1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @RTC_CHANGE: 7# 8# Emitted when the guest changes the RTC time. 9# 10# @offset: offset between base RTC clock (as specified by -rtc base), and 11# new RTC clock value 12# 13# Note: This event is rate-limited. 14# 15# Since: 0.13 16# 17# Example: 18# 19# <- { "event": "RTC_CHANGE", 20# "data": { "offset": 78 }, 21# "timestamp": { "seconds": 1267020223, "microseconds": 435656 } } 22# 23## 24{ 'event': 'RTC_CHANGE', 25 'data': { 'offset': 'int' }, 26 'if': 'defined(TARGET_ALPHA) || defined(TARGET_ARM) || defined(TARGET_HPPA) || defined(TARGET_I386) || defined(TARGET_MIPS) || defined(TARGET_MIPS64) || defined(TARGET_PPC) || defined(TARGET_PPC64) || defined(TARGET_S390X) || defined(TARGET_SH4) || defined(TARGET_SPARC)' } 27 28## 29# @rtc-reset-reinjection: 30# 31# This command will reset the RTC interrupt reinjection backlog. 32# Can be used if another mechanism to synchronize guest time 33# is in effect, for example QEMU guest agent's guest-set-time 34# command. 35# 36# Since: 2.1 37# 38# Example: 39# 40# -> { "execute": "rtc-reset-reinjection" } 41# <- { "return": {} } 42# 43## 44{ 'command': 'rtc-reset-reinjection', 45 'if': 'defined(TARGET_I386)' } 46 47 48## 49# @SevState: 50# 51# An enumeration of SEV state information used during @query-sev. 52# 53# @uninit: The guest is uninitialized. 54# 55# @launch-update: The guest is currently being launched; plaintext data and 56# register state is being imported. 57# 58# @launch-secret: The guest is currently being launched; ciphertext data 59# is being imported. 60# 61# @running: The guest is fully launched or migrated in. 62# 63# @send-update: The guest is currently being migrated out to another machine. 64# 65# @receive-update: The guest is currently being migrated from another machine. 66# 67# Since: 2.12 68## 69{ 'enum': 'SevState', 70 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 71 'send-update', 'receive-update' ], 72 'if': 'defined(TARGET_I386)' } 73 74## 75# @SevInfo: 76# 77# Information about Secure Encrypted Virtualization (SEV) support 78# 79# @enabled: true if SEV is active 80# 81# @api-major: SEV API major version 82# 83# @api-minor: SEV API minor version 84# 85# @build-id: SEV FW build id 86# 87# @policy: SEV policy value 88# 89# @state: SEV guest state 90# 91# @handle: SEV firmware handle 92# 93# Since: 2.12 94## 95{ 'struct': 'SevInfo', 96 'data': { 'enabled': 'bool', 97 'api-major': 'uint8', 98 'api-minor' : 'uint8', 99 'build-id' : 'uint8', 100 'policy' : 'uint32', 101 'state' : 'SevState', 102 'handle' : 'uint32' 103 }, 104 'if': 'defined(TARGET_I386)' 105} 106 107## 108# @query-sev: 109# 110# Returns information about SEV 111# 112# Returns: @SevInfo 113# 114# Since: 2.12 115# 116# Example: 117# 118# -> { "execute": "query-sev" } 119# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 120# "build-id" : 0, "policy" : 0, "state" : "running", 121# "handle" : 1 } } 122# 123## 124{ 'command': 'query-sev', 'returns': 'SevInfo', 125 'if': 'defined(TARGET_I386)' } 126 127 128## 129# @SevLaunchMeasureInfo: 130# 131# SEV Guest Launch measurement information 132# 133# @data: the measurement value encoded in base64 134# 135# Since: 2.12 136# 137## 138{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 139 'if': 'defined(TARGET_I386)' } 140 141## 142# @query-sev-launch-measure: 143# 144# Query the SEV guest launch information. 145# 146# Returns: The @SevLaunchMeasureInfo for the guest 147# 148# Since: 2.12 149# 150# Example: 151# 152# -> { "execute": "query-sev-launch-measure" } 153# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 154# 155## 156{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 157 'if': 'defined(TARGET_I386)' } 158 159 160## 161# @SevCapability: 162# 163# The struct describes capability for a Secure Encrypted Virtualization 164# feature. 165# 166# @pdh: Platform Diffie-Hellman key (base64 encoded) 167# 168# @cert-chain: PDH certificate chain (base64 encoded) 169# 170# @cbitpos: C-bit location in page table entry 171# 172# @reduced-phys-bits: Number of physical Address bit reduction when SEV is 173# enabled 174# 175# Since: 2.12 176## 177{ 'struct': 'SevCapability', 178 'data': { 'pdh': 'str', 179 'cert-chain': 'str', 180 'cbitpos': 'int', 181 'reduced-phys-bits': 'int'}, 182 'if': 'defined(TARGET_I386)' } 183 184## 185# @query-sev-capabilities: 186# 187# This command is used to get the SEV capabilities, and is supported on AMD 188# X86 platforms only. 189# 190# Returns: SevCapability objects. 191# 192# Since: 2.12 193# 194# Example: 195# 196# -> { "execute": "query-sev-capabilities" } 197# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 198# "cbitpos": 47, "reduced-phys-bits": 5}} 199# 200## 201{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 202 'if': 'defined(TARGET_I386)' } 203 204## 205# @sev-inject-launch-secret: 206# 207# This command injects a secret blob into memory of SEV guest. 208# 209# @packet-header: the launch secret packet header encoded in base64 210# 211# @secret: the launch secret data to be injected encoded in base64 212# 213# @gpa: the guest physical address where secret will be injected. 214# 215# Since: 6.0 216# 217## 218{ 'command': 'sev-inject-launch-secret', 219 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 220 'if': 'defined(TARGET_I386)' } 221 222## 223# @dump-skeys: 224# 225# Dump guest's storage keys 226# 227# @filename: the path to the file to dump to 228# 229# This command is only supported on s390 architecture. 230# 231# Since: 2.5 232# 233# Example: 234# 235# -> { "execute": "dump-skeys", 236# "arguments": { "filename": "/tmp/skeys" } } 237# <- { "return": {} } 238# 239## 240{ 'command': 'dump-skeys', 241 'data': { 'filename': 'str' }, 242 'if': 'defined(TARGET_S390X)' } 243 244## 245# @GICCapability: 246# 247# The struct describes capability for a specific GIC (Generic 248# Interrupt Controller) version. These bits are not only decided by 249# QEMU/KVM software version, but also decided by the hardware that 250# the program is running upon. 251# 252# @version: version of GIC to be described. Currently, only 2 and 3 253# are supported. 254# 255# @emulated: whether current QEMU/hardware supports emulated GIC 256# device in user space. 257# 258# @kernel: whether current QEMU/hardware supports hardware 259# accelerated GIC device in kernel. 260# 261# Since: 2.6 262## 263{ 'struct': 'GICCapability', 264 'data': { 'version': 'int', 265 'emulated': 'bool', 266 'kernel': 'bool' }, 267 'if': 'defined(TARGET_ARM)' } 268 269## 270# @query-gic-capabilities: 271# 272# This command is ARM-only. It will return a list of GICCapability 273# objects that describe its capability bits. 274# 275# Returns: a list of GICCapability objects. 276# 277# Since: 2.6 278# 279# Example: 280# 281# -> { "execute": "query-gic-capabilities" } 282# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 283# { "version": 3, "emulated": false, "kernel": true } ] } 284# 285## 286{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 287 'if': 'defined(TARGET_ARM)' } 288 289 290## 291# @SevAttestationReport: 292# 293# The struct describes attestation report for a Secure Encrypted Virtualization 294# feature. 295# 296# @data: guest attestation report (base64 encoded) 297# 298# 299# Since: 6.1 300## 301{ 'struct': 'SevAttestationReport', 302 'data': { 'data': 'str'}, 303 'if': 'defined(TARGET_I386)' } 304 305## 306# @query-sev-attestation-report: 307# 308# This command is used to get the SEV attestation report, and is supported on AMD 309# X86 platforms only. 310# 311# @mnonce: a random 16 bytes value encoded in base64 (it will be included in report) 312# 313# Returns: SevAttestationReport objects. 314# 315# Since: 6.1 316# 317# Example: 318# 319# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce": "aaaaaaa" } } 320# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 321# 322## 323{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' }, 324 'returns': 'SevAttestationReport', 325 'if': 'defined(TARGET_I386)' } 326