1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @rtc-reset-reinjection: 7# 8# This command will reset the RTC interrupt reinjection backlog. Can 9# be used if another mechanism to synchronize guest time is in effect, 10# for example QEMU guest agent's guest-set-time command. 11# 12# Since: 2.1 13# 14# Example: 15# 16# -> { "execute": "rtc-reset-reinjection" } 17# <- { "return": {} } 18## 19{ 'command': 'rtc-reset-reinjection', 20 'if': 'TARGET_I386' } 21 22## 23# @SevState: 24# 25# An enumeration of SEV state information used during @query-sev. 26# 27# @uninit: The guest is uninitialized. 28# 29# @launch-update: The guest is currently being launched; plaintext 30# data and register state is being imported. 31# 32# @launch-secret: The guest is currently being launched; ciphertext 33# data is being imported. 34# 35# @running: The guest is fully launched or migrated in. 36# 37# @send-update: The guest is currently being migrated out to another 38# machine. 39# 40# @receive-update: The guest is currently being migrated from another 41# machine. 42# 43# Since: 2.12 44## 45{ 'enum': 'SevState', 46 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 47 'send-update', 'receive-update' ], 48 'if': 'TARGET_I386' } 49 50## 51# @SevInfo: 52# 53# Information about Secure Encrypted Virtualization (SEV) support 54# 55# @enabled: true if SEV is active 56# 57# @api-major: SEV API major version 58# 59# @api-minor: SEV API minor version 60# 61# @build-id: SEV FW build id 62# 63# @policy: SEV policy value 64# 65# @state: SEV guest state 66# 67# @handle: SEV firmware handle 68# 69# Since: 2.12 70## 71{ 'struct': 'SevInfo', 72 'data': { 'enabled': 'bool', 73 'api-major': 'uint8', 74 'api-minor' : 'uint8', 75 'build-id' : 'uint8', 76 'policy' : 'uint32', 77 'state' : 'SevState', 78 'handle' : 'uint32' 79 }, 80 'if': 'TARGET_I386' 81} 82 83## 84# @query-sev: 85# 86# Returns information about SEV 87# 88# Returns: @SevInfo 89# 90# Since: 2.12 91# 92# Example: 93# 94# -> { "execute": "query-sev" } 95# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 96# "build-id" : 0, "policy" : 0, "state" : "running", 97# "handle" : 1 } } 98## 99{ 'command': 'query-sev', 'returns': 'SevInfo', 100 'if': 'TARGET_I386' } 101 102## 103# @SevLaunchMeasureInfo: 104# 105# SEV Guest Launch measurement information 106# 107# @data: the measurement value encoded in base64 108# 109# Since: 2.12 110## 111{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 112 'if': 'TARGET_I386' } 113 114## 115# @query-sev-launch-measure: 116# 117# Query the SEV guest launch information. 118# 119# Returns: The @SevLaunchMeasureInfo for the guest 120# 121# Since: 2.12 122# 123# Example: 124# 125# -> { "execute": "query-sev-launch-measure" } 126# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 127## 128{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 129 'if': 'TARGET_I386' } 130 131## 132# @SevCapability: 133# 134# The struct describes capability for a Secure Encrypted 135# Virtualization feature. 136# 137# @pdh: Platform Diffie-Hellman key (base64 encoded) 138# 139# @cert-chain: PDH certificate chain (base64 encoded) 140# 141# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 142# 143# @cbitpos: C-bit location in page table entry 144# 145# @reduced-phys-bits: Number of physical Address bit reduction when 146# SEV is enabled 147# 148# Since: 2.12 149## 150{ 'struct': 'SevCapability', 151 'data': { 'pdh': 'str', 152 'cert-chain': 'str', 153 'cpu0-id': 'str', 154 'cbitpos': 'int', 155 'reduced-phys-bits': 'int'}, 156 'if': 'TARGET_I386' } 157 158## 159# @query-sev-capabilities: 160# 161# This command is used to get the SEV capabilities, and is supported 162# on AMD X86 platforms only. 163# 164# Returns: SevCapability objects. 165# 166# Since: 2.12 167# 168# Example: 169# 170# -> { "execute": "query-sev-capabilities" } 171# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 172# "cpu0-id": "2lvmGwo+...61iEinw==", 173# "cbitpos": 47, "reduced-phys-bits": 1}} 174## 175{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 176 'if': 'TARGET_I386' } 177 178## 179# @sev-inject-launch-secret: 180# 181# This command injects a secret blob into memory of SEV guest. 182# 183# @packet-header: the launch secret packet header encoded in base64 184# 185# @secret: the launch secret data to be injected encoded in base64 186# 187# @gpa: the guest physical address where secret will be injected. 188# 189# Since: 6.0 190## 191{ 'command': 'sev-inject-launch-secret', 192 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 193 'if': 'TARGET_I386' } 194 195## 196# @SevAttestationReport: 197# 198# The struct describes attestation report for a Secure Encrypted 199# Virtualization feature. 200# 201# @data: guest attestation report (base64 encoded) 202# 203# Since: 6.1 204## 205{ 'struct': 'SevAttestationReport', 206 'data': { 'data': 'str'}, 207 'if': 'TARGET_I386' } 208 209## 210# @query-sev-attestation-report: 211# 212# This command is used to get the SEV attestation report, and is 213# supported on AMD X86 platforms only. 214# 215# @mnonce: a random 16 bytes value encoded in base64 (it will be 216# included in report) 217# 218# Returns: SevAttestationReport objects. 219# 220# Since: 6.1 221# 222# Example: 223# 224# -> { "execute" : "query-sev-attestation-report", 225# "arguments": { "mnonce": "aaaaaaa" } } 226# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 227## 228{ 'command': 'query-sev-attestation-report', 229 'data': { 'mnonce': 'str' }, 230 'returns': 'SevAttestationReport', 231 'if': 'TARGET_I386' } 232 233## 234# @dump-skeys: 235# 236# Dump guest's storage keys 237# 238# @filename: the path to the file to dump to 239# 240# This command is only supported on s390 architecture. 241# 242# Since: 2.5 243# 244# Example: 245# 246# -> { "execute": "dump-skeys", 247# "arguments": { "filename": "/tmp/skeys" } } 248# <- { "return": {} } 249## 250{ 'command': 'dump-skeys', 251 'data': { 'filename': 'str' }, 252 'if': 'TARGET_S390X' } 253 254## 255# @GICCapability: 256# 257# The struct describes capability for a specific GIC (Generic 258# Interrupt Controller) version. These bits are not only decided by 259# QEMU/KVM software version, but also decided by the hardware that the 260# program is running upon. 261# 262# @version: version of GIC to be described. Currently, only 2 and 3 263# are supported. 264# 265# @emulated: whether current QEMU/hardware supports emulated GIC 266# device in user space. 267# 268# @kernel: whether current QEMU/hardware supports hardware accelerated 269# GIC device in kernel. 270# 271# Since: 2.6 272## 273{ 'struct': 'GICCapability', 274 'data': { 'version': 'int', 275 'emulated': 'bool', 276 'kernel': 'bool' }, 277 'if': 'TARGET_ARM' } 278 279## 280# @query-gic-capabilities: 281# 282# This command is ARM-only. It will return a list of GICCapability 283# objects that describe its capability bits. 284# 285# Returns: a list of GICCapability objects. 286# 287# Since: 2.6 288# 289# Example: 290# 291# -> { "execute": "query-gic-capabilities" } 292# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 293# { "version": 3, "emulated": false, "kernel": true } ] } 294## 295{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 296 'if': 'TARGET_ARM' } 297 298## 299# @SGXEPCSection: 300# 301# Information about intel SGX EPC section info 302# 303# @node: the numa node 304# 305# @size: the size of EPC section 306# 307# Since: 7.0 308## 309{ 'struct': 'SGXEPCSection', 310 'data': { 'node': 'int', 311 'size': 'uint64'}} 312 313## 314# @SGXInfo: 315# 316# Information about intel Safe Guard eXtension (SGX) support 317# 318# @sgx: true if SGX is supported 319# 320# @sgx1: true if SGX1 is supported 321# 322# @sgx2: true if SGX2 is supported 323# 324# @flc: true if FLC is supported 325# 326# @sections: The EPC sections info for guest (Since: 7.0) 327# 328# Since: 6.2 329## 330{ 'struct': 'SGXInfo', 331 'data': { 'sgx': 'bool', 332 'sgx1': 'bool', 333 'sgx2': 'bool', 334 'flc': 'bool', 335 'sections': ['SGXEPCSection']}, 336 'if': 'TARGET_I386' } 337 338## 339# @query-sgx: 340# 341# Returns information about SGX 342# 343# Returns: @SGXInfo 344# 345# Since: 6.2 346# 347# Example: 348# 349# -> { "execute": "query-sgx" } 350# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 351# "flc": true, 352# "sections": [{"node": 0, "size": 67108864}, 353# {"node": 1, "size": 29360128}]} } 354## 355{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 356 357## 358# @query-sgx-capabilities: 359# 360# Returns information from host SGX capabilities 361# 362# Returns: @SGXInfo 363# 364# Since: 6.2 365# 366# Example: 367# 368# -> { "execute": "query-sgx-capabilities" } 369# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 370# "flc": true, 371# "section" : [{"node": 0, "size": 67108864}, 372# {"node": 1, "size": 29360128}]} } 373## 374{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 375 376 377## 378# @EvtchnPortType: 379# 380# An enumeration of Xen event channel port types. 381# 382# @closed: The port is unused. 383# 384# @unbound: The port is allocated and ready to be bound. 385# 386# @interdomain: The port is connected as an interdomain interrupt. 387# 388# @pirq: The port is bound to a physical IRQ (PIRQ). 389# 390# @virq: The port is bound to a virtual IRQ (VIRQ). 391# 392# @ipi: The post is an inter-processor interrupt (IPI). 393# 394# Since: 8.0 395## 396{ 'enum': 'EvtchnPortType', 397 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'], 398 'if': 'TARGET_I386' } 399 400## 401# @EvtchnInfo: 402# 403# Information about a Xen event channel port 404# 405# @port: the port number 406# 407# @vcpu: target vCPU for this port 408# 409# @type: the port type 410# 411# @remote-domain: remote domain for interdomain ports 412# 413# @target: remote port ID, or virq/pirq number 414# 415# @pending: port is currently active pending delivery 416# 417# @masked: port is masked 418# 419# Since: 8.0 420## 421{ 'struct': 'EvtchnInfo', 422 'data': {'port': 'uint16', 423 'vcpu': 'uint32', 424 'type': 'EvtchnPortType', 425 'remote-domain': 'str', 426 'target': 'uint16', 427 'pending': 'bool', 428 'masked': 'bool'}, 429 'if': 'TARGET_I386' } 430 431 432## 433# @xen-event-list: 434# 435# Query the Xen event channels opened by the guest. 436# 437# Returns: list of open event channel ports. 438# 439# Since: 8.0 440# 441# Example: 442# 443# -> { "execute": "xen-event-list" } 444# <- { "return": [ 445# { 446# "pending": false, 447# "port": 1, 448# "vcpu": 1, 449# "remote-domain": "qemu", 450# "masked": false, 451# "type": "interdomain", 452# "target": 1 453# }, 454# { 455# "pending": false, 456# "port": 2, 457# "vcpu": 0, 458# "remote-domain": "", 459# "masked": false, 460# "type": "virq", 461# "target": 0 462# } 463# ] 464# } 465## 466{ 'command': 'xen-event-list', 467 'returns': ['EvtchnInfo'], 468 'if': 'TARGET_I386' } 469 470## 471# @xen-event-inject: 472# 473# Inject a Xen event channel port (interrupt) to the guest. 474# 475# @port: The port number 476# 477# Returns: 478# - Nothing on success. 479# 480# Since: 8.0 481# 482# Example: 483# 484# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 485# <- { "return": { } } 486## 487{ 'command': 'xen-event-inject', 488 'data': { 'port': 'uint32' }, 489 'if': 'TARGET_I386' } 490