1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4# Copyright (C) 2018 Red Hat, Inc. 5# 6# Authors: 7# Daniel P. Berrange <berrange@redhat.com> 8# Laszlo Ersek <lersek@redhat.com> 9# 10# This work is licensed under the terms of the GNU GPL, version 2 or 11# later. See the COPYING file in the top-level directory. 12 13## 14# = Firmware 15## 16 17{ 'include' : 'machine.json' } 18{ 'include' : 'block-core.json' } 19 20## 21# @FirmwareOSInterface: 22# 23# Lists the firmware-OS interface types provided by various firmware 24# that is commonly used with QEMU virtual machines. 25# 26# @bios: Traditional x86 BIOS interface. For example, firmware built 27# from the SeaBIOS project usually provides this interface. 28# 29# @openfirmware: The interface is defined by the (historical) IEEE 30# 1275-1994 standard. Examples for firmware projects that 31# provide this interface are: OpenBIOS and SLOF. 32# 33# @uboot: Firmware interface defined by the U-Boot project. 34# 35# @uefi: Firmware interface defined by the UEFI specification. For 36# example, firmware built from the edk2 (EFI Development Kit II) 37# project usually provides this interface. 38# 39# Since: 3.0 40## 41{ 'enum' : 'FirmwareOSInterface', 42 'data' : [ 'bios', 'openfirmware', 'uboot', 'uefi' ] } 43 44## 45# @FirmwareDevice: 46# 47# Defines the device types that firmware can be mapped into. 48# 49# @flash: The firmware executable and its accompanying NVRAM file are to 50# be mapped into a pflash chip each. 51# 52# @kernel: The firmware is to be loaded like a Linux kernel. This is 53# similar to @memory but may imply additional processing that 54# is specific to the target architecture and machine type. 55# 56# @memory: The firmware is to be mapped into memory. 57# 58# Since: 3.0 59## 60{ 'enum' : 'FirmwareDevice', 61 'data' : [ 'flash', 'kernel', 'memory' ] } 62 63## 64# @FirmwareTarget: 65# 66# Defines the machine types that firmware may execute on. 67# 68# @architecture: Determines the emulation target (the QEMU system 69# emulator) that can execute the firmware. 70# 71# @machines: Lists the machine types (known by the emulator that is 72# specified through @architecture) that can execute the 73# firmware. Elements of @machines are supposed to be concrete 74# machine types, not aliases. Glob patterns are understood, 75# which is especially useful for versioned machine types. 76# (For example, the glob pattern "pc-i440fx-*" matches 77# "pc-i440fx-2.12".) On the QEMU command line, "-machine 78# type=..." specifies the requested machine type (but that 79# option does not accept glob patterns). 80# 81# Since: 3.0 82## 83{ 'struct' : 'FirmwareTarget', 84 'data' : { 'architecture' : 'SysEmuTarget', 85 'machines' : [ 'str' ] } } 86 87## 88# @FirmwareFeature: 89# 90# Defines the features that firmware may support, and the platform 91# requirements that firmware may present. 92# 93# @acpi-s3: The firmware supports S3 sleep (suspend to RAM), as defined 94# in the ACPI specification. On the "pc-i440fx-*" machine 95# types of the @i386 and @x86_64 emulation targets, S3 can be 96# enabled with "-global PIIX4_PM.disable_s3=0" and disabled 97# with "-global PIIX4_PM.disable_s3=1". On the "pc-q35-*" 98# machine types of the @i386 and @x86_64 emulation targets, S3 99# can be enabled with "-global ICH9-LPC.disable_s3=0" and 100# disabled with "-global ICH9-LPC.disable_s3=1". 101# 102# @acpi-s4: The firmware supports S4 hibernation (suspend to disk), as 103# defined in the ACPI specification. On the "pc-i440fx-*" 104# machine types of the @i386 and @x86_64 emulation targets, S4 105# can be enabled with "-global PIIX4_PM.disable_s4=0" and 106# disabled with "-global PIIX4_PM.disable_s4=1". On the 107# "pc-q35-*" machine types of the @i386 and @x86_64 emulation 108# targets, S4 can be enabled with "-global 109# ICH9-LPC.disable_s4=0" and disabled with "-global 110# ICH9-LPC.disable_s4=1". 111# 112# @amd-sev: The firmware supports running under AMD Secure Encrypted 113# Virtualization, as specified in the AMD64 Architecture 114# Programmer's Manual. QEMU command line options related to 115# this feature are documented in 116# "docs/system/i386/amd-memory-encryption.rst". 117# 118# @amd-sev-es: The firmware supports running under AMD Secure Encrypted 119# Virtualization - Encrypted State, as specified in the AMD64 120# Architecture Programmer's Manual. QEMU command line options 121# related to this feature are documented in 122# "docs/system/i386/amd-memory-encryption.rst". 123# 124# @amd-sev-snp: The firmware supports running under AMD Secure Encrypted 125# Virtualization - Secure Nested Paging, as specified in the 126# AMD64 Architecture Programmer's Manual. QEMU command line 127# options related to this feature are documented in 128# "docs/system/i386/amd-memory-encryption.rst". 129# 130# @intel-tdx: The firmware supports running under Intel Trust Domain 131# Extensions (TDX). 132# 133# @enrolled-keys: The variable store (NVRAM) template associated with 134# the firmware binary has the UEFI Secure Boot 135# operational mode turned on, with certificates 136# enrolled. 137# 138# @requires-smm: The firmware requires the platform to emulate SMM 139# (System Management Mode), as defined in the AMD64 140# Architecture Programmer's Manual, and in the Intel(R)64 141# and IA-32 Architectures Software Developer's Manual. On 142# the "pc-q35-*" machine types of the @i386 and @x86_64 143# emulation targets, SMM emulation can be enabled with 144# "-machine smm=on". (On the "pc-q35-*" machine types of 145# the @i386 emulation target, @requires-smm presents 146# further CPU requirements; one combination known to work 147# is "-cpu coreduo,nx=off".) If the firmware is marked as 148# both @secure-boot and @requires-smm, then write 149# accesses to the pflash chip (NVRAM) that holds the UEFI 150# variable store must be restricted to code that executes 151# in SMM, using the additional option "-global 152# driver=cfi.pflash01,property=secure,value=on". 153# Furthermore, a large guest-physical address space 154# (comprising guest RAM, memory hotplug range, and 64-bit 155# PCI MMIO aperture), and/or a high VCPU count, may 156# present high SMRAM requirements from the firmware. On 157# the "pc-q35-*" machine types of the @i386 and @x86_64 158# emulation targets, the SMRAM size may be increased 159# above the default 16MB with the "-global 160# mch.extended-tseg-mbytes=uint16" option. As a rule of 161# thumb, the default 16MB size suffices for 1TB of 162# guest-phys address space and a few tens of VCPUs; for 163# every further TB of guest-phys address space, add 8MB 164# of SMRAM. 48MB should suffice for 4TB of guest-phys 165# address space and 2-3 hundred VCPUs. 166# 167# @secure-boot: The firmware implements the software interfaces for UEFI 168# Secure Boot, as defined in the UEFI specification. Note 169# that without @requires-smm, guest code running with 170# kernel privileges can undermine the security of Secure 171# Boot. 172# 173# @verbose-dynamic: When firmware log capture is enabled, the firmware 174# logs a large amount of debug messages, which may 175# impact boot performance. With log capture disabled, 176# there is no boot performance impact. On the 177# "pc-i440fx-*" and "pc-q35-*" machine types of the 178# @i386 and @x86_64 emulation targets, firmware log 179# capture can be enabled with the QEMU command line 180# options "-chardev file,id=fwdebug,path=LOGFILEPATH 181# -device isa-debugcon,iobase=0x402,chardev=fwdebug". 182# @verbose-dynamic is mutually exclusive with 183# @verbose-static. 184# 185# @verbose-static: The firmware unconditionally produces a large amount 186# of debug messages, which may impact boot performance. 187# This feature may typically be carried by certain UEFI 188# firmware for the "virt-*" machine types of the @arm 189# and @aarch64 emulation targets, where the debug 190# messages are written to the first (always present) 191# PL011 UART. @verbose-static is mutually exclusive 192# with @verbose-dynamic. 193# 194# Since: 3.0 195## 196{ 'enum' : 'FirmwareFeature', 197 'data' : [ 'acpi-s3', 'acpi-s4', 198 'amd-sev', 'amd-sev-es', 'amd-sev-snp', 199 'intel-tdx', 200 'enrolled-keys', 'requires-smm', 'secure-boot', 201 'verbose-dynamic', 'verbose-static' ] } 202 203## 204# @FirmwareFlashFile: 205# 206# Defines common properties that are necessary for loading a firmware 207# file into a pflash chip. The corresponding QEMU command line option is 208# "-drive file=@filename,format=@format". Note however that the 209# option-argument shown here is incomplete; it is completed under 210# @FirmwareMappingFlash. 211# 212# @filename: Specifies the filename on the host filesystem where the 213# firmware file can be found. 214# 215# @format: Specifies the block format of the file pointed-to by 216# @filename, such as @raw or @qcow2. 217# 218# Since: 3.0 219## 220{ 'struct' : 'FirmwareFlashFile', 221 'data' : { 'filename' : 'str', 222 'format' : 'BlockdevDriver' } } 223 224 225## 226# @FirmwareFlashType: 227# 228# Describes how the firmware build handles code versus variable 229# persistence. 230# 231# @split: the executable file contains code while the NVRAM 232# template provides variable storage. The executable 233# must be configured read-only and can be shared between 234# multiple guests. The NVRAM template must be cloned 235# for each new guest and configured read-write. 236# 237# @combined: the executable file contains both code and 238# variable storage. The executable must be cloned 239# for each new guest and configured read-write. 240# No NVRAM template will be specified. 241# 242# @stateless: the executable file contains code and variable 243# storage is not persisted. The executable must 244# be configured read-only and can be shared 245# between multiple guests. No NVRAM template 246# will be specified. 247# 248# Since: 7.0.0 249## 250{ 'enum': 'FirmwareFlashMode', 251 'data': [ 'split', 'combined', 'stateless' ] } 252 253## 254# @FirmwareMappingFlash: 255# 256# Describes loading and mapping properties for the firmware executable 257# and its accompanying NVRAM file, when @FirmwareDevice is @flash. 258# 259# @mode: Describes how the firmware build handles code versus variable 260# storage. If not present, it must be treated as if it was 261# configured with value ``split``. Since: 7.0.0 262# 263# @executable: Identifies the firmware executable. The @mode 264# indicates whether there will be an associated 265# NVRAM template present. The preferred 266# corresponding QEMU command line options are 267# -drive if=none,id=pflash0,readonly=on,file=@executable.@filename,format=@executable.@format 268# -machine pflash0=pflash0 269# or equivalent -blockdev instead of -drive. When 270# @mode is ``combined`` the executable must be 271# cloned before use and configured with readonly=off. 272# With QEMU versions older than 4.0, you have to use 273# -drive if=pflash,unit=0,readonly=on,file=@executable.@filename,format=@executable.@format 274# 275# @nvram-template: Identifies the NVRAM template compatible with 276# @executable, when @mode is set to ``split``, 277# otherwise it should not be present. 278# Management software instantiates an 279# individual copy -- a specific NVRAM file -- from 280# @nvram-template.@filename for each new virtual 281# machine definition created. @nvram-template.@filename 282# itself is never mapped into virtual machines, only 283# individual copies of it are. An NVRAM file is 284# typically used for persistently storing the 285# non-volatile UEFI variables of a virtual machine 286# definition. The preferred corresponding QEMU 287# command line options are 288# -drive if=none,id=pflash1,readonly=off,file=FILENAME_OF_PRIVATE_NVRAM_FILE,format=@nvram-template.@format 289# -machine pflash1=pflash1 290# or equivalent -blockdev instead of -drive. 291# With QEMU versions older than 4.0, you have to use 292# -drive if=pflash,unit=1,readonly=off,file=FILENAME_OF_PRIVATE_NVRAM_FILE,format=@nvram-template.@format 293# 294# Since: 3.0 295## 296{ 'struct' : 'FirmwareMappingFlash', 297 'data' : { '*mode': 'FirmwareFlashMode', 298 'executable' : 'FirmwareFlashFile', 299 '*nvram-template' : 'FirmwareFlashFile' } } 300 301## 302# @FirmwareMappingKernel: 303# 304# Describes loading and mapping properties for the firmware executable, 305# when @FirmwareDevice is @kernel. 306# 307# @filename: Identifies the firmware executable. The firmware executable 308# may be shared by multiple virtual machine definitions. The 309# corresponding QEMU command line option is "-kernel 310# @filename". 311# 312# Since: 3.0 313## 314{ 'struct' : 'FirmwareMappingKernel', 315 'data' : { 'filename' : 'str' } } 316 317## 318# @FirmwareMappingMemory: 319# 320# Describes loading and mapping properties for the firmware executable, 321# when @FirmwareDevice is @memory. 322# 323# @filename: Identifies the firmware executable. The firmware executable 324# may be shared by multiple virtual machine definitions. The 325# corresponding QEMU command line option is "-bios 326# @filename". 327# 328# Since: 3.0 329## 330{ 'struct' : 'FirmwareMappingMemory', 331 'data' : { 'filename' : 'str' } } 332 333## 334# @FirmwareMapping: 335# 336# Provides a discriminated structure for firmware to describe its 337# loading / mapping properties. 338# 339# @device: Selects the device type that the firmware must be mapped 340# into. 341# 342# Since: 3.0 343## 344{ 'union' : 'FirmwareMapping', 345 'base' : { 'device' : 'FirmwareDevice' }, 346 'discriminator' : 'device', 347 'data' : { 'flash' : 'FirmwareMappingFlash', 348 'kernel' : 'FirmwareMappingKernel', 349 'memory' : 'FirmwareMappingMemory' } } 350 351## 352# @Firmware: 353# 354# Describes a firmware (or a firmware use case) to management software. 355# 356# It is possible for multiple @Firmware elements to match the search 357# criteria of management software. Applications thus need rules to pick 358# one of the many matches, and users need the ability to override distro 359# defaults. 360# 361# It is recommended to create firmware JSON files (each containing a 362# single @Firmware root element) with a double-digit prefix, for example 363# "50-ovmf.json", "50-seabios-256k.json", etc, so they can be sorted in 364# predictable order. The firmware JSON files should be searched for in 365# three directories: 366# 367# - /usr/share/qemu/firmware -- populated by distro-provided firmware 368# packages (XDG_DATA_DIRS covers 369# /usr/share by default), 370# 371# - /etc/qemu/firmware -- exclusively for sysadmins' local additions, 372# 373# - $XDG_CONFIG_HOME/qemu/firmware -- exclusively for per-user local 374# additions (XDG_CONFIG_HOME 375# defaults to $HOME/.config). 376# 377# Top-down, the list of directories goes from general to specific. 378# 379# Management software should build a list of files from all three 380# locations, then sort the list by filename (i.e., last pathname 381# component). Management software should choose the first JSON file on 382# the sorted list that matches the search criteria. If a more specific 383# directory has a file with same name as a less specific directory, then 384# the file in the more specific directory takes effect. If the more 385# specific file is zero length, it hides the less specific one. 386# 387# For example, if a distro ships 388# 389# - /usr/share/qemu/firmware/50-ovmf.json 390# 391# - /usr/share/qemu/firmware/50-seabios-256k.json 392# 393# then the sysadmin can prevent the default OVMF being used at all with 394# 395# $ touch /etc/qemu/firmware/50-ovmf.json 396# 397# The sysadmin can replace/alter the distro default OVMF with 398# 399# $ vim /etc/qemu/firmware/50-ovmf.json 400# 401# or they can provide a parallel OVMF with higher priority 402# 403# $ vim /etc/qemu/firmware/10-ovmf.json 404# 405# or they can provide a parallel OVMF with lower priority 406# 407# $ vim /etc/qemu/firmware/99-ovmf.json 408# 409# @description: Provides a human-readable description of the firmware. 410# Management software may or may not display @description. 411# 412# @interface-types: Lists the types of interfaces that the firmware can 413# expose to the guest OS. This is a non-empty, ordered 414# list; entries near the beginning of @interface-types 415# are considered more native to the firmware, and/or 416# to have a higher quality implementation in the 417# firmware, than entries near the end of 418# @interface-types. 419# 420# @mapping: Describes the loading / mapping properties of the firmware. 421# 422# @targets: Collects the target architectures (QEMU system emulators) 423# and their machine types that may execute the firmware. 424# 425# @features: Lists the features that the firmware supports, and the 426# platform requirements it presents. 427# 428# @tags: A list of auxiliary strings associated with the firmware for 429# which @description is not appropriate, due to the latter's 430# possible exposure to the end-user. @tags serves development and 431# debugging purposes only, and management software shall 432# explicitly ignore it. 433# 434# Since: 3.0 435# 436# Examples: 437# 438# { 439# "description": "SeaBIOS", 440# "interface-types": [ 441# "bios" 442# ], 443# "mapping": { 444# "device": "memory", 445# "filename": "/usr/share/seabios/bios-256k.bin" 446# }, 447# "targets": [ 448# { 449# "architecture": "i386", 450# "machines": [ 451# "pc-i440fx-*", 452# "pc-q35-*" 453# ] 454# }, 455# { 456# "architecture": "x86_64", 457# "machines": [ 458# "pc-i440fx-*", 459# "pc-q35-*" 460# ] 461# } 462# ], 463# "features": [ 464# "acpi-s3", 465# "acpi-s4" 466# ], 467# "tags": [ 468# "CONFIG_BOOTSPLASH=n", 469# "CONFIG_ROM_SIZE=256", 470# "CONFIG_USE_SMM=n" 471# ] 472# } 473# 474# { 475# "description": "OVMF with SB+SMM, empty varstore", 476# "interface-types": [ 477# "uefi" 478# ], 479# "mapping": { 480# "device": "flash", 481# "executable": { 482# "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", 483# "format": "raw" 484# }, 485# "nvram-template": { 486# "filename": "/usr/share/OVMF/OVMF_VARS.fd", 487# "format": "raw" 488# } 489# }, 490# "targets": [ 491# { 492# "architecture": "x86_64", 493# "machines": [ 494# "pc-q35-*" 495# ] 496# } 497# ], 498# "features": [ 499# "acpi-s3", 500# "amd-sev", 501# "requires-smm", 502# "secure-boot", 503# "verbose-dynamic" 504# ], 505# "tags": [ 506# "-a IA32", 507# "-a X64", 508# "-p OvmfPkg/OvmfPkgIa32X64.dsc", 509# "-t GCC48", 510# "-b DEBUG", 511# "-D SMM_REQUIRE", 512# "-D SECURE_BOOT_ENABLE", 513# "-D FD_SIZE_4MB" 514# ] 515# } 516# 517# { 518# "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled", 519# "interface-types": [ 520# "uefi" 521# ], 522# "mapping": { 523# "device": "flash", 524# "executable": { 525# "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", 526# "format": "raw" 527# }, 528# "nvram-template": { 529# "filename": "/usr/share/OVMF/OVMF_VARS.secboot.fd", 530# "format": "raw" 531# } 532# }, 533# "targets": [ 534# { 535# "architecture": "x86_64", 536# "machines": [ 537# "pc-q35-*" 538# ] 539# } 540# ], 541# "features": [ 542# "acpi-s3", 543# "amd-sev", 544# "enrolled-keys", 545# "requires-smm", 546# "secure-boot", 547# "verbose-dynamic" 548# ], 549# "tags": [ 550# "-a IA32", 551# "-a X64", 552# "-p OvmfPkg/OvmfPkgIa32X64.dsc", 553# "-t GCC48", 554# "-b DEBUG", 555# "-D SMM_REQUIRE", 556# "-D SECURE_BOOT_ENABLE", 557# "-D FD_SIZE_4MB" 558# ] 559# } 560# 561# { 562# "description": "OVMF with SEV-ES support", 563# "interface-types": [ 564# "uefi" 565# ], 566# "mapping": { 567# "device": "flash", 568# "executable": { 569# "filename": "/usr/share/OVMF/OVMF_CODE.fd", 570# "format": "raw" 571# }, 572# "nvram-template": { 573# "filename": "/usr/share/OVMF/OVMF_VARS.fd", 574# "format": "raw" 575# } 576# }, 577# "targets": [ 578# { 579# "architecture": "x86_64", 580# "machines": [ 581# "pc-q35-*" 582# ] 583# } 584# ], 585# "features": [ 586# "acpi-s3", 587# "amd-sev", 588# "amd-sev-es", 589# "verbose-dynamic" 590# ], 591# "tags": [ 592# "-a X64", 593# "-p OvmfPkg/OvmfPkgX64.dsc", 594# "-t GCC48", 595# "-b DEBUG", 596# "-D FD_SIZE_4MB" 597# ] 598# } 599# 600# { 601# "description": "UEFI firmware for ARM64 virtual machines", 602# "interface-types": [ 603# "uefi" 604# ], 605# "mapping": { 606# "device": "flash", 607# "executable": { 608# "filename": "/usr/share/AAVMF/AAVMF_CODE.fd", 609# "format": "raw" 610# }, 611# "nvram-template": { 612# "filename": "/usr/share/AAVMF/AAVMF_VARS.fd", 613# "format": "raw" 614# } 615# }, 616# "targets": [ 617# { 618# "architecture": "aarch64", 619# "machines": [ 620# "virt-*" 621# ] 622# } 623# ], 624# "features": [ 625# 626# ], 627# "tags": [ 628# "-a AARCH64", 629# "-p ArmVirtPkg/ArmVirtQemu.dsc", 630# "-t GCC48", 631# "-b DEBUG", 632# "-D DEBUG_PRINT_ERROR_LEVEL=0x80000000" 633# ] 634# } 635## 636{ 'struct' : 'Firmware', 637 'data' : { 'description' : 'str', 638 'interface-types' : [ 'FirmwareOSInterface' ], 639 'mapping' : 'FirmwareMapping', 640 'targets' : [ 'FirmwareTarget' ], 641 'features' : [ 'FirmwareFeature' ], 642 'tags' : [ 'str' ] } } 643