1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @rtc-reset-reinjection: 7# 8# This command will reset the RTC interrupt reinjection backlog. Can 9# be used if another mechanism to synchronize guest time is in effect, 10# for example QEMU guest agent's guest-set-time command. 11# 12# Since: 2.1 13# 14# Example: 15# 16# -> { "execute": "rtc-reset-reinjection" } 17# <- { "return": {} } 18## 19{ 'command': 'rtc-reset-reinjection', 20 'if': 'TARGET_I386' } 21 22## 23# @SevState: 24# 25# An enumeration of SEV state information used during @query-sev. 26# 27# @uninit: The guest is uninitialized. 28# 29# @launch-update: The guest is currently being launched; plaintext 30# data and register state is being imported. 31# 32# @launch-secret: The guest is currently being launched; ciphertext 33# data is being imported. 34# 35# @running: The guest is fully launched or migrated in. 36# 37# @send-update: The guest is currently being migrated out to another 38# machine. 39# 40# @receive-update: The guest is currently being migrated from another 41# machine. 42# 43# Since: 2.12 44## 45{ 'enum': 'SevState', 46 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 47 'send-update', 'receive-update' ], 48 'if': 'TARGET_I386' } 49 50## 51# @SevInfo: 52# 53# Information about Secure Encrypted Virtualization (SEV) support 54# 55# @enabled: true if SEV is active 56# 57# @api-major: SEV API major version 58# 59# @api-minor: SEV API minor version 60# 61# @build-id: SEV FW build id 62# 63# @policy: SEV policy value 64# 65# @state: SEV guest state 66# 67# @handle: SEV firmware handle 68# 69# Since: 2.12 70## 71{ 'struct': 'SevInfo', 72 'data': { 'enabled': 'bool', 73 'api-major': 'uint8', 74 'api-minor' : 'uint8', 75 'build-id' : 'uint8', 76 'policy' : 'uint32', 77 'state' : 'SevState', 78 'handle' : 'uint32' 79 }, 80 'if': 'TARGET_I386' 81} 82 83## 84# @query-sev: 85# 86# Returns information about SEV 87# 88# Returns: @SevInfo 89# 90# Since: 2.12 91# 92# Example: 93# 94# -> { "execute": "query-sev" } 95# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 96# "build-id" : 0, "policy" : 0, "state" : "running", 97# "handle" : 1 } } 98## 99{ 'command': 'query-sev', 'returns': 'SevInfo', 100 'if': 'TARGET_I386' } 101 102## 103# @SevLaunchMeasureInfo: 104# 105# SEV Guest Launch measurement information 106# 107# @data: the measurement value encoded in base64 108# 109# Since: 2.12 110## 111{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 112 'if': 'TARGET_I386' } 113 114## 115# @query-sev-launch-measure: 116# 117# Query the SEV guest launch information. 118# 119# Returns: The @SevLaunchMeasureInfo for the guest 120# 121# Since: 2.12 122# 123# Example: 124# 125# -> { "execute": "query-sev-launch-measure" } 126# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 127## 128{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 129 'if': 'TARGET_I386' } 130 131## 132# @SevCapability: 133# 134# The struct describes capability for a Secure Encrypted 135# Virtualization feature. 136# 137# @pdh: Platform Diffie-Hellman key (base64 encoded) 138# 139# @cert-chain: PDH certificate chain (base64 encoded) 140# 141# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 142# 143# @cbitpos: C-bit location in page table entry 144# 145# @reduced-phys-bits: Number of physical Address bit reduction when 146# SEV is enabled 147# 148# Since: 2.12 149## 150{ 'struct': 'SevCapability', 151 'data': { 'pdh': 'str', 152 'cert-chain': 'str', 153 'cpu0-id': 'str', 154 'cbitpos': 'int', 155 'reduced-phys-bits': 'int'}, 156 'if': 'TARGET_I386' } 157 158## 159# @query-sev-capabilities: 160# 161# This command is used to get the SEV capabilities, and is supported 162# on AMD X86 platforms only. 163# 164# Returns: SevCapability objects. 165# 166# Since: 2.12 167# 168# Example: 169# 170# -> { "execute": "query-sev-capabilities" } 171# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 172# "cpu0-id": "2lvmGwo+...61iEinw==", 173# "cbitpos": 47, "reduced-phys-bits": 1}} 174## 175{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 176 'if': 'TARGET_I386' } 177 178## 179# @sev-inject-launch-secret: 180# 181# This command injects a secret blob into memory of SEV guest. 182# 183# @packet-header: the launch secret packet header encoded in base64 184# 185# @secret: the launch secret data to be injected encoded in base64 186# 187# @gpa: the guest physical address where secret will be injected. 188# 189# Since: 6.0 190## 191{ 'command': 'sev-inject-launch-secret', 192 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 193 'if': 'TARGET_I386' } 194 195## 196# @SevAttestationReport: 197# 198# The struct describes attestation report for a Secure Encrypted 199# Virtualization feature. 200# 201# @data: guest attestation report (base64 encoded) 202# 203# Since: 6.1 204## 205{ 'struct': 'SevAttestationReport', 206 'data': { 'data': 'str'}, 207 'if': 'TARGET_I386' } 208 209## 210# @query-sev-attestation-report: 211# 212# This command is used to get the SEV attestation report, and is 213# supported on AMD X86 platforms only. 214# 215# @mnonce: a random 16 bytes value encoded in base64 (it will be 216# included in report) 217# 218# Returns: SevAttestationReport objects. 219# 220# Since: 6.1 221# 222# Example: 223# 224# -> { "execute" : "query-sev-attestation-report", 225# "arguments": { "mnonce": "aaaaaaa" } } 226# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 227## 228{ 'command': 'query-sev-attestation-report', 229 'data': { 'mnonce': 'str' }, 230 'returns': 'SevAttestationReport', 231 'if': 'TARGET_I386' } 232 233## 234# @dump-skeys: 235# 236# Dump guest's storage keys 237# 238# @filename: the path to the file to dump to 239# 240# Since: 2.5 241# 242# Example: 243# 244# -> { "execute": "dump-skeys", 245# "arguments": { "filename": "/tmp/skeys" } } 246# <- { "return": {} } 247## 248{ 'command': 'dump-skeys', 249 'data': { 'filename': 'str' }, 250 'if': 'TARGET_S390X' } 251 252## 253# @GICCapability: 254# 255# The struct describes capability for a specific GIC (Generic 256# Interrupt Controller) version. These bits are not only decided by 257# QEMU/KVM software version, but also decided by the hardware that the 258# program is running upon. 259# 260# @version: version of GIC to be described. Currently, only 2 and 3 261# are supported. 262# 263# @emulated: whether current QEMU/hardware supports emulated GIC 264# device in user space. 265# 266# @kernel: whether current QEMU/hardware supports hardware accelerated 267# GIC device in kernel. 268# 269# Since: 2.6 270## 271{ 'struct': 'GICCapability', 272 'data': { 'version': 'int', 273 'emulated': 'bool', 274 'kernel': 'bool' }, 275 'if': 'TARGET_ARM' } 276 277## 278# @query-gic-capabilities: 279# 280# This command is ARM-only. It will return a list of GICCapability 281# objects that describe its capability bits. 282# 283# Returns: a list of GICCapability objects. 284# 285# Since: 2.6 286# 287# Example: 288# 289# -> { "execute": "query-gic-capabilities" } 290# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 291# { "version": 3, "emulated": false, "kernel": true } ] } 292## 293{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 294 'if': 'TARGET_ARM' } 295 296## 297# @SGXEPCSection: 298# 299# Information about intel SGX EPC section info 300# 301# @node: the numa node 302# 303# @size: the size of EPC section 304# 305# Since: 7.0 306## 307{ 'struct': 'SGXEPCSection', 308 'data': { 'node': 'int', 309 'size': 'uint64'}} 310 311## 312# @SGXInfo: 313# 314# Information about intel Safe Guard eXtension (SGX) support 315# 316# @sgx: true if SGX is supported 317# 318# @sgx1: true if SGX1 is supported 319# 320# @sgx2: true if SGX2 is supported 321# 322# @flc: true if FLC is supported 323# 324# @sections: The EPC sections info for guest (Since: 7.0) 325# 326# Since: 6.2 327## 328{ 'struct': 'SGXInfo', 329 'data': { 'sgx': 'bool', 330 'sgx1': 'bool', 331 'sgx2': 'bool', 332 'flc': 'bool', 333 'sections': ['SGXEPCSection']}, 334 'if': 'TARGET_I386' } 335 336## 337# @query-sgx: 338# 339# Returns information about SGX 340# 341# Returns: @SGXInfo 342# 343# Since: 6.2 344# 345# Example: 346# 347# -> { "execute": "query-sgx" } 348# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 349# "flc": true, 350# "sections": [{"node": 0, "size": 67108864}, 351# {"node": 1, "size": 29360128}]} } 352## 353{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 354 355## 356# @query-sgx-capabilities: 357# 358# Returns information from host SGX capabilities 359# 360# Returns: @SGXInfo 361# 362# Since: 6.2 363# 364# Example: 365# 366# -> { "execute": "query-sgx-capabilities" } 367# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 368# "flc": true, 369# "section" : [{"node": 0, "size": 67108864}, 370# {"node": 1, "size": 29360128}]} } 371## 372{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 373 374 375## 376# @EvtchnPortType: 377# 378# An enumeration of Xen event channel port types. 379# 380# @closed: The port is unused. 381# 382# @unbound: The port is allocated and ready to be bound. 383# 384# @interdomain: The port is connected as an interdomain interrupt. 385# 386# @pirq: The port is bound to a physical IRQ (PIRQ). 387# 388# @virq: The port is bound to a virtual IRQ (VIRQ). 389# 390# @ipi: The post is an inter-processor interrupt (IPI). 391# 392# Since: 8.0 393## 394{ 'enum': 'EvtchnPortType', 395 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'], 396 'if': 'TARGET_I386' } 397 398## 399# @EvtchnInfo: 400# 401# Information about a Xen event channel port 402# 403# @port: the port number 404# 405# @vcpu: target vCPU for this port 406# 407# @type: the port type 408# 409# @remote-domain: remote domain for interdomain ports 410# 411# @target: remote port ID, or virq/pirq number 412# 413# @pending: port is currently active pending delivery 414# 415# @masked: port is masked 416# 417# Since: 8.0 418## 419{ 'struct': 'EvtchnInfo', 420 'data': {'port': 'uint16', 421 'vcpu': 'uint32', 422 'type': 'EvtchnPortType', 423 'remote-domain': 'str', 424 'target': 'uint16', 425 'pending': 'bool', 426 'masked': 'bool'}, 427 'if': 'TARGET_I386' } 428 429 430## 431# @xen-event-list: 432# 433# Query the Xen event channels opened by the guest. 434# 435# Returns: list of open event channel ports. 436# 437# Since: 8.0 438# 439# Example: 440# 441# -> { "execute": "xen-event-list" } 442# <- { "return": [ 443# { 444# "pending": false, 445# "port": 1, 446# "vcpu": 1, 447# "remote-domain": "qemu", 448# "masked": false, 449# "type": "interdomain", 450# "target": 1 451# }, 452# { 453# "pending": false, 454# "port": 2, 455# "vcpu": 0, 456# "remote-domain": "", 457# "masked": false, 458# "type": "virq", 459# "target": 0 460# } 461# ] 462# } 463## 464{ 'command': 'xen-event-list', 465 'returns': ['EvtchnInfo'], 466 'if': 'TARGET_I386' } 467 468## 469# @xen-event-inject: 470# 471# Inject a Xen event channel port (interrupt) to the guest. 472# 473# @port: The port number 474# 475# Since: 8.0 476# 477# Example: 478# 479# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 480# <- { "return": { } } 481## 482{ 'command': 'xen-event-inject', 483 'data': { 'port': 'uint32' }, 484 'if': 'TARGET_I386' } 485