1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4# SPDX-License-Identifier: GPL-2.0-or-later 5 6## 7# @rtc-reset-reinjection: 8# 9# Reset the RTC interrupt reinjection backlog. Can be used if another 10# mechanism to synchronize guest time is in effect, for example QEMU 11# guest agent's `guest-set-time` command. 12# 13# Use of this command is only applicable for x86 machines with an RTC, 14# and on other machines will silently return without performing any 15# action. 16# 17# Since: 2.1 18# 19# .. qmp-example:: 20# 21# -> { "execute": "rtc-reset-reinjection" } 22# <- { "return": {} } 23## 24{ 'command': 'rtc-reset-reinjection' } 25 26## 27# @SevState: 28# 29# An enumeration of SEV state information used during `query-sev`. 30# 31# @uninit: The guest is uninitialized. 32# 33# @launch-update: The guest is currently being launched; plaintext 34# data and register state is being imported. 35# 36# @launch-secret: The guest is currently being launched; ciphertext 37# data is being imported. 38# 39# @running: The guest is fully launched or migrated in. 40# 41# @send-update: The guest is currently being migrated out to another 42# machine. 43# 44# @receive-update: The guest is currently being migrated from another 45# machine. 46# 47# Since: 2.12 48## 49{ 'enum': 'SevState', 50 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 51 'send-update', 'receive-update' ] } 52 53## 54# @SevGuestType: 55# 56# An enumeration indicating the type of SEV guest being run. 57# 58# @sev: The guest is a legacy SEV or SEV-ES guest. 59# 60# @sev-snp: The guest is an SEV-SNP guest. 61# 62# Since: 6.2 63## 64{ 'enum': 'SevGuestType', 65 'data': [ 'sev', 'sev-snp' ] } 66 67## 68# @SevGuestInfo: 69# 70# Information specific to legacy SEV/SEV-ES guests. 71# 72# @policy: SEV policy value 73# 74# @handle: SEV firmware handle 75# 76# Since: 2.12 77## 78{ 'struct': 'SevGuestInfo', 79 'data': { 'policy': 'uint32', 80 'handle': 'uint32' } } 81 82## 83# @SevSnpGuestInfo: 84# 85# Information specific to SEV-SNP guests. 86# 87# @snp-policy: SEV-SNP policy value 88# 89# Since: 9.1 90## 91{ 'struct': 'SevSnpGuestInfo', 92 'data': { 'snp-policy': 'uint64' } } 93 94## 95# @SevInfo: 96# 97# Information about Secure Encrypted Virtualization (SEV) support 98# 99# @enabled: true if SEV is active 100# 101# @api-major: SEV API major version 102# 103# @api-minor: SEV API minor version 104# 105# @build-id: SEV FW build id 106# 107# @state: SEV guest state 108# 109# @sev-type: Type of SEV guest being run 110# 111# Since: 2.12 112## 113{ 'union': 'SevInfo', 114 'base': { 'enabled': 'bool', 115 'api-major': 'uint8', 116 'api-minor' : 'uint8', 117 'build-id' : 'uint8', 118 'state' : 'SevState', 119 'sev-type' : 'SevGuestType' }, 120 'discriminator': 'sev-type', 121 'data': { 122 'sev': 'SevGuestInfo', 123 'sev-snp': 'SevSnpGuestInfo' } } 124 125 126## 127# @query-sev: 128# 129# Return information about SEV/SEV-ES/SEV-SNP. 130# 131# If unavailable due to an incompatible configuration the returned 132# @enabled field is set to 'false' and the state of all other fields 133# is unspecified. 134# 135# Since: 2.12 136# 137# .. qmp-example:: 138# 139# -> { "execute": "query-sev" } 140# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 141# "build-id" : 0, "policy" : 0, "state" : "running", 142# "handle" : 1 } } 143## 144{ 'command': 'query-sev', 'returns': 'SevInfo' } 145 146## 147# @SevLaunchMeasureInfo: 148# 149# SEV Guest Launch measurement information 150# 151# @data: the measurement value encoded in base64 152# 153# Since: 2.12 154## 155{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } 156 157## 158# @query-sev-launch-measure: 159# 160# Query the SEV/SEV-ES guest launch information. 161# 162# This is only valid on x86 machines configured with KVM and the 163# 'sev-guest' confidential virtualization object. The launch 164# measurement for SEV-SNP guests is only available within the guest. 165# 166# Returns: The guest's SEV guest launch measurement info 167# 168# Errors: 169# - If the launch measurement is unavailable, either due to an 170# invalid guest configuration or if the guest has not reached 171# the required SEV state, GenericError 172# 173# Since: 2.12 174# 175# .. qmp-example:: 176# 177# -> { "execute": "query-sev-launch-measure" } 178# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 179## 180{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' } 181 182## 183# @SevCapability: 184# 185# The struct describes capability for a Secure Encrypted 186# Virtualization feature. 187# 188# @pdh: Platform Diffie-Hellman key (base64 encoded) 189# 190# @cert-chain: PDH certificate chain (base64 encoded) 191# 192# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 193# 194# @cbitpos: C-bit location in page table entry 195# 196# @reduced-phys-bits: Number of physical address bit reduction when 197# SEV is enabled 198# 199# Since: 2.12 200## 201{ 'struct': 'SevCapability', 202 'data': { 'pdh': 'str', 203 'cert-chain': 'str', 204 'cpu0-id': 'str', 205 'cbitpos': 'int', 206 'reduced-phys-bits': 'int'} } 207 208## 209# @query-sev-capabilities: 210# 211# Get SEV capabilities. 212# 213# This is only supported on AMD X86 platforms with KVM enabled. 214# 215# Errors: 216# - If SEV is not available on the platform, GenericError 217# 218# Since: 2.12 219# 220# .. qmp-example:: 221# 222# -> { "execute": "query-sev-capabilities" } 223# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 224# "cpu0-id": "2lvmGwo+...61iEinw==", 225# "cbitpos": 47, "reduced-phys-bits": 1}} 226## 227{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability' } 228 229## 230# @sev-inject-launch-secret: 231# 232# Inject a secret blob into a SEV/SEV-ES guest's memory. 233# 234# This is only valid on x86 machines configured with KVM and the 235# 'sev-guest' confidential virtualization object. SEV-SNP guests do 236# not support launch secret injection. 237# 238# @packet-header: the launch secret packet header encoded in base64 239# 240# @secret: the launch secret data to be injected encoded in base64 241# 242# @gpa: the guest physical address where secret will be injected. 243# 244# Errors: 245# - If launch secret injection is not possible, either due to 246# an invalid guest configuration, or if the guest has not 247# reached the required SEV state, GenericError 248# 249# Since: 6.0 250## 251{ 'command': 'sev-inject-launch-secret', 252 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' } } 253 254## 255# @SevAttestationReport: 256# 257# The struct describes attestation report for a Secure Encrypted 258# Virtualization feature. 259# 260# @data: guest attestation report (base64 encoded) 261# 262# Since: 6.1 263## 264{ 'struct': 'SevAttestationReport', 265 'data': { 'data': 'str'} } 266 267## 268# @query-sev-attestation-report: 269# 270# Get the SEV attestation report. 271# 272# This is only valid on x86 machines configured with KVM and the 273# 'sev-guest' confidential virtualization object. The attestation 274# report for SEV-SNP guests is only available within the guest. 275# 276# @mnonce: a random 16 bytes value encoded in base64 (it will be 277# included in report) 278# 279# Errors: 280# - If the attestation report is unavailable, either due to an 281# invalid guest configuration or because the guest has not 282# reached the required SEV state, GenericError 283# 284# Since: 6.1 285# 286# .. qmp-example:: 287# 288# -> { "execute" : "query-sev-attestation-report", 289# "arguments": { "mnonce": "aaaaaaa" } } 290# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 291## 292{ 'command': 'query-sev-attestation-report', 293 'data': { 'mnonce': 'str' }, 294 'returns': 'SevAttestationReport' } 295 296## 297# @SgxEpcSection: 298# 299# Information about intel SGX EPC section 300# 301# @node: the numa node 302# 303# @size: the size of EPC section 304# 305# Since: 7.0 306## 307{ 'struct': 'SgxEpcSection', 308 'data': { 'node': 'int', 309 'size': 'uint64'}} 310 311## 312# @SgxInfo: 313# 314# Information about intel Safe Guard eXtension (SGX) support 315# 316# @sgx: true if SGX is supported 317# 318# @sgx1: true if SGX1 is supported 319# 320# @sgx2: true if SGX2 is supported 321# 322# @flc: true if FLC is supported 323# 324# @sections: The EPC sections information (Since: 7.0) 325# 326# Since: 6.2 327## 328{ 'struct': 'SgxInfo', 329 'data': { 'sgx': 'bool', 330 'sgx1': 'bool', 331 'sgx2': 'bool', 332 'flc': 'bool', 333 'sections': ['SgxEpcSection']} } 334 335## 336# @query-sgx: 337# 338# Return information about configured SGX capabilities of guest 339# 340# Since: 6.2 341# 342# .. qmp-example:: 343# 344# -> { "execute": "query-sgx" } 345# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 346# "flc": true, 347# "sections": [{"node": 0, "size": 67108864}, 348# {"node": 1, "size": 29360128}]} } 349## 350{ 'command': 'query-sgx', 'returns': 'SgxInfo' } 351 352## 353# @query-sgx-capabilities: 354# 355# Return information about SGX capabilities of host 356# 357# Since: 6.2 358# 359# .. qmp-example:: 360# 361# -> { "execute": "query-sgx-capabilities" } 362# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 363# "flc": true, 364# "section" : [{"node": 0, "size": 67108864}, 365# {"node": 1, "size": 29360128}]} } 366## 367{ 'command': 'query-sgx-capabilities', 'returns': 'SgxInfo' } 368 369## 370# @EvtchnPortType: 371# 372# An enumeration of Xen event channel port types. 373# 374# @closed: The port is unused. 375# 376# @unbound: The port is allocated and ready to be bound. 377# 378# @interdomain: The port is connected as an interdomain interrupt. 379# 380# @pirq: The port is bound to a physical IRQ (PIRQ). 381# 382# @virq: The port is bound to a virtual IRQ (VIRQ). 383# 384# @ipi: The post is an inter-processor interrupt (IPI). 385# 386# Since: 8.0 387## 388{ 'enum': 'EvtchnPortType', 389 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'] } 390 391## 392# @EvtchnInfo: 393# 394# Information about a Xen event channel port 395# 396# @port: the port number 397# 398# @vcpu: target vCPU for this port 399# 400# @type: the port type 401# 402# @remote-domain: remote domain for interdomain ports 403# 404# @target: remote port ID, or virq/pirq number 405# 406# @pending: port is currently active pending delivery 407# 408# @masked: port is masked 409# 410# Since: 8.0 411## 412{ 'struct': 'EvtchnInfo', 413 'data': {'port': 'uint16', 414 'vcpu': 'uint32', 415 'type': 'EvtchnPortType', 416 'remote-domain': 'str', 417 'target': 'uint16', 418 'pending': 'bool', 419 'masked': 'bool'} } 420 421 422## 423# @xen-event-list: 424# 425# Query the Xen event channels opened by the guest. 426# 427# Returns: list of open event channel ports. 428# 429# Since: 8.0 430# 431# .. qmp-example:: 432# 433# -> { "execute": "xen-event-list" } 434# <- { "return": [ 435# { 436# "pending": false, 437# "port": 1, 438# "vcpu": 1, 439# "remote-domain": "qemu", 440# "masked": false, 441# "type": "interdomain", 442# "target": 1 443# }, 444# { 445# "pending": false, 446# "port": 2, 447# "vcpu": 0, 448# "remote-domain": "", 449# "masked": false, 450# "type": "virq", 451# "target": 0 452# } 453# ] 454# } 455## 456{ 'command': 'xen-event-list', 457 'returns': ['EvtchnInfo'] } 458 459## 460# @xen-event-inject: 461# 462# Inject a Xen event channel port (interrupt) to the guest. 463# 464# @port: The port number 465# 466# Since: 8.0 467# 468# .. qmp-example:: 469# 470# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 471# <- { "return": { } } 472## 473{ 'command': 'xen-event-inject', 474 'data': { 'port': 'uint32' } } 475