diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 922310954b..b731744f04 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -90,6 +90,23 @@ VIR_ENUM_IMPL(virDomainTaint,
               "deprecated-config",
 );
 
+VIR_ENUM_IMPL(virDomainTaintMessage,
+              VIR_DOMAIN_TAINT_LAST,
+              N_("custom configuration parameters specified"),
+              N_("custom monitor control commands issued"),
+              N_("running with undesirable elevated privileges"),
+              N_("network configuration using opaque shell scripts"),
+              N_("potentially unsafe disk format probing"),
+              N_("managing externally launched configuration"),
+              N_("potentially unsafe use of host CPU passthrough"),
+              N_("configuration potentially modified by hook script"),
+              N_("use of host cdrom passthrough"),
+              N_("custom device tree blob used"),
+              N_("custom guest agent control commands issued"),
+              N_("hypervisor feature autodetection override"),
+              N_("use of deprecated configuration settings"),
+);
+
 VIR_ENUM_IMPL(virDomainVirt,
               VIR_DOMAIN_VIRT_LAST,
               "none",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 98458c9e74..930eed60de 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3636,6 +3636,7 @@ bool virDomainVsockDefEquals(const virDomainVsockDef *a,
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
 
 VIR_ENUM_DECL(virDomainTaint);
+VIR_ENUM_DECL(virDomainTaintMessage);
 VIR_ENUM_DECL(virDomainVirt);
 VIR_ENUM_DECL(virDomainBoot);
 VIR_ENUM_DECL(virDomainFeature);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5829916c68..a94dc6081c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -629,6 +629,8 @@ virDomainStateTypeToString;
 virDomainStorageNetworkParseHost;
 virDomainStorageSourceParse;
 virDomainStorageSourceParseBase;
+virDomainTaintMessageTypeFromString;
+virDomainTaintMessageTypeToString;
 virDomainTaintTypeFromString;
 virDomainTaintTypeToString;
 virDomainTimerModeTypeFromString;
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 29a5dd97d8..9a7d997d65 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -572,6 +572,9 @@ void qemuDomainObjTaintMsg(virQEMUDriverPtr driver,
                            const char *msg,
                            ...) G_GNUC_PRINTF(5, 6);
 
+char **qemuDomainObjGetTainting(virQEMUDriverPtr driver,
+                                virDomainObjPtr obj);
+
 void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
                              virDomainObjPtr obj,
                              qemuDomainLogContextPtr logCtxt,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 53ac3b0c17..b8e088b10f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20369,6 +20369,63 @@ qemuDomainAuthorizedSSHKeysSet(virDomainPtr dom,
 }
 
 
+static int
+qemuDomainGetMessages(virDomainPtr dom,
+                      char ***msgs,
+                      unsigned int flags)
+{
+    virDomainObjPtr vm = NULL;
+    int rv = -1;
+    size_t i, n;
+    int nmsgs;
+
+    virCheckFlags(VIR_DOMAIN_MESSAGE_DEPRECATION |
+                  VIR_DOMAIN_MESSAGE_TAINTING, -1);
+
+    if (!(vm = qemuDomainObjFromDomain(dom)))
+        return -1;
+
+    if (virDomainGetMessagesEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
+    *msgs = NULL;
+    nmsgs = 0;
+    n = 0;
+
+    if (!flags || (flags & VIR_DOMAIN_MESSAGE_TAINTING)) {
+        nmsgs += __builtin_popcount(vm->taint);
+        *msgs = g_renew(char *, *msgs, nmsgs+1);
+
+        for (i = 0; i < VIR_DOMAIN_TAINT_LAST; i++) {
+            if (vm->taint & (1 << i)) {
+                (*msgs)[n++] = g_strdup_printf(
+                    _("tainted: %s"),
+                    _(virDomainTaintMessageTypeToString(i)));
+            }
+        }
+    }
+
+    if (!flags || (flags & VIR_DOMAIN_MESSAGE_DEPRECATION)) {
+        nmsgs += vm->ndeprecations;
+        *msgs = g_renew(char *, *msgs, nmsgs+1);
+
+        for (i = 0; i < vm->ndeprecations; i++) {
+            (*msgs)[n++] = g_strdup_printf(
+                _("deprecated configuration: %s"),
+                vm->deprecations[i]);
+        }
+    }
+
+    (*msgs)[nmsgs] = NULL;
+
+    rv = nmsgs;
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return rv;
+}
+
+
 static virHypervisorDriver qemuHypervisorDriver = {
     .name = QEMU_DRIVER_NAME,
     .connectURIProbe = qemuConnectURIProbe,
@@ -20610,6 +20667,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
     .domainBackupGetXMLDesc = qemuDomainBackupGetXMLDesc, /* 6.0.0 */
     .domainAuthorizedSSHKeysGet = qemuDomainAuthorizedSSHKeysGet, /* 6.10.0 */
     .domainAuthorizedSSHKeysSet = qemuDomainAuthorizedSSHKeysSet, /* 6.10.0 */
+    .domainGetMessages = qemuDomainGetMessages, /* 7.1.0 */
 };