1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @RTC_CHANGE: 7# 8# Emitted when the guest changes the RTC time. 9# 10# @offset: offset between base RTC clock (as specified by -rtc base), and 11# new RTC clock value 12# 13# Note: This event is rate-limited. 14# 15# Since: 0.13 16# 17# Example: 18# 19# <- { "event": "RTC_CHANGE", 20# "data": { "offset": 78 }, 21# "timestamp": { "seconds": 1267020223, "microseconds": 435656 } } 22# 23## 24{ 'event': 'RTC_CHANGE', 25 'data': { 'offset': 'int' }, 26 'if': { 'any': [ 'TARGET_ALPHA', 27 'TARGET_ARM', 28 'TARGET_HPPA', 29 'TARGET_I386', 30 'TARGET_MIPS', 31 'TARGET_MIPS64', 32 'TARGET_PPC', 33 'TARGET_PPC64', 34 'TARGET_S390X', 35 'TARGET_SH4', 36 'TARGET_SPARC' ] } } 37 38## 39# @rtc-reset-reinjection: 40# 41# This command will reset the RTC interrupt reinjection backlog. 42# Can be used if another mechanism to synchronize guest time 43# is in effect, for example QEMU guest agent's guest-set-time 44# command. 45# 46# Since: 2.1 47# 48# Example: 49# 50# -> { "execute": "rtc-reset-reinjection" } 51# <- { "return": {} } 52# 53## 54{ 'command': 'rtc-reset-reinjection', 55 'if': 'TARGET_I386' } 56 57 58## 59# @SevState: 60# 61# An enumeration of SEV state information used during @query-sev. 62# 63# @uninit: The guest is uninitialized. 64# 65# @launch-update: The guest is currently being launched; plaintext data and 66# register state is being imported. 67# 68# @launch-secret: The guest is currently being launched; ciphertext data 69# is being imported. 70# 71# @running: The guest is fully launched or migrated in. 72# 73# @send-update: The guest is currently being migrated out to another machine. 74# 75# @receive-update: The guest is currently being migrated from another machine. 76# 77# Since: 2.12 78## 79{ 'enum': 'SevState', 80 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 81 'send-update', 'receive-update' ], 82 'if': 'TARGET_I386' } 83 84## 85# @SevInfo: 86# 87# Information about Secure Encrypted Virtualization (SEV) support 88# 89# @enabled: true if SEV is active 90# 91# @api-major: SEV API major version 92# 93# @api-minor: SEV API minor version 94# 95# @build-id: SEV FW build id 96# 97# @policy: SEV policy value 98# 99# @state: SEV guest state 100# 101# @handle: SEV firmware handle 102# 103# Since: 2.12 104## 105{ 'struct': 'SevInfo', 106 'data': { 'enabled': 'bool', 107 'api-major': 'uint8', 108 'api-minor' : 'uint8', 109 'build-id' : 'uint8', 110 'policy' : 'uint32', 111 'state' : 'SevState', 112 'handle' : 'uint32' 113 }, 114 'if': 'TARGET_I386' 115} 116 117## 118# @query-sev: 119# 120# Returns information about SEV 121# 122# Returns: @SevInfo 123# 124# Since: 2.12 125# 126# Example: 127# 128# -> { "execute": "query-sev" } 129# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 130# "build-id" : 0, "policy" : 0, "state" : "running", 131# "handle" : 1 } } 132# 133## 134{ 'command': 'query-sev', 'returns': 'SevInfo', 135 'if': 'TARGET_I386' } 136 137 138## 139# @SevLaunchMeasureInfo: 140# 141# SEV Guest Launch measurement information 142# 143# @data: the measurement value encoded in base64 144# 145# Since: 2.12 146# 147## 148{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 149 'if': 'TARGET_I386' } 150 151## 152# @query-sev-launch-measure: 153# 154# Query the SEV guest launch information. 155# 156# Returns: The @SevLaunchMeasureInfo for the guest 157# 158# Since: 2.12 159# 160# Example: 161# 162# -> { "execute": "query-sev-launch-measure" } 163# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 164# 165## 166{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 167 'if': 'TARGET_I386' } 168 169 170## 171# @SevCapability: 172# 173# The struct describes capability for a Secure Encrypted Virtualization 174# feature. 175# 176# @pdh: Platform Diffie-Hellman key (base64 encoded) 177# 178# @cert-chain: PDH certificate chain (base64 encoded) 179# 180# @cbitpos: C-bit location in page table entry 181# 182# @reduced-phys-bits: Number of physical Address bit reduction when SEV is 183# enabled 184# 185# Since: 2.12 186## 187{ 'struct': 'SevCapability', 188 'data': { 'pdh': 'str', 189 'cert-chain': 'str', 190 'cbitpos': 'int', 191 'reduced-phys-bits': 'int'}, 192 'if': 'TARGET_I386' } 193 194## 195# @query-sev-capabilities: 196# 197# This command is used to get the SEV capabilities, and is supported on AMD 198# X86 platforms only. 199# 200# Returns: SevCapability objects. 201# 202# Since: 2.12 203# 204# Example: 205# 206# -> { "execute": "query-sev-capabilities" } 207# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 208# "cbitpos": 47, "reduced-phys-bits": 5}} 209# 210## 211{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 212 'if': 'TARGET_I386' } 213 214## 215# @sev-inject-launch-secret: 216# 217# This command injects a secret blob into memory of SEV guest. 218# 219# @packet-header: the launch secret packet header encoded in base64 220# 221# @secret: the launch secret data to be injected encoded in base64 222# 223# @gpa: the guest physical address where secret will be injected. 224# 225# Since: 6.0 226# 227## 228{ 'command': 'sev-inject-launch-secret', 229 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 230 'if': 'TARGET_I386' } 231 232## 233# @SevAttestationReport: 234# 235# The struct describes attestation report for a Secure Encrypted 236# Virtualization feature. 237# 238# @data: guest attestation report (base64 encoded) 239# 240# 241# Since: 6.1 242## 243{ 'struct': 'SevAttestationReport', 244 'data': { 'data': 'str'}, 245 'if': 'TARGET_I386' } 246 247## 248# @query-sev-attestation-report: 249# 250# This command is used to get the SEV attestation report, and is 251# supported on AMD X86 platforms only. 252# 253# @mnonce: a random 16 bytes value encoded in base64 (it will be 254# included in report) 255# 256# Returns: SevAttestationReport objects. 257# 258# Since: 6.1 259# 260# Example: 261# 262# -> { "execute" : "query-sev-attestation-report", 263# "arguments": { "mnonce": "aaaaaaa" } } 264# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 265# 266## 267{ 'command': 'query-sev-attestation-report', 268 'data': { 'mnonce': 'str' }, 269 'returns': 'SevAttestationReport', 270 'if': 'TARGET_I386' } 271 272## 273# @dump-skeys: 274# 275# Dump guest's storage keys 276# 277# @filename: the path to the file to dump to 278# 279# This command is only supported on s390 architecture. 280# 281# Since: 2.5 282# 283# Example: 284# 285# -> { "execute": "dump-skeys", 286# "arguments": { "filename": "/tmp/skeys" } } 287# <- { "return": {} } 288# 289## 290{ 'command': 'dump-skeys', 291 'data': { 'filename': 'str' }, 292 'if': 'TARGET_S390X' } 293 294## 295# @GICCapability: 296# 297# The struct describes capability for a specific GIC (Generic 298# Interrupt Controller) version. These bits are not only decided by 299# QEMU/KVM software version, but also decided by the hardware that 300# the program is running upon. 301# 302# @version: version of GIC to be described. Currently, only 2 and 3 303# are supported. 304# 305# @emulated: whether current QEMU/hardware supports emulated GIC 306# device in user space. 307# 308# @kernel: whether current QEMU/hardware supports hardware 309# accelerated GIC device in kernel. 310# 311# Since: 2.6 312## 313{ 'struct': 'GICCapability', 314 'data': { 'version': 'int', 315 'emulated': 'bool', 316 'kernel': 'bool' }, 317 'if': 'TARGET_ARM' } 318 319## 320# @query-gic-capabilities: 321# 322# This command is ARM-only. It will return a list of GICCapability 323# objects that describe its capability bits. 324# 325# Returns: a list of GICCapability objects. 326# 327# Since: 2.6 328# 329# Example: 330# 331# -> { "execute": "query-gic-capabilities" } 332# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 333# { "version": 3, "emulated": false, "kernel": true } ] } 334# 335## 336{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 337 'if': 'TARGET_ARM' } 338 339 340## 341# @SGXEPCSection: 342# 343# Information about intel SGX EPC section info 344# 345# @node: the numa node 346# 347# @size: the size of EPC section 348# 349# Since: 7.0 350## 351{ 'struct': 'SGXEPCSection', 352 'data': { 'node': 'int', 353 'size': 'uint64'}} 354 355## 356# @SGXInfo: 357# 358# Information about intel Safe Guard eXtension (SGX) support 359# 360# @sgx: true if SGX is supported 361# 362# @sgx1: true if SGX1 is supported 363# 364# @sgx2: true if SGX2 is supported 365# 366# @flc: true if FLC is supported 367# 368# @section-size: The EPC section size for guest 369# Redundant with @sections. Just for backward compatibility. 370# 371# @sections: The EPC sections info for guest (Since: 7.0) 372# 373# Features: 374# @deprecated: Member @section-size is deprecated. Use @sections instead. 375# 376# Since: 6.2 377## 378{ 'struct': 'SGXInfo', 379 'data': { 'sgx': 'bool', 380 'sgx1': 'bool', 381 'sgx2': 'bool', 382 'flc': 'bool', 383 'section-size': { 'type': 'uint64', 384 'features': [ 'deprecated' ] }, 385 'sections': ['SGXEPCSection']}, 386 'if': 'TARGET_I386' } 387 388## 389# @query-sgx: 390# 391# Returns information about SGX 392# 393# Returns: @SGXInfo 394# 395# Since: 6.2 396# 397# Example: 398# 399# -> { "execute": "query-sgx" } 400# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 401# "flc": true, "section-size" : 96468992, 402# "sections": [{"node": 0, "size": 67108864}, 403# {"node": 1, "size": 29360128}]} } 404# 405## 406{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 407 408## 409# @query-sgx-capabilities: 410# 411# Returns information from host SGX capabilities 412# 413# Returns: @SGXInfo 414# 415# Since: 6.2 416# 417# Example: 418# 419# -> { "execute": "query-sgx-capabilities" } 420# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 421# "flc": true, "section-size" : 96468992, 422# "section" : [{"node": 0, "size": 67108864}, 423# {"node": 1, "size": 29360128}]} } 424# 425## 426{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 427