "pflash" guest.os.loader_ro = True + guest.check_uefi_smm() if nvram != _SENTINEL: guest.os.nvram = nvram Index: virt-manager-1.4.1/virtinst/guest.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/guest.py +++ virt-manager-1.4.1/virtinst/guest.py @@ -542,6 +542,29 @@ class Guest(XMLBuilder): self.os.loader_type = "pflash" self.os.loader = path + self.check_uefi_smm() + + + def check_uefi_smm(self): + """ + If the firmware name contains "secboot" it is probably build + with SMM feature required so we need to enable that feature, + otherwise the firmware may fail to load. True secure boot is + currently supported only on x86 architecture and with q35 with + SMM feature enabled so change the machine to q35 as well. + """ + + if not self.os.is_x86(): + return + + if "secboot" not in self.os.loader: + return + + if not self.conn.check_support(self.conn.SUPPORT_DOMAIN_FEATURE_SMM): + return + + self.features.smm = True + self.os.machine = "q35" ################### # Device defaults # ++++++ 93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch ++++++ Subject: guest: Don't repeatedly overwrite self.domain From: Cole Robinson [email protected] Thu Apr 13 14:56:03 2017 -0400 Date: Thu Apr 13 14:56:03 2017 -0400: Git: 93085d2b9d4a3dd6cbb9edfeae9b6cefee9419c1 Since clearing it is important, just set it at the end when things have succeeded diff --git a/virtinst/guest.py b/virtinst/guest.py index 39975199..6bdfe170 100644 --- a/virtinst/guest.py +++ b/virtinst/guest.py @@ -394,28 +394,28 @@ class Guest(XMLBuilder): meter.start(size=None, text=meter_label) if transient: - self.domain = self.conn.createXML(install_xml or final_xml, 0) + domain = self.conn.createXML(install_xml or final_xml, 0) else: # Not all hypervisors (vz) support createXML, so avoid it here - self.domain = self.conn.defineXML(install_xml or final_xml) + domain = self.conn.defineXML(install_xml or final_xml) # Handle undefining the VM if the initial startup fails if doboot or self.installer.has_install_phase(): try: - self.domain.create() + domain.create() except: import sys exc_info = sys.exc_info() try: - self.domain.undefine() - self.domain = None + domain.undefine() except: pass raise exc_info[0], exc_info[1], exc_info[2] if install_xml and install_xml != final_xml: - self.domain = self.conn.defineXML(final_xml) + domain = self.conn.defineXML(final_xml) + self.domain = domain try: logging.debug("XML fetched from libvirt object:\n%s", self.domain.XMLDesc(0)) ++++++ b690908a-enable-secure-feature-together-with-smm-for-UEFI.patch ++++++ Subject: virtinst: enable secure feature together with smm for UEFI From: Pavel Hrdina [email protected] Wed Jun 7 20:47:59 2017 +0200 Date: Wed Jun 7 20:49:45 2017 +0200: Git: b690908aa47ea4040a0b232328a7b79ff99ceabc The secure feature actually enforce the secure boot if Secure Boot Mode is configured. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1387479 Signed-off-by: Pavel Hrdina <[email protected]> Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml =================================================================== --- virt-manager-1.4.1.orig/tests/cli-test-xml/compare/virt-install-boot-uefi.xml +++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-uefi.xml @@ -6,7 +6,7 @@ <vcpu>1</vcpu> <os> <type arch="x86_64" machine="q35">hvm</type> - <loader readonly="yes" type="pflash">/usr/share/ovmf/OVMF_CODE.secboot.fd</loader> + <loader readonly="yes" type="pflash" secure="yes">/usr/share/ovmf/OVMF_CODE.secboot.fd</loader> <boot dev="hd"/> </os> <features> Index: virt-manager-1.4.1/virtManager/domain.py =================================================================== --- virt-manager-1.4.1.orig/virtManager/domain.py +++ virt-manager-1.4.1/virtManager/domain.py @@ -698,7 +698,7 @@ class vmmDomain(vmmLibvirtObject): guest.os.loader = loader guest.os.loader_type = "pflash" guest.os.loader_ro = True - guest.check_uefi_smm() + guest.check_uefi_secure() if nvram != _SENTINEL: guest.os.nvram = nvram Index: virt-manager-1.4.1/virtinst/guest.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/guest.py +++ virt-manager-1.4.1/virtinst/guest.py @@ -542,16 +542,18 @@ class Guest(XMLBuilder): self.os.loader_type = "pflash" self.os.loader = path - self.check_uefi_smm() + self.check_uefi_secure() - def check_uefi_smm(self): + def check_uefi_secure(self): """ If the firmware name contains "secboot" it is probably build with SMM feature required so we need to enable that feature, otherwise the firmware may fail to load. True secure boot is currently supported only on x86 architecture and with q35 with SMM feature enabled so change the machine to q35 as well. + To actually enforce the secure boot for the guest if Secure Boot + Mode is configured we need to enable loader secure feature. """ if not self.os.is_x86(): @@ -560,10 +562,12 @@ class Guest(XMLBuilder): if "secboot" not in self.os.loader: return - if not self.conn.check_support(self.conn.SUPPORT_DOMAIN_FEATURE_SMM): + if (not self.conn.check_support(self.conn.SUPPORT_DOMAIN_FEATURE_SMM) or + not self.conn.check_support(self.conn.SUPPORT_DOMAIN_LOADER_SECURE)): return self.features.smm = True + self.os.loader_secure = True self.os.machine = "q35" ################### ++++++ f38c56c9-add-support-for-SMM-feature.patch ++++++ References: rbz#1387479 Subject: virt-install: add support for SMM feature From: Pavel Hrdina [email protected] Thu Jan 26 15:08:36 2017 +0100 Date: Thu Jun 1 09:58:46 2017 +0200: Git: f38c56c971d8b04bdee41ecba96f3f6d921a4aa7 Signed-off-by: Pavel Hrdina <[email protected]> Index: virt-manager-1.4.1/man/virt-install.pod =================================================================== --- virt-manager-1.4.1.orig/man/virt-install.pod +++ virt-manager-1.4.1/man/virt-install.pod @@ -275,6 +275,12 @@ Notify the guest that the host supports This is relevant only for ARM architectures. Possible values are "host" or version number. +=item B<--features smm=on> + +This enables System Management Mode of hypervisor. Some UEFI firmwares may +require this feature to be present. (QEMU supports SMM only with q35 machine +type.) + =back Use --features=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsFeatures> Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-features-smm.xml =================================================================== --- /dev/null +++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-features-smm.xml @@ -0,0 +1,29 @@ +<domain type="test"> + <name>foobar</name> + <uuid>00000000-1111-2222-3333-444444444444</uuid> + <memory>65536</memory> + <currentMemory>65536</currentMemory> + <vcpu>1</vcpu> + <os> + <type arch="i686" machine="q35">hvm</type> + <boot dev="hd"/> + </os> + <features> + <pae/> + <smm state="on"/> + </features> + <clock offset="utc"/> + <pm> + <suspend-to-mem enabled="no"/> + <suspend-to-disk enabled="no"/> + </pm> + <devices> + <emulator>/usr/bin/test-hv</emulator> + <controller type="usb" index="0" model="none"/> + <interface type="user"> + <mac address="00:11:22:33:44:55"/> + </interface> + <input type="mouse" bus="ps2"/> + <console type="pty"/> + </devices> +</domain> Index: virt-manager-1.4.1/tests/clitest.py =================================================================== --- virt-manager-1.4.1.orig/tests/clitest.py +++ virt-manager-1.4.1/tests/clitest.py @@ -552,6 +552,14 @@ c.add_compare(""" \ """, "spice-gl", compare_check=support.SUPPORT_CONN_VMPORT) +############################ +# Features install options # +############################ + +c = vinst.add_category("features", "--nographics --noautoconsole --import --disk none --controller usb,model=none") +c.add_compare("--features smm=on", "features-smm") +c.add_invalid("--features smm=on --machine pc") + #################################################### # CPU/RAM/numa and other singleton VM config tests # Index: virt-manager-1.4.1/virt-install =================================================================== --- virt-manager-1.4.1.orig/virt-install +++ virt-manager-1.4.1/virt-install @@ -633,6 +633,16 @@ def build_guest_instance(conn, options): logging.warn("Couldn't configure UEFI: %s", e) logging.warn("Your aarch64 VM may not boot successfully.") + # Check usability of SMM feature + if guest.features.smm: + if not guest.os.is_x86(): + fail(_("SMM feature is valid only for x86 architecture.")) + + if guest.os.machine is None: + guest.os.machine = "q35" + elif not guest.os.is_q35(): + fail(_("SMM feature is valid only for q35 machine type")) + # Various little validations about option collisions. Need to do # this after setting guest.installer at least check_option_collisions(options, guest) Index: virt-manager-1.4.1/virtinst/cli.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/cli.py +++ virt-manager-1.4.1/virtinst/cli.py @@ -1666,6 +1666,12 @@ class ParserFeatures(VirtCLIParser): cli_arg_name = "features" objclass = DomainFeatures + def set_smm_cb(self, inst, val, virtarg): + if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_FEATURE_SMM): + raise RuntimeError("smm is not supported by libvirt") + inst.smm = val + return val + _register_virt_parser(ParserFeatures) ParserFeatures.add_arg("acpi", "acpi", is_onoff=True) ParserFeatures.add_arg("apic", "apic", is_onoff=True) @@ -1688,6 +1694,8 @@ ParserFeatures.add_arg("pvspinlock", "pv ParserFeatures.add_arg("gic_version", "gic_version") +ParserFeatures.add_arg("smm", "smm", is_onoff=True, cb=ParserFeatures.set_smm_cb) + ################### # --clock parsing # Index: virt-manager-1.4.1/virtinst/domainfeatures.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/domainfeatures.py +++ virt-manager-1.4.1/virtinst/domainfeatures.py @@ -52,3 +52,5 @@ class DomainFeatures(XMLBuilder): default_name="default", default_cb=lambda s: False) kvm_hidden = XMLProperty("./kvm/hidden/@state", is_onoff=True) pvspinlock = XMLProperty("./pvspinlock/@state", is_onoff=True) + + smm = XMLProperty("./smm/@state", is_onoff=True) Index: virt-manager-1.4.1/virtinst/support.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/support.py +++ virt-manager-1.4.1/virtinst/support.py @@ -361,6 +361,7 @@ SUPPORT_DOMAIN_MEMORY_STATS = _make( SUPPORT_DOMAIN_STATE = _make(function="virDomain.state", run_args=()) SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD", version="1.2.8", hv_version={"qemu": 0}) +SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0") ############### ++++++ virtinst-fix-sle-distro-parsing.patch ++++++ References: bsc#1042709 Index: virt-manager-1.4.1/virtinst/urlfetcher.py =================================================================== --- virt-manager-1.4.1.orig/virtinst/urlfetcher.py +++ virt-manager-1.4.1/virtinst/urlfetcher.py @@ -444,9 +444,20 @@ def _distroFromSUSEContent(fetcher, arch arch = "ppc64le" def _parse_sle_distribution(d): - sle_version = d[1].strip().rsplit(' ')[4] - if len(d[1].strip().rsplit(' ')) > 5: - sle_version = sle_version + '.' + d[1].strip().rsplit(' ')[5][2] + d_list = d[1].strip().rsplit(' ') + d_len = len(d_list) + sle_version = 12 + counter = 0 + while counter < d_len: + item = d_list[counter].strip() + if item.isdigit(): + sle_version = item + if counter+1 < d_len: + item = d_list[counter+1].strip() + if item[2].isdigit(): + sle_version = sle_version + '.' + item[2] + break + counter += 1 return ['VERSION', sle_version] dclass = GenericDistro @@ -1029,7 +1040,10 @@ class SuseDistro(Distro): distro_version = self.version_from_content[1].strip() version = distro_version.split('.', 1)[0].strip() self.os_variant = self.urldistro - version_int = int(version) + if version.isdigit(): + version_int = int(version) + else: + version_int = 12 if version_int >= 10: if self.os_variant.startswith(("sles", "sled")): sp_version = None ++++++ virtinst-s390x-disable-graphics.patch ++++++ --- /var/tmp/diff_new_pack.0YGOnV/_old 2017-06-15 11:26:07.864210743 +0200 +++ /var/tmp/diff_new_pack.0YGOnV/_new 2017-06-15 11:26:07.868210178 +0200 @@ -16,7 +16,7 @@ self.skip_default_rng = False self.x86_cpu_default = self.cpu.SPECIAL_MODE_HOST_MODEL_ONLY -@@ -620,7 +623,7 @@ class Guest(XMLBuilder): +@@ -647,7 +650,7 @@ class Guest(XMLBuilder): self.add_device(dev) def add_default_video_device(self): @@ -25,7 +25,7 @@ return if self.get_devices("video"): return -@@ -658,6 +661,8 @@ class Guest(XMLBuilder): +@@ -685,6 +688,8 @@ class Guest(XMLBuilder): dev.target_type = "virtio" dev.target_name = dev.CHANNEL_NAME_QEMUGA self.add_device(dev) @@ -34,7 +34,7 @@ def add_default_graphics(self): if self.skip_default_graphics: -@@ -666,7 +671,7 @@ class Guest(XMLBuilder): +@@ -693,7 +698,7 @@ class Guest(XMLBuilder): return if self.os.is_container(): return @@ -43,7 +43,7 @@ return self.add_device(VirtualGraphics(self.conn)) -@@ -1004,7 +1009,7 @@ class Guest(XMLBuilder): +@@ -1031,7 +1036,7 @@ class Guest(XMLBuilder): if self._hv_only_supports_virtio(): return True ++++++ virtinst-set-qemu-emulator.patch ++++++ --- /var/tmp/diff_new_pack.0YGOnV/_old 2017-06-15 11:26:07.884207920 +0200 +++ /var/tmp/diff_new_pack.0YGOnV/_new 2017-06-15 11:26:07.884207920 +0200 @@ -5,7 +5,7 @@ =================================================================== --- virt-manager-1.4.1.orig/virtinst/guest.py +++ virt-manager-1.4.1/virtinst/guest.py -@@ -817,14 +817,11 @@ class Guest(XMLBuilder): +@@ -844,14 +844,11 @@ class Guest(XMLBuilder): self.emulator = None return
