1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4 5## 6# @rtc-reset-reinjection: 7# 8# This command will reset the RTC interrupt reinjection backlog. 9# Can be used if another mechanism to synchronize guest time 10# is in effect, for example QEMU guest agent's guest-set-time 11# command. 12# 13# Since: 2.1 14# 15# Example: 16# 17# -> { "execute": "rtc-reset-reinjection" } 18# <- { "return": {} } 19# 20## 21{ 'command': 'rtc-reset-reinjection', 22 'if': 'TARGET_I386' } 23 24 25## 26# @SevState: 27# 28# An enumeration of SEV state information used during @query-sev. 29# 30# @uninit: The guest is uninitialized. 31# 32# @launch-update: The guest is currently being launched; plaintext data and 33# register state is being imported. 34# 35# @launch-secret: The guest is currently being launched; ciphertext data 36# is being imported. 37# 38# @running: The guest is fully launched or migrated in. 39# 40# @send-update: The guest is currently being migrated out to another machine. 41# 42# @receive-update: The guest is currently being migrated from another machine. 43# 44# Since: 2.12 45## 46{ 'enum': 'SevState', 47 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 48 'send-update', 'receive-update' ], 49 'if': 'TARGET_I386' } 50 51## 52# @SevInfo: 53# 54# Information about Secure Encrypted Virtualization (SEV) support 55# 56# @enabled: true if SEV is active 57# 58# @api-major: SEV API major version 59# 60# @api-minor: SEV API minor version 61# 62# @build-id: SEV FW build id 63# 64# @policy: SEV policy value 65# 66# @state: SEV guest state 67# 68# @handle: SEV firmware handle 69# 70# Since: 2.12 71## 72{ 'struct': 'SevInfo', 73 'data': { 'enabled': 'bool', 74 'api-major': 'uint8', 75 'api-minor' : 'uint8', 76 'build-id' : 'uint8', 77 'policy' : 'uint32', 78 'state' : 'SevState', 79 'handle' : 'uint32' 80 }, 81 'if': 'TARGET_I386' 82} 83 84## 85# @query-sev: 86# 87# Returns information about SEV 88# 89# Returns: @SevInfo 90# 91# Since: 2.12 92# 93# Example: 94# 95# -> { "execute": "query-sev" } 96# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 97# "build-id" : 0, "policy" : 0, "state" : "running", 98# "handle" : 1 } } 99# 100## 101{ 'command': 'query-sev', 'returns': 'SevInfo', 102 'if': 'TARGET_I386' } 103 104 105## 106# @SevLaunchMeasureInfo: 107# 108# SEV Guest Launch measurement information 109# 110# @data: the measurement value encoded in base64 111# 112# Since: 2.12 113## 114{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, 115 'if': 'TARGET_I386' } 116 117## 118# @query-sev-launch-measure: 119# 120# Query the SEV guest launch information. 121# 122# Returns: The @SevLaunchMeasureInfo for the guest 123# 124# Since: 2.12 125# 126# Example: 127# 128# -> { "execute": "query-sev-launch-measure" } 129# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 130# 131## 132{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', 133 'if': 'TARGET_I386' } 134 135 136## 137# @SevCapability: 138# 139# The struct describes capability for a Secure Encrypted Virtualization 140# feature. 141# 142# @pdh: Platform Diffie-Hellman key (base64 encoded) 143# 144# @cert-chain: PDH certificate chain (base64 encoded) 145# 146# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 147# 148# @cbitpos: C-bit location in page table entry 149# 150# @reduced-phys-bits: Number of physical Address bit reduction when SEV is 151# enabled 152# 153# Since: 2.12 154## 155{ 'struct': 'SevCapability', 156 'data': { 'pdh': 'str', 157 'cert-chain': 'str', 158 'cpu0-id': 'str', 159 'cbitpos': 'int', 160 'reduced-phys-bits': 'int'}, 161 'if': 'TARGET_I386' } 162 163## 164# @query-sev-capabilities: 165# 166# This command is used to get the SEV capabilities, and is supported on AMD 167# X86 platforms only. 168# 169# Returns: SevCapability objects. 170# 171# Since: 2.12 172# 173# Example: 174# 175# -> { "execute": "query-sev-capabilities" } 176# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 177# "cpu0-id": "2lvmGwo+...61iEinw==", 178# "cbitpos": 47, "reduced-phys-bits": 5}} 179# 180## 181{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability', 182 'if': 'TARGET_I386' } 183 184## 185# @sev-inject-launch-secret: 186# 187# This command injects a secret blob into memory of SEV guest. 188# 189# @packet-header: the launch secret packet header encoded in base64 190# 191# @secret: the launch secret data to be injected encoded in base64 192# 193# @gpa: the guest physical address where secret will be injected. 194# 195# Since: 6.0 196## 197{ 'command': 'sev-inject-launch-secret', 198 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, 199 'if': 'TARGET_I386' } 200 201## 202# @SevAttestationReport: 203# 204# The struct describes attestation report for a Secure Encrypted 205# Virtualization feature. 206# 207# @data: guest attestation report (base64 encoded) 208# 209# Since: 6.1 210## 211{ 'struct': 'SevAttestationReport', 212 'data': { 'data': 'str'}, 213 'if': 'TARGET_I386' } 214 215## 216# @query-sev-attestation-report: 217# 218# This command is used to get the SEV attestation report, and is 219# supported on AMD X86 platforms only. 220# 221# @mnonce: a random 16 bytes value encoded in base64 (it will be 222# included in report) 223# 224# Returns: SevAttestationReport objects. 225# 226# Since: 6.1 227# 228# Example: 229# 230# -> { "execute" : "query-sev-attestation-report", 231# "arguments": { "mnonce": "aaaaaaa" } } 232# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 233# 234## 235{ 'command': 'query-sev-attestation-report', 236 'data': { 'mnonce': 'str' }, 237 'returns': 'SevAttestationReport', 238 'if': 'TARGET_I386' } 239 240## 241# @dump-skeys: 242# 243# Dump guest's storage keys 244# 245# @filename: the path to the file to dump to 246# 247# This command is only supported on s390 architecture. 248# 249# Since: 2.5 250# 251# Example: 252# 253# -> { "execute": "dump-skeys", 254# "arguments": { "filename": "/tmp/skeys" } } 255# <- { "return": {} } 256# 257## 258{ 'command': 'dump-skeys', 259 'data': { 'filename': 'str' }, 260 'if': 'TARGET_S390X' } 261 262## 263# @GICCapability: 264# 265# The struct describes capability for a specific GIC (Generic 266# Interrupt Controller) version. These bits are not only decided by 267# QEMU/KVM software version, but also decided by the hardware that 268# the program is running upon. 269# 270# @version: version of GIC to be described. Currently, only 2 and 3 271# are supported. 272# 273# @emulated: whether current QEMU/hardware supports emulated GIC 274# device in user space. 275# 276# @kernel: whether current QEMU/hardware supports hardware 277# accelerated GIC device in kernel. 278# 279# Since: 2.6 280## 281{ 'struct': 'GICCapability', 282 'data': { 'version': 'int', 283 'emulated': 'bool', 284 'kernel': 'bool' }, 285 'if': 'TARGET_ARM' } 286 287## 288# @query-gic-capabilities: 289# 290# This command is ARM-only. It will return a list of GICCapability 291# objects that describe its capability bits. 292# 293# Returns: a list of GICCapability objects. 294# 295# Since: 2.6 296# 297# Example: 298# 299# -> { "execute": "query-gic-capabilities" } 300# <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, 301# { "version": 3, "emulated": false, "kernel": true } ] } 302# 303## 304{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], 305 'if': 'TARGET_ARM' } 306 307 308## 309# @SGXEPCSection: 310# 311# Information about intel SGX EPC section info 312# 313# @node: the numa node 314# 315# @size: the size of EPC section 316# 317# Since: 7.0 318## 319{ 'struct': 'SGXEPCSection', 320 'data': { 'node': 'int', 321 'size': 'uint64'}} 322 323## 324# @SGXInfo: 325# 326# Information about intel Safe Guard eXtension (SGX) support 327# 328# @sgx: true if SGX is supported 329# 330# @sgx1: true if SGX1 is supported 331# 332# @sgx2: true if SGX2 is supported 333# 334# @flc: true if FLC is supported 335# 336# @section-size: The EPC section size for guest 337# Redundant with @sections. Just for backward compatibility. 338# 339# @sections: The EPC sections info for guest (Since: 7.0) 340# 341# Features: 342# @deprecated: Member @section-size is deprecated. Use @sections instead. 343# 344# Since: 6.2 345## 346{ 'struct': 'SGXInfo', 347 'data': { 'sgx': 'bool', 348 'sgx1': 'bool', 349 'sgx2': 'bool', 350 'flc': 'bool', 351 'section-size': { 'type': 'uint64', 352 'features': [ 'deprecated' ] }, 353 'sections': ['SGXEPCSection']}, 354 'if': 'TARGET_I386' } 355 356## 357# @query-sgx: 358# 359# Returns information about SGX 360# 361# Returns: @SGXInfo 362# 363# Since: 6.2 364# 365# Example: 366# 367# -> { "execute": "query-sgx" } 368# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 369# "flc": true, "section-size" : 96468992, 370# "sections": [{"node": 0, "size": 67108864}, 371# {"node": 1, "size": 29360128}]} } 372# 373## 374{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 375 376## 377# @query-sgx-capabilities: 378# 379# Returns information from host SGX capabilities 380# 381# Returns: @SGXInfo 382# 383# Since: 6.2 384# 385# Example: 386# 387# -> { "execute": "query-sgx-capabilities" } 388# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 389# "flc": true, "section-size" : 96468992, 390# "section" : [{"node": 0, "size": 67108864}, 391# {"node": 1, "size": 29360128}]} } 392# 393## 394{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } 395