1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @rtc-reset-reinjection: 7# 8# This command will reset the RTC interrupt reinjection backlog. 9# Can be used if another mechanism to synchronize guest time 10# is in effect, for example QEMU guest agent's guest-set-time 11# command. 12# 13# Since: 2.1 14# 15# Example: 16# 17# -> { "execute": "rtc-reset-reinjection" } 18# <- { "return": {} } 19# 20## 21{ 'command': 'rtc-reset-reinjection', 22 'if': 'TARGET_I386' } 23 24## 25# @SevState: 26# 27# An enumeration of SEV state information used during @query-sev. 28# 29# @uninit: The guest is uninitialized. 30# 31# @launch-update: The guest is currently being launched; plaintext data and 32# register state is being imported. 33# 34# @launch-secret: The guest is currently being launched; ciphertext data 35# is being imported. 36# 37# @running: The guest is fully launched or migrated in. 38# 39# @send-update: The guest is currently being migrated out to another machine. 40# 41# @receive-update: The guest is currently being migrated from another machine. 42# 43# Since: 2.12 44## 45{ 'enum': 'SevState', 46 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 47 'send-update', 'receive-update' ], 48 'if': 'TARGET_I386' } 49 50## 51# @SevInfo: 52# 53# Information about Secure Encrypted Virtualization (SEV) support 54# 55# @enabled: true if SEV is active 56# 57# @api-major: SEV API major version 58# 59# @api-minor: SEV API minor version 60# 61# @build-id: SEV FW build id 62# 63# @policy: SEV policy value 64# 65# @state: SEV guest state 66# 67# @handle: SEV firmware handle 68# 69# Since: 2.12 70## 71{ 'struct': 'SevInfo', 72 'data': { 'enabled': 'bool', 73 'api-major': 'uint8', 74 'api-minor' : 'uint8', 75 'build-id' : 'uint8', 76 'policy' : 'uint32', 77 'state' : 'SevState', 78 'handle' : 'uint32' 79 }, 80 'if': 'TARGET_I386' 81} 82 83## 84# @query-sev: 85# 86# Returns information about SEV 87# 88# Returns: @SevInfo 89# 90# Since: 2.12 91# 92# Example: 93# 94# -> { "execute": "query-sev" } 95# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 96# "build-id" : 0, "policy" : 0, "state" : "running", 97# "handle" : 1 } } 98# 99## 100{ 'command': 'query-sev', 'returns': 'SevInfo', 101 'if': 'TARGET_I386' } 102 103## 104# @SevLaunchMeasureInfo: 105# 106# SEV Guest Launch measurement information 107# 108# @data: the measurement value encoded in base64 109# 110# Since: 2.12 111## 112{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 113 'if': 'TARGET_I386' } 114 115## 116# @query-sev-launch-measure: 117# 118# Query the SEV guest launch information. 119# 120# Returns: The @SevLaunchMeasureInfo for the guest 121# 122# Since: 2.12 123# 124# Example: 125# 126# -> { "execute": "query-sev-launch-measure" } 127# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 128# 129## 130{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 131 'if': 'TARGET_I386' } 132 133## 134# @SevCapability: 135# 136# The struct describes capability for a Secure Encrypted Virtualization 137# feature. 138# 139# @pdh: Platform Diffie-Hellman key (base64 encoded) 140# 141# @cert-chain: PDH certificate chain (base64 encoded) 142# 143# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 144# 145# @cbitpos: C-bit location in page table entry 146# 147# @reduced-phys-bits: Number of physical Address bit reduction when SEV is 148# enabled 149# 150# Since: 2.12 151## 152{ 'struct': 'SevCapability', 153 'data': { 'pdh': 'str', 154 'cert-chain': 'str', 155 'cpu0-id': 'str', 156 'cbitpos': 'int', 157 'reduced-phys-bits': 'int'}, 158 'if': 'TARGET_I386' } 159 160## 161# @query-sev-capabilities: 162# 163# This command is used to get the SEV capabilities, and is supported on AMD 164# X86 platforms only. 165# 166# Returns: SevCapability objects. 167# 168# Since: 2.12 169# 170# Example: 171# 172# -> { "execute": "query-sev-capabilities" } 173# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 174# "cpu0-id": "2lvmGwo+...61iEinw==", 175# "cbitpos": 47, "reduced-phys-bits": 5}} 176# 177## 178{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 179 'if': 'TARGET_I386' } 180 181## 182# @sev-inject-launch-secret: 183# 184# This command injects a secret blob into memory of SEV guest. 185# 186# @packet-header: the launch secret packet header encoded in base64 187# 188# @secret: the launch secret data to be injected encoded in base64 189# 190# @gpa: the guest physical address where secret will be injected. 191# 192# Since: 6.0 193## 194{ 'command': 'sev-inject-launch-secret', 195 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 196 'if': 'TARGET_I386' } 197 198## 199# @SevAttestationReport: 200# 201# The struct describes attestation report for a Secure Encrypted 202# Virtualization feature. 203# 204# @data: guest attestation report (base64 encoded) 205# 206# Since: 6.1 207## 208{ 'struct': 'SevAttestationReport', 209 'data': { 'data': 'str'}, 210 'if': 'TARGET_I386' } 211 212## 213# @query-sev-attestation-report: 214# 215# This command is used to get the SEV attestation report, and is 216# supported on AMD X86 platforms only. 217# 218# @mnonce: a random 16 bytes value encoded in base64 (it will be 219# included in report) 220# 221# Returns: SevAttestationReport objects. 222# 223# Since: 6.1 224# 225# Example: 226# 227# -> { "execute" : "query-sev-attestation-report", 228# "arguments": { "mnonce": "aaaaaaa" } } 229# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 230# 231## 232{ 'command': 'query-sev-attestation-report', 233 'data': { 'mnonce': 'str' }, 234 'returns': 'SevAttestationReport', 235 'if': 'TARGET_I386' } 236 237## 238# @dump-skeys: 239# 240# Dump guest's storage keys 241# 242# @filename: the path to the file to dump to 243# 244# This command is only supported on s390 architecture. 245# 246# Since: 2.5 247# 248# Example: 249# 250# -> { "execute": "dump-skeys", 251# "arguments": { "filename": "/tmp/skeys" } } 252# <- { "return": {} } 253# 254## 255{ 'command': 'dump-skeys', 256 'data': { 'filename': 'str' }, 257 'if': 'TARGET_S390X' } 258 259## 260# @GICCapability: 261# 262# The struct describes capability for a specific GIC (Generic 263# Interrupt Controller) version. These bits are not only decided by 264# QEMU/KVM software version, but also decided by the hardware that 265# the program is running upon. 266# 267# @version: version of GIC to be described. Currently, only 2 and 3 268# are supported. 269# 270# @emulated: whether current QEMU/hardware supports emulated GIC 271# device in user space. 272# 273# @kernel: whether current QEMU/hardware supports hardware 274# accelerated GIC device in kernel. 275# 276# Since: 2.6 277## 278{ 'struct': 'GICCapability', 279 'data': { 'version': 'int', 280 'emulated': 'bool', 281 'kernel': 'bool' }, 282 'if': 'TARGET_ARM' } 283 284## 285# @query-gic-capabilities: 286# 287# This command is ARM-only. It will return a list of GICCapability 288# objects that describe its capability bits. 289# 290# Returns: a list of GICCapability objects. 291# 292# Since: 2.6 293# 294# Example: 295# 296# -> { "execute": "query-gic-capabilities" } 297# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 298# { "version": 3, "emulated": false, "kernel": true } ] } 299# 300## 301{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 302 'if': 'TARGET_ARM' } 303 304## 305# @SGXEPCSection: 306# 307# Information about intel SGX EPC section info 308# 309# @node: the numa node 310# 311# @size: the size of EPC section 312# 313# Since: 7.0 314## 315{ 'struct': 'SGXEPCSection', 316 'data': { 'node': 'int', 317 'size': 'uint64'}} 318 319## 320# @SGXInfo: 321# 322# Information about intel Safe Guard eXtension (SGX) support 323# 324# @sgx: true if SGX is supported 325# 326# @sgx1: true if SGX1 is supported 327# 328# @sgx2: true if SGX2 is supported 329# 330# @flc: true if FLC is supported 331# 332# @sections: The EPC sections info for guest (Since: 7.0) 333# 334# Since: 6.2 335## 336{ 'struct': 'SGXInfo', 337 'data': { 'sgx': 'bool', 338 'sgx1': 'bool', 339 'sgx2': 'bool', 340 'flc': 'bool', 341 'sections': ['SGXEPCSection']}, 342 'if': 'TARGET_I386' } 343 344## 345# @query-sgx: 346# 347# Returns information about SGX 348# 349# Returns: @SGXInfo 350# 351# Since: 6.2 352# 353# Example: 354# 355# -> { "execute": "query-sgx" } 356# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 357# "flc": true, 358# "sections": [{"node": 0, "size": 67108864}, 359# {"node": 1, "size": 29360128}]} } 360# 361## 362{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 363 364## 365# @query-sgx-capabilities: 366# 367# Returns information from host SGX capabilities 368# 369# Returns: @SGXInfo 370# 371# Since: 6.2 372# 373# Example: 374# 375# -> { "execute": "query-sgx-capabilities" } 376# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 377# "flc": true, 378# "section" : [{"node": 0, "size": 67108864}, 379# {"node": 1, "size": 29360128}]} } 380# 381## 382{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 383 384 385## 386# @EvtchnPortType: 387# 388# An enumeration of Xen event channel port types. 389# 390# @closed: The port is unused. 391# 392# @unbound: The port is allocated and ready to be bound. 393# 394# @interdomain: The port is connected as an interdomain interrupt. 395# 396# @pirq: The port is bound to a physical IRQ (PIRQ). 397# 398# @virq: The port is bound to a virtual IRQ (VIRQ). 399# 400# @ipi: The post is an inter-processor interrupt (IPI). 401# 402# Since: 8.0 403## 404{ 'enum': 'EvtchnPortType', 405 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'], 406 'if': 'TARGET_I386' } 407 408## 409# @EvtchnInfo: 410# 411# Information about a Xen event channel port 412# 413# @port: the port number 414# 415# @vcpu: target vCPU for this port 416# 417# @type: the port type 418# 419# @remote-domain: remote domain for interdomain ports 420# 421# @target: remote port ID, or virq/pirq number 422# 423# @pending: port is currently active pending delivery 424# 425# @masked: port is masked 426# 427# Since: 8.0 428## 429{ 'struct': 'EvtchnInfo', 430 'data': {'port': 'uint16', 431 'vcpu': 'uint32', 432 'type': 'EvtchnPortType', 433 'remote-domain': 'str', 434 'target': 'uint16', 435 'pending': 'bool', 436 'masked': 'bool'}, 437 'if': 'TARGET_I386' } 438 439 440## 441# @xen-event-list: 442# 443# Query the Xen event channels opened by the guest. 444# 445# Returns: list of open event channel ports. 446# 447# Since: 8.0 448# 449# Example: 450# 451# -> { "execute": "xen-event-list" } 452# <- { "return": [ 453# { 454# "pending": false, 455# "port": 1, 456# "vcpu": 1, 457# "remote-domain": "qemu", 458# "masked": false, 459# "type": "interdomain", 460# "target": 1 461# }, 462# { 463# "pending": false, 464# "port": 2, 465# "vcpu": 0, 466# "remote-domain": "", 467# "masked": false, 468# "type": "virq", 469# "target": 0 470# } 471# ] 472# } 473# 474## 475{ 'command': 'xen-event-list', 476 'returns': ['EvtchnInfo'], 477 'if': 'TARGET_I386' } 478 479## 480# @xen-event-inject: 481# 482# Inject a Xen event channel port (interrupt) to the guest. 483# 484# @port: The port number 485# 486# Returns: - Nothing on success. 487# 488# Since: 8.0 489# 490# Example: 491# 492# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 493# <- { "return": { } } 494# 495## 496{ 'command': 'xen-event-inject', 497 'data': { 'port': 'uint32' }, 498 'if': 'TARGET_I386' } 499