xref: /openbmc/qemu/qapi/misc-target.json (revision 49e56287)
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# @rtc-reset-reinjection:
7#
8# This command will reset the RTC interrupt reinjection backlog.
9# Can be used if another mechanism to synchronize guest time
10# is in effect, for example QEMU guest agent's guest-set-time
11# command.
12#
13# Since: 2.1
14#
15# Example:
16#
17# -> { "execute": "rtc-reset-reinjection" }
18# <- { "return": {} }
19#
20##
21{ 'command': 'rtc-reset-reinjection',
22  'if': 'TARGET_I386' }
23
24##
25# @SevState:
26#
27# An enumeration of SEV state information used during @query-sev.
28#
29# @uninit: The guest is uninitialized.
30#
31# @launch-update: The guest is currently being launched; plaintext data and
32#                 register state is being imported.
33#
34# @launch-secret: The guest is currently being launched; ciphertext data
35#                 is being imported.
36#
37# @running: The guest is fully launched or migrated in.
38#
39# @send-update: The guest is currently being migrated out to another machine.
40#
41# @receive-update: The guest is currently being migrated from another machine.
42#
43# Since: 2.12
44##
45{ 'enum': 'SevState',
46  'data': ['uninit', 'launch-update', 'launch-secret', 'running',
47           'send-update', 'receive-update' ],
48  'if': 'TARGET_I386' }
49
50##
51# @SevInfo:
52#
53# Information about Secure Encrypted Virtualization (SEV) support
54#
55# @enabled: true if SEV is active
56#
57# @api-major: SEV API major version
58#
59# @api-minor: SEV API minor version
60#
61# @build-id: SEV FW build id
62#
63# @policy: SEV policy value
64#
65# @state: SEV guest state
66#
67# @handle: SEV firmware handle
68#
69# Since: 2.12
70##
71{ 'struct': 'SevInfo',
72    'data': { 'enabled': 'bool',
73              'api-major': 'uint8',
74              'api-minor' : 'uint8',
75              'build-id' : 'uint8',
76              'policy' : 'uint32',
77              'state' : 'SevState',
78              'handle' : 'uint32'
79            },
80  'if': 'TARGET_I386'
81}
82
83##
84# @query-sev:
85#
86# Returns information about SEV
87#
88# Returns: @SevInfo
89#
90# Since: 2.12
91#
92# Example:
93#
94# -> { "execute": "query-sev" }
95# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
96#                  "build-id" : 0, "policy" : 0, "state" : "running",
97#                  "handle" : 1 } }
98#
99##
100{ 'command': 'query-sev', 'returns': 'SevInfo',
101  'if': 'TARGET_I386' }
102
103##
104# @SevLaunchMeasureInfo:
105#
106# SEV Guest Launch measurement information
107#
108# @data: the measurement value encoded in base64
109#
110# Since: 2.12
111##
112{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
113  'if': 'TARGET_I386' }
114
115##
116# @query-sev-launch-measure:
117#
118# Query the SEV guest launch information.
119#
120# Returns: The @SevLaunchMeasureInfo for the guest
121#
122# Since: 2.12
123#
124# Example:
125#
126# -> { "execute": "query-sev-launch-measure" }
127# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
128#
129##
130{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
131  'if': 'TARGET_I386' }
132
133##
134# @SevCapability:
135#
136# The struct describes capability for a Secure Encrypted Virtualization
137# feature.
138#
139# @pdh: Platform Diffie-Hellman key (base64 encoded)
140#
141# @cert-chain: PDH certificate chain (base64 encoded)
142#
143# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1)
144#
145# @cbitpos: C-bit location in page table entry
146#
147# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
148#                     enabled
149#
150# Since: 2.12
151##
152{ 'struct': 'SevCapability',
153  'data': { 'pdh': 'str',
154            'cert-chain': 'str',
155            'cpu0-id': 'str',
156            'cbitpos': 'int',
157            'reduced-phys-bits': 'int'},
158  'if': 'TARGET_I386' }
159
160##
161# @query-sev-capabilities:
162#
163# This command is used to get the SEV capabilities, and is supported on AMD
164# X86 platforms only.
165#
166# Returns: SevCapability objects.
167#
168# Since: 2.12
169#
170# Example:
171#
172# -> { "execute": "query-sev-capabilities" }
173# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
174#                  "cpu0-id": "2lvmGwo+...61iEinw==",
175#                  "cbitpos": 47, "reduced-phys-bits": 5}}
176#
177##
178{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
179  'if': 'TARGET_I386' }
180
181##
182# @sev-inject-launch-secret:
183#
184# This command injects a secret blob into memory of SEV guest.
185#
186# @packet-header: the launch secret packet header encoded in base64
187#
188# @secret: the launch secret data to be injected encoded in base64
189#
190# @gpa: the guest physical address where secret will be injected.
191#
192# Since: 6.0
193##
194{ 'command': 'sev-inject-launch-secret',
195  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
196  'if': 'TARGET_I386' }
197
198##
199# @SevAttestationReport:
200#
201# The struct describes attestation report for a Secure Encrypted
202# Virtualization feature.
203#
204# @data: guest attestation report (base64 encoded)
205#
206# Since: 6.1
207##
208{ 'struct': 'SevAttestationReport',
209  'data': { 'data': 'str'},
210  'if': 'TARGET_I386' }
211
212##
213# @query-sev-attestation-report:
214#
215# This command is used to get the SEV attestation report, and is
216# supported on AMD X86 platforms only.
217#
218# @mnonce: a random 16 bytes value encoded in base64 (it will be
219#          included in report)
220#
221# Returns: SevAttestationReport objects.
222#
223# Since: 6.1
224#
225# Example:
226#
227# -> { "execute" : "query-sev-attestation-report",
228#                  "arguments": { "mnonce": "aaaaaaa" } }
229# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
230#
231##
232{ 'command': 'query-sev-attestation-report',
233  'data': { 'mnonce': 'str' },
234  'returns': 'SevAttestationReport',
235  'if': 'TARGET_I386' }
236
237##
238# @dump-skeys:
239#
240# Dump guest's storage keys
241#
242# @filename: the path to the file to dump to
243#
244# This command is only supported on s390 architecture.
245#
246# Since: 2.5
247#
248# Example:
249#
250# -> { "execute": "dump-skeys",
251#      "arguments": { "filename": "/tmp/skeys" } }
252# <- { "return": {} }
253#
254##
255{ 'command': 'dump-skeys',
256  'data': { 'filename': 'str' },
257  'if': 'TARGET_S390X' }
258
259##
260# @GICCapability:
261#
262# The struct describes capability for a specific GIC (Generic
263# Interrupt Controller) version. These bits are not only decided by
264# QEMU/KVM software version, but also decided by the hardware that
265# the program is running upon.
266#
267# @version: version of GIC to be described. Currently, only 2 and 3
268#           are supported.
269#
270# @emulated: whether current QEMU/hardware supports emulated GIC
271#            device in user space.
272#
273# @kernel: whether current QEMU/hardware supports hardware
274#          accelerated GIC device in kernel.
275#
276# Since: 2.6
277##
278{ 'struct': 'GICCapability',
279  'data': { 'version': 'int',
280            'emulated': 'bool',
281            'kernel': 'bool' },
282  'if': 'TARGET_ARM' }
283
284##
285# @query-gic-capabilities:
286#
287# This command is ARM-only. It will return a list of GICCapability
288# objects that describe its capability bits.
289#
290# Returns: a list of GICCapability objects.
291#
292# Since: 2.6
293#
294# Example:
295#
296# -> { "execute": "query-gic-capabilities" }
297# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
298#                 { "version": 3, "emulated": false, "kernel": true } ] }
299#
300##
301{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
302  'if': 'TARGET_ARM' }
303
304##
305# @SGXEPCSection:
306#
307# Information about intel SGX EPC section info
308#
309# @node: the numa node
310#
311# @size: the size of EPC section
312#
313# Since: 7.0
314##
315{ 'struct': 'SGXEPCSection',
316  'data': { 'node': 'int',
317            'size': 'uint64'}}
318
319##
320# @SGXInfo:
321#
322# Information about intel Safe Guard eXtension (SGX) support
323#
324# @sgx: true if SGX is supported
325#
326# @sgx1: true if SGX1 is supported
327#
328# @sgx2: true if SGX2 is supported
329#
330# @flc: true if FLC is supported
331#
332# @sections: The EPC sections info for guest (Since: 7.0)
333#
334# Since: 6.2
335##
336{ 'struct': 'SGXInfo',
337  'data': { 'sgx': 'bool',
338            'sgx1': 'bool',
339            'sgx2': 'bool',
340            'flc': 'bool',
341            'sections': ['SGXEPCSection']},
342   'if': 'TARGET_I386' }
343
344##
345# @query-sgx:
346#
347# Returns information about SGX
348#
349# Returns: @SGXInfo
350#
351# Since: 6.2
352#
353# Example:
354#
355# -> { "execute": "query-sgx" }
356# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
357#                  "flc": true,
358#                  "sections": [{"node": 0, "size": 67108864},
359#                  {"node": 1, "size": 29360128}]} }
360#
361##
362{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
363
364##
365# @query-sgx-capabilities:
366#
367# Returns information from host SGX capabilities
368#
369# Returns: @SGXInfo
370#
371# Since: 6.2
372#
373# Example:
374#
375# -> { "execute": "query-sgx-capabilities" }
376# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
377#                  "flc": true,
378#                  "section" : [{"node": 0, "size": 67108864},
379#                  {"node": 1, "size": 29360128}]} }
380#
381##
382{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
383