xref: /openbmc/qemu/qapi/misc-target.json (revision c6487a88) 
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# @rtc-reset-reinjection:
7#
8# This command will reset the RTC interrupt reinjection backlog.
9# Can be used if another mechanism to synchronize guest time
10# is in effect, for example QEMU guest agent's guest-set-time
11# command.
12#
13# Since: 2.1
14#
15# Example:
16#
17# -> { "execute": "rtc-reset-reinjection" }
18# <- { "return": {} }
19#
20##
21{ 'command': 'rtc-reset-reinjection',
22  'if': 'TARGET_I386' }
23
24
25##
26# @SevState:
27#
28# An enumeration of SEV state information used during @query-sev.
29#
30# @uninit: The guest is uninitialized.
31#
32# @launch-update: The guest is currently being launched; plaintext data and
33#                 register state is being imported.
34#
35# @launch-secret: The guest is currently being launched; ciphertext data
36#                 is being imported.
37#
38# @running: The guest is fully launched or migrated in.
39#
40# @send-update: The guest is currently being migrated out to another machine.
41#
42# @receive-update: The guest is currently being migrated from another machine.
43#
44# Since: 2.12
45##
46{ 'enum': 'SevState',
47  'data': ['uninit', 'launch-update', 'launch-secret', 'running',
48           'send-update', 'receive-update' ],
49  'if': 'TARGET_I386' }
50
51##
52# @SevInfo:
53#
54# Information about Secure Encrypted Virtualization (SEV) support
55#
56# @enabled: true if SEV is active
57#
58# @api-major: SEV API major version
59#
60# @api-minor: SEV API minor version
61#
62# @build-id: SEV FW build id
63#
64# @policy: SEV policy value
65#
66# @state: SEV guest state
67#
68# @handle: SEV firmware handle
69#
70# Since: 2.12
71##
72{ 'struct': 'SevInfo',
73    'data': { 'enabled': 'bool',
74              'api-major': 'uint8',
75              'api-minor' : 'uint8',
76              'build-id' : 'uint8',
77              'policy' : 'uint32',
78              'state' : 'SevState',
79              'handle' : 'uint32'
80            },
81  'if': 'TARGET_I386'
82}
83
84##
85# @query-sev:
86#
87# Returns information about SEV
88#
89# Returns: @SevInfo
90#
91# Since: 2.12
92#
93# Example:
94#
95# -> { "execute": "query-sev" }
96# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
97#                  "build-id" : 0, "policy" : 0, "state" : "running",
98#                  "handle" : 1 } }
99#
100##
101{ 'command': 'query-sev', 'returns': 'SevInfo',
102  'if': 'TARGET_I386' }
103
104
105##
106# @SevLaunchMeasureInfo:
107#
108# SEV Guest Launch measurement information
109#
110# @data: the measurement value encoded in base64
111#
112# Since: 2.12
113##
114{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
115  'if': 'TARGET_I386' }
116
117##
118# @query-sev-launch-measure:
119#
120# Query the SEV guest launch information.
121#
122# Returns: The @SevLaunchMeasureInfo for the guest
123#
124# Since: 2.12
125#
126# Example:
127#
128# -> { "execute": "query-sev-launch-measure" }
129# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
130#
131##
132{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
133  'if': 'TARGET_I386' }
134
135
136##
137# @SevCapability:
138#
139# The struct describes capability for a Secure Encrypted Virtualization
140# feature.
141#
142# @pdh:  Platform Diffie-Hellman key (base64 encoded)
143#
144# @cert-chain:  PDH certificate chain (base64 encoded)
145#
146# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1)
147#
148# @cbitpos: C-bit location in page table entry
149#
150# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
151#                     enabled
152#
153# Since: 2.12
154##
155{ 'struct': 'SevCapability',
156  'data': { 'pdh': 'str',
157            'cert-chain': 'str',
158            'cpu0-id': 'str',
159            'cbitpos': 'int',
160            'reduced-phys-bits': 'int'},
161  'if': 'TARGET_I386' }
162
163##
164# @query-sev-capabilities:
165#
166# This command is used to get the SEV capabilities, and is supported on AMD
167# X86 platforms only.
168#
169# Returns: SevCapability objects.
170#
171# Since: 2.12
172#
173# Example:
174#
175# -> { "execute": "query-sev-capabilities" }
176# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
177#                  "cpu0-id": "2lvmGwo+...61iEinw==",
178#                  "cbitpos": 47, "reduced-phys-bits": 5}}
179#
180##
181{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
182  'if': 'TARGET_I386' }
183
184##
185# @sev-inject-launch-secret:
186#
187# This command injects a secret blob into memory of SEV guest.
188#
189# @packet-header: the launch secret packet header encoded in base64
190#
191# @secret: the launch secret data to be injected encoded in base64
192#
193# @gpa: the guest physical address where secret will be injected.
194#
195# Since: 6.0
196##
197{ 'command': 'sev-inject-launch-secret',
198  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
199  'if': 'TARGET_I386' }
200
201##
202# @SevAttestationReport:
203#
204# The struct describes attestation report for a Secure Encrypted
205# Virtualization feature.
206#
207# @data:  guest attestation report (base64 encoded)
208#
209# Since: 6.1
210##
211{ 'struct': 'SevAttestationReport',
212  'data': { 'data': 'str'},
213  'if': 'TARGET_I386' }
214
215##
216# @query-sev-attestation-report:
217#
218# This command is used to get the SEV attestation report, and is
219# supported on AMD X86 platforms only.
220#
221# @mnonce: a random 16 bytes value encoded in base64 (it will be
222#          included in report)
223#
224# Returns: SevAttestationReport objects.
225#
226# Since: 6.1
227#
228# Example:
229#
230# -> { "execute" : "query-sev-attestation-report",
231#                  "arguments": { "mnonce": "aaaaaaa" } }
232# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
233#
234##
235{ 'command': 'query-sev-attestation-report',
236  'data': { 'mnonce': 'str' },
237  'returns': 'SevAttestationReport',
238  'if': 'TARGET_I386' }
239
240##
241# @dump-skeys:
242#
243# Dump guest's storage keys
244#
245# @filename: the path to the file to dump to
246#
247# This command is only supported on s390 architecture.
248#
249# Since: 2.5
250#
251# Example:
252#
253# -> { "execute": "dump-skeys",
254#      "arguments": { "filename": "/tmp/skeys" } }
255# <- { "return": {} }
256#
257##
258{ 'command': 'dump-skeys',
259  'data': { 'filename': 'str' },
260  'if': 'TARGET_S390X' }
261
262##
263# @GICCapability:
264#
265# The struct describes capability for a specific GIC (Generic
266# Interrupt Controller) version. These bits are not only decided by
267# QEMU/KVM software version, but also decided by the hardware that
268# the program is running upon.
269#
270# @version: version of GIC to be described. Currently, only 2 and 3
271#           are supported.
272#
273# @emulated: whether current QEMU/hardware supports emulated GIC
274#            device in user space.
275#
276# @kernel: whether current QEMU/hardware supports hardware
277#          accelerated GIC device in kernel.
278#
279# Since: 2.6
280##
281{ 'struct': 'GICCapability',
282  'data': { 'version': 'int',
283            'emulated': 'bool',
284            'kernel': 'bool' },
285  'if': 'TARGET_ARM' }
286
287##
288# @query-gic-capabilities:
289#
290# This command is ARM-only. It will return a list of GICCapability
291# objects that describe its capability bits.
292#
293# Returns: a list of GICCapability objects.
294#
295# Since: 2.6
296#
297# Example:
298#
299# -> { "execute": "query-gic-capabilities" }
300# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
301#                 { "version": 3, "emulated": false, "kernel": true } ] }
302#
303##
304{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
305  'if': 'TARGET_ARM' }
306
307
308##
309# @SGXEPCSection:
310#
311# Information about intel SGX EPC section info
312#
313# @node: the numa node
314#
315# @size: the size of EPC section
316#
317# Since: 7.0
318##
319{ 'struct': 'SGXEPCSection',
320  'data': { 'node': 'int',
321            'size': 'uint64'}}
322
323##
324# @SGXInfo:
325#
326# Information about intel Safe Guard eXtension (SGX) support
327#
328# @sgx: true if SGX is supported
329#
330# @sgx1: true if SGX1 is supported
331#
332# @sgx2: true if SGX2 is supported
333#
334# @flc: true if FLC is supported
335#
336# @section-size: The EPC section size for guest
337#                Redundant with @sections.  Just for backward compatibility.
338#
339# @sections: The EPC sections info for guest (Since: 7.0)
340#
341# Features:
342# @deprecated: Member @section-size is deprecated.  Use @sections instead.
343#
344# Since: 6.2
345##
346{ 'struct': 'SGXInfo',
347  'data': { 'sgx': 'bool',
348            'sgx1': 'bool',
349            'sgx2': 'bool',
350            'flc': 'bool',
351            'section-size': { 'type': 'uint64',
352                    'features': [ 'deprecated' ] },
353            'sections': ['SGXEPCSection']},
354   'if': 'TARGET_I386' }
355
356##
357# @query-sgx:
358#
359# Returns information about SGX
360#
361# Returns: @SGXInfo
362#
363# Since: 6.2
364#
365# Example:
366#
367# -> { "execute": "query-sgx" }
368# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
369#                  "flc": true,  "section-size" : 96468992,
370#                  "sections": [{"node": 0, "size": 67108864},
371#                  {"node": 1, "size": 29360128}]} }
372#
373##
374{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
375
376##
377# @query-sgx-capabilities:
378#
379# Returns information from host SGX capabilities
380#
381# Returns: @SGXInfo
382#
383# Since: 6.2
384#
385# Example:
386#
387# -> { "execute": "query-sgx-capabilities" }
388# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
389#                  "flc": true, "section-size" : 96468992,
390#                  "section" : [{"node": 0, "size": 67108864},
391#                  {"node": 1, "size": 29360128}]} }
392#
393##
394{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
395