| blob | 5aa2b95b7d4aa09a4b11a9bbabafa2b30ce4f2ae |
1 # -*- Mode: Python -*-
2 # vim: filetype=python
3 #
5 ##
6 # @RTC_CHANGE:
7 #
8 # Emitted when the guest changes the RTC time.
9 #
10 # @offset: offset between base RTC clock (as specified by -rtc base), and
11 # new RTC clock value
12 #
13 # Note: This event is rate-limited.
14 #
15 # Since: 0.13
16 #
17 # Example:
18 #
19 # <- { "event": "RTC_CHANGE",
20 # "data": { "offset": 78 },
21 # "timestamp": { "seconds": 1267020223, "microseconds": 435656 } }
22 #
23 ##
24 { 'event': 'RTC_CHANGE',
25 'data': { 'offset': 'int' },
26 'if': { 'any': [ 'TARGET_ALPHA',
27 'TARGET_ARM',
28 'TARGET_HPPA',
29 'TARGET_I386',
30 'TARGET_MIPS',
31 'TARGET_MIPS64',
32 'TARGET_PPC',
33 'TARGET_PPC64',
34 'TARGET_S390X',
35 'TARGET_SH4',
36 'TARGET_SPARC' ] } }
38 ##
39 # @rtc-reset-reinjection:
40 #
41 # This command will reset the RTC interrupt reinjection backlog.
42 # Can be used if another mechanism to synchronize guest time
43 # is in effect, for example QEMU guest agent's guest-set-time
44 # command.
45 #
46 # Since: 2.1
47 #
48 # Example:
49 #
50 # -> { "execute": "rtc-reset-reinjection" }
51 # <- { "return": {} }
52 #
53 ##
54 { 'command': 'rtc-reset-reinjection',
55 'if': 'TARGET_I386' }
58 ##
59 # @SevState:
60 #
61 # An enumeration of SEV state information used during @query-sev.
62 #
63 # @uninit: The guest is uninitialized.
64 #
65 # @launch-update: The guest is currently being launched; plaintext data and
66 # register state is being imported.
67 #
68 # @launch-secret: The guest is currently being launched; ciphertext data
69 # is being imported.
70 #
71 # @running: The guest is fully launched or migrated in.
72 #
73 # @send-update: The guest is currently being migrated out to another machine.
74 #
75 # @receive-update: The guest is currently being migrated from another machine.
76 #
77 # Since: 2.12
78 ##
79 { 'enum': 'SevState',
80 'data': ['uninit', 'launch-update', 'launch-secret', 'running',
81 'send-update', 'receive-update' ],
82 'if': 'TARGET_I386' }
84 ##
85 # @SevInfo:
86 #
87 # Information about Secure Encrypted Virtualization (SEV) support
88 #
89 # @enabled: true if SEV is active
90 #
91 # @api-major: SEV API major version
92 #
93 # @api-minor: SEV API minor version
94 #
95 # @build-id: SEV FW build id
96 #
97 # @policy: SEV policy value
98 #
99 # @state: SEV guest state
100 #
101 # @handle: SEV firmware handle
102 #
103 # Since: 2.12
104 ##
105 { 'struct': 'SevInfo',
106 'data': { 'enabled': 'bool',
107 'api-major': 'uint8',
108 'api-minor' : 'uint8',
109 'build-id' : 'uint8',
110 'policy' : 'uint32',
111 'state' : 'SevState',
112 'handle' : 'uint32'
113 },
114 'if': 'TARGET_I386'
115 }
117 ##
118 # @query-sev:
119 #
120 # Returns information about SEV
121 #
122 # Returns: @SevInfo
123 #
124 # Since: 2.12
125 #
126 # Example:
127 #
128 # -> { "execute": "query-sev" }
129 # <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
130 # "build-id" : 0, "policy" : 0, "state" : "running",
131 # "handle" : 1 } }
132 #
133 ##
134 { 'command': 'query-sev', 'returns': 'SevInfo',
135 'if': 'TARGET_I386' }
138 ##
139 # @SevLaunchMeasureInfo:
140 #
141 # SEV Guest Launch measurement information
142 #
143 # @data: the measurement value encoded in base64
144 #
145 # Since: 2.12
146 #
147 ##
148 { 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
149 'if': 'TARGET_I386' }
151 ##
152 # @query-sev-launch-measure:
153 #
154 # Query the SEV guest launch information.
155 #
156 # Returns: The @SevLaunchMeasureInfo for the guest
157 #
158 # Since: 2.12
159 #
160 # Example:
161 #
162 # -> { "execute": "query-sev-launch-measure" }
163 # <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
164 #
165 ##
166 { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
167 'if': 'TARGET_I386' }
170 ##
171 # @SevCapability:
172 #
173 # The struct describes capability for a Secure Encrypted Virtualization
174 # feature.
175 #
176 # @pdh: Platform Diffie-Hellman key (base64 encoded)
177 #
178 # @cert-chain: PDH certificate chain (base64 encoded)
179 #
180 # @cbitpos: C-bit location in page table entry
181 #
182 # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
183 # enabled
184 #
185 # Since: 2.12
186 ##
187 { 'struct': 'SevCapability',
188 'data': { 'pdh': 'str',
189 'cert-chain': 'str',
190 'cbitpos': 'int',
191 'reduced-phys-bits': 'int'},
192 'if': 'TARGET_I386' }
194 ##
195 # @query-sev-capabilities:
196 #
197 # This command is used to get the SEV capabilities, and is supported on AMD
198 # X86 platforms only.
199 #
200 # Returns: SevCapability objects.
201 #
202 # Since: 2.12
203 #
204 # Example:
205 #
206 # -> { "execute": "query-sev-capabilities" }
207 # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
208 # "cbitpos": 47, "reduced-phys-bits": 5}}
209 #
210 ##
211 { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
212 'if': 'TARGET_I386' }
214 ##
215 # @sev-inject-launch-secret:
216 #
217 # This command injects a secret blob into memory of SEV guest.
218 #
219 # @packet-header: the launch secret packet header encoded in base64
220 #
221 # @secret: the launch secret data to be injected encoded in base64
222 #
223 # @gpa: the guest physical address where secret will be injected.
224 #
225 # Since: 6.0
226 #
227 ##
228 { 'command': 'sev-inject-launch-secret',
229 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
230 'if': 'TARGET_I386' }
232 ##
233 # @SevAttestationReport:
234 #
235 # The struct describes attestation report for a Secure Encrypted
236 # Virtualization feature.
237 #
238 # @data: guest attestation report (base64 encoded)
239 #
240 #
241 # Since: 6.1
242 ##
243 { 'struct': 'SevAttestationReport',
244 'data': { 'data': 'str'},
245 'if': 'TARGET_I386' }
247 ##
248 # @query-sev-attestation-report:
249 #
250 # This command is used to get the SEV attestation report, and is
251 # supported on AMD X86 platforms only.
252 #
253 # @mnonce: a random 16 bytes value encoded in base64 (it will be
254 # included in report)
255 #
256 # Returns: SevAttestationReport objects.
257 #
258 # Since: 6.1
259 #
260 # Example:
261 #
262 # -> { "execute" : "query-sev-attestation-report",
263 # "arguments": { "mnonce": "aaaaaaa" } }
264 # <- { "return" : { "data": "aaaaaaaabbbddddd"} }
265 #
266 ##
267 { 'command': 'query-sev-attestation-report',
268 'data': { 'mnonce': 'str' },
269 'returns': 'SevAttestationReport',
270 'if': 'TARGET_I386' }
272 ##
273 # @dump-skeys:
274 #
275 # Dump guest's storage keys
276 #
277 # @filename: the path to the file to dump to
278 #
279 # This command is only supported on s390 architecture.
280 #
281 # Since: 2.5
282 #
283 # Example:
284 #
285 # -> { "execute": "dump-skeys",
286 # "arguments": { "filename": "/tmp/skeys" } }
287 # <- { "return": {} }
288 #
289 ##
290 { 'command': 'dump-skeys',
291 'data': { 'filename': 'str' },
292 'if': 'TARGET_S390X' }
294 ##
295 # @GICCapability:
296 #
297 # The struct describes capability for a specific GIC (Generic
298 # Interrupt Controller) version. These bits are not only decided by
299 # QEMU/KVM software version, but also decided by the hardware that
300 # the program is running upon.
301 #
302 # @version: version of GIC to be described. Currently, only 2 and 3
303 # are supported.
304 #
305 # @emulated: whether current QEMU/hardware supports emulated GIC
306 # device in user space.
307 #
308 # @kernel: whether current QEMU/hardware supports hardware
309 # accelerated GIC device in kernel.
310 #
311 # Since: 2.6
312 ##
313 { 'struct': 'GICCapability',
314 'data': { 'version': 'int',
315 'emulated': 'bool',
316 'kernel': 'bool' },
317 'if': 'TARGET_ARM' }
319 ##
320 # @query-gic-capabilities:
321 #
322 # This command is ARM-only. It will return a list of GICCapability
323 # objects that describe its capability bits.
324 #
325 # Returns: a list of GICCapability objects.
326 #
327 # Since: 2.6
328 #
329 # Example:
330 #
331 # -> { "execute": "query-gic-capabilities" }
332 # <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
333 # { "version": 3, "emulated": false, "kernel": true } ] }
334 #
335 ##
336 { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
337 'if': 'TARGET_ARM' }
340 ##
341 # @SGXInfo:
342 #
343 # Information about intel Safe Guard eXtension (SGX) support
344 #
345 # @sgx: true if SGX is supported
346 #
347 # @sgx1: true if SGX1 is supported
348 #
349 # @sgx2: true if SGX2 is supported
350 #
351 # @flc: true if FLC is supported
352 #
353 # @section-size: The EPC section size for guest
354 #
355 # Since: 6.2
356 ##
357 { 'struct': 'SGXInfo',
358 'data': { 'sgx': 'bool',
359 'sgx1': 'bool',
360 'sgx2': 'bool',
361 'flc': 'bool',
362 'section-size': 'uint64'},
363 'if': 'TARGET_I386' }
365 ##
366 # @query-sgx:
367 #
368 # Returns information about SGX
369 #
370 # Returns: @SGXInfo
371 #
372 # Since: 6.2
373 #
374 # Example:
375 #
376 # -> { "execute": "query-sgx" }
377 # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
378 # "flc": true, "section-size" : 0 } }
379 #
380 ##
381 { 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
383 ##
384 # @query-sgx-capabilities:
385 #
386 # Returns information from host SGX capabilities
387 #
388 # Returns: @SGXInfo
389 #
390 # Since: 6.2
391 #
392 # Example:
393 #
394 # -> { "execute": "query-sgx-capabilities" }
395 # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
396 # "flc": true, "section-size" : 0 } }
397 #
398 ##
399 { 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }