1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @RTC_CHANGE: 7# 8# Emitted when the guest changes the RTC time. 9# 10# @offset: offset between base RTC clock (as specified by -rtc base), and 11# new RTC clock value 12# 13# Note: This event is rate-limited. 14# 15# Since: 0.13 16# 17# Example: 18# 19# <- { "event": "RTC_CHANGE", 20# "data": { "offset": 78 }, 21# "timestamp": { "seconds": 1267020223, "microseconds": 435656 } } 22# 23## 24{ 'event': 'RTC_CHANGE', 25 'data': { 'offset': 'int' }, 26 'if': { 'any': [ 'TARGET_ALPHA', 27 'TARGET_ARM', 28 'TARGET_HPPA', 29 'TARGET_I386', 30 'TARGET_MIPS', 31 'TARGET_MIPS64', 32 'TARGET_PPC', 33 'TARGET_PPC64', 34 'TARGET_S390X', 35 'TARGET_SH4', 36 'TARGET_SPARC' ] } } 37 38## 39# @rtc-reset-reinjection: 40# 41# This command will reset the RTC interrupt reinjection backlog. 42# Can be used if another mechanism to synchronize guest time 43# is in effect, for example QEMU guest agent's guest-set-time 44# command. 45# 46# Since: 2.1 47# 48# Example: 49# 50# -> { "execute": "rtc-reset-reinjection" } 51# <- { "return": {} } 52# 53## 54{ 'command': 'rtc-reset-reinjection', 55 'if': 'TARGET_I386' } 56 57 58## 59# @SevState: 60# 61# An enumeration of SEV state information used during @query-sev. 62# 63# @uninit: The guest is uninitialized. 64# 65# @launch-update: The guest is currently being launched; plaintext data and 66# register state is being imported. 67# 68# @launch-secret: The guest is currently being launched; ciphertext data 69# is being imported. 70# 71# @running: The guest is fully launched or migrated in. 72# 73# @send-update: The guest is currently being migrated out to another machine. 74# 75# @receive-update: The guest is currently being migrated from another machine. 76# 77# Since: 2.12 78## 79{ 'enum': 'SevState', 80 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 81 'send-update', 'receive-update' ], 82 'if': 'TARGET_I386' } 83 84## 85# @SevInfo: 86# 87# Information about Secure Encrypted Virtualization (SEV) support 88# 89# @enabled: true if SEV is active 90# 91# @api-major: SEV API major version 92# 93# @api-minor: SEV API minor version 94# 95# @build-id: SEV FW build id 96# 97# @policy: SEV policy value 98# 99# @state: SEV guest state 100# 101# @handle: SEV firmware handle 102# 103# Since: 2.12 104## 105{ 'struct': 'SevInfo', 106 'data': { 'enabled': 'bool', 107 'api-major': 'uint8', 108 'api-minor' : 'uint8', 109 'build-id' : 'uint8', 110 'policy' : 'uint32', 111 'state' : 'SevState', 112 'handle' : 'uint32' 113 }, 114 'if': 'TARGET_I386' 115} 116 117## 118# @query-sev: 119# 120# Returns information about SEV 121# 122# Returns: @SevInfo 123# 124# Since: 2.12 125# 126# Example: 127# 128# -> { "execute": "query-sev" } 129# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 130# "build-id" : 0, "policy" : 0, "state" : "running", 131# "handle" : 1 } } 132# 133## 134{ 'command': 'query-sev', 'returns': 'SevInfo', 135 'if': 'TARGET_I386' } 136 137 138## 139# @SevLaunchMeasureInfo: 140# 141# SEV Guest Launch measurement information 142# 143# @data: the measurement value encoded in base64 144# 145# Since: 2.12 146# 147## 148{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 149 'if': 'TARGET_I386' } 150 151## 152# @query-sev-launch-measure: 153# 154# Query the SEV guest launch information. 155# 156# Returns: The @SevLaunchMeasureInfo for the guest 157# 158# Since: 2.12 159# 160# Example: 161# 162# -> { "execute": "query-sev-launch-measure" } 163# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 164# 165## 166{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 167 'if': 'TARGET_I386' } 168 169 170## 171# @SevCapability: 172# 173# The struct describes capability for a Secure Encrypted Virtualization 174# feature. 175# 176# @pdh: Platform Diffie-Hellman key (base64 encoded) 177# 178# @cert-chain: PDH certificate chain (base64 encoded) 179# 180# @cbitpos: C-bit location in page table entry 181# 182# @reduced-phys-bits: Number of physical Address bit reduction when SEV is 183# enabled 184# 185# Since: 2.12 186## 187{ 'struct': 'SevCapability', 188 'data': { 'pdh': 'str', 189 'cert-chain': 'str', 190 'cbitpos': 'int', 191 'reduced-phys-bits': 'int'}, 192 'if': 'TARGET_I386' } 193 194## 195# @query-sev-capabilities: 196# 197# This command is used to get the SEV capabilities, and is supported on AMD 198# X86 platforms only. 199# 200# Returns: SevCapability objects. 201# 202# Since: 2.12 203# 204# Example: 205# 206# -> { "execute": "query-sev-capabilities" } 207# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 208# "cbitpos": 47, "reduced-phys-bits": 5}} 209# 210## 211{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 212 'if': 'TARGET_I386' } 213 214## 215# @sev-inject-launch-secret: 216# 217# This command injects a secret blob into memory of SEV guest. 218# 219# @packet-header: the launch secret packet header encoded in base64 220# 221# @secret: the launch secret data to be injected encoded in base64 222# 223# @gpa: the guest physical address where secret will be injected. 224# 225# Since: 6.0 226# 227## 228{ 'command': 'sev-inject-launch-secret', 229 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 230 'if': 'TARGET_I386' } 231 232## 233# @dump-skeys: 234# 235# Dump guest's storage keys 236# 237# @filename: the path to the file to dump to 238# 239# This command is only supported on s390 architecture. 240# 241# Since: 2.5 242# 243# Example: 244# 245# -> { "execute": "dump-skeys", 246# "arguments": { "filename": "/tmp/skeys" } } 247# <- { "return": {} } 248# 249## 250{ 'command': 'dump-skeys', 251 'data': { 'filename': 'str' }, 252 'if': 'TARGET_S390X' } 253 254## 255# @GICCapability: 256# 257# The struct describes capability for a specific GIC (Generic 258# Interrupt Controller) version. These bits are not only decided by 259# QEMU/KVM software version, but also decided by the hardware that 260# the program is running upon. 261# 262# @version: version of GIC to be described. Currently, only 2 and 3 263# are supported. 264# 265# @emulated: whether current QEMU/hardware supports emulated GIC 266# device in user space. 267# 268# @kernel: whether current QEMU/hardware supports hardware 269# accelerated GIC device in kernel. 270# 271# Since: 2.6 272## 273{ 'struct': 'GICCapability', 274 'data': { 'version': 'int', 275 'emulated': 'bool', 276 'kernel': 'bool' }, 277 'if': 'TARGET_ARM' } 278 279## 280# @query-gic-capabilities: 281# 282# This command is ARM-only. It will return a list of GICCapability 283# objects that describe its capability bits. 284# 285# Returns: a list of GICCapability objects. 286# 287# Since: 2.6 288# 289# Example: 290# 291# -> { "execute": "query-gic-capabilities" } 292# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 293# { "version": 3, "emulated": false, "kernel": true } ] } 294# 295## 296{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 297 'if': 'TARGET_ARM' } 298 299 300## 301# @SevAttestationReport: 302# 303# The struct describes attestation report for a Secure Encrypted Virtualization 304# feature. 305# 306# @data: guest attestation report (base64 encoded) 307# 308# 309# Since: 6.1 310## 311{ 'struct': 'SevAttestationReport', 312 'data': { 'data': 'str'}, 313 'if': 'TARGET_I386' } 314 315## 316# @query-sev-attestation-report: 317# 318# This command is used to get the SEV attestation report, and is supported on AMD 319# X86 platforms only. 320# 321# @mnonce: a random 16 bytes value encoded in base64 (it will be included in report) 322# 323# Returns: SevAttestationReport objects. 324# 325# Since: 6.1 326# 327# Example: 328# 329# -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce": "aaaaaaa" } } 330# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 331# 332## 333{ 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' }, 334 'returns': 'SevAttestationReport', 335 'if': 'TARGET_I386' } 336