]>
Commit | Line | Data |
---|---|---|
61eb9e80 | 1 | # -*- Mode: Python -*- |
f7160f32 | 2 | # vim: filetype=python |
61eb9e80 MA |
3 | # |
4 | ||
183e4281 MAL |
5 | ## |
6 | # @RTC_CHANGE: | |
7 | # | |
8 | # Emitted when the guest changes the RTC time. | |
9 | # | |
10 | # @offset: offset between base RTC clock (as specified by -rtc base), and | |
11 | # new RTC clock value | |
12 | # | |
13 | # Note: This event is rate-limited. | |
14 | # | |
9bc6e893 | 15 | # Since: 0.13 |
183e4281 MAL |
16 | # |
17 | # Example: | |
18 | # | |
19 | # <- { "event": "RTC_CHANGE", | |
20 | # "data": { "offset": 78 }, | |
21 | # "timestamp": { "seconds": 1267020223, "microseconds": 435656 } } | |
22 | # | |
23 | ## | |
24 | { 'event': 'RTC_CHANGE', | |
25 | 'data': { 'offset': 'int' }, | |
8a9f1e1d MAL |
26 | 'if': { 'any': [ 'TARGET_ALPHA', |
27 | 'TARGET_ARM', | |
28 | 'TARGET_HPPA', | |
29 | 'TARGET_I386', | |
30 | 'TARGET_MIPS', | |
31 | 'TARGET_MIPS64', | |
32 | 'TARGET_PPC', | |
33 | 'TARGET_PPC64', | |
34 | 'TARGET_S390X', | |
35 | 'TARGET_SH4', | |
36 | 'TARGET_SPARC' ] } } | |
183e4281 | 37 | |
61eb9e80 | 38 | ## |
a6c7040f MAL |
39 | # @rtc-reset-reinjection: |
40 | # | |
41 | # This command will reset the RTC interrupt reinjection backlog. | |
42 | # Can be used if another mechanism to synchronize guest time | |
43 | # is in effect, for example QEMU guest agent's guest-set-time | |
44 | # command. | |
45 | # | |
46 | # Since: 2.1 | |
47 | # | |
48 | # Example: | |
49 | # | |
50 | # -> { "execute": "rtc-reset-reinjection" } | |
51 | # <- { "return": {} } | |
52 | # | |
53 | ## | |
54 | { 'command': 'rtc-reset-reinjection', | |
8a9f1e1d | 55 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
56 | |
57 | ||
58 | ## | |
59 | # @SevState: | |
60 | # | |
61 | # An enumeration of SEV state information used during @query-sev. | |
62 | # | |
63 | # @uninit: The guest is uninitialized. | |
64 | # | |
65 | # @launch-update: The guest is currently being launched; plaintext data and | |
66 | # register state is being imported. | |
67 | # | |
68 | # @launch-secret: The guest is currently being launched; ciphertext data | |
69 | # is being imported. | |
70 | # | |
71 | # @running: The guest is fully launched or migrated in. | |
72 | # | |
73 | # @send-update: The guest is currently being migrated out to another machine. | |
74 | # | |
75 | # @receive-update: The guest is currently being migrated from another machine. | |
76 | # | |
77 | # Since: 2.12 | |
78 | ## | |
79 | { 'enum': 'SevState', | |
80 | 'data': ['uninit', 'launch-update', 'launch-secret', 'running', | |
81 | 'send-update', 'receive-update' ], | |
8a9f1e1d | 82 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
83 | |
84 | ## | |
85 | # @SevInfo: | |
86 | # | |
87 | # Information about Secure Encrypted Virtualization (SEV) support | |
88 | # | |
89 | # @enabled: true if SEV is active | |
90 | # | |
91 | # @api-major: SEV API major version | |
92 | # | |
93 | # @api-minor: SEV API minor version | |
94 | # | |
95 | # @build-id: SEV FW build id | |
96 | # | |
97 | # @policy: SEV policy value | |
98 | # | |
99 | # @state: SEV guest state | |
100 | # | |
101 | # @handle: SEV firmware handle | |
102 | # | |
103 | # Since: 2.12 | |
104 | ## | |
105 | { 'struct': 'SevInfo', | |
106 | 'data': { 'enabled': 'bool', | |
107 | 'api-major': 'uint8', | |
108 | 'api-minor' : 'uint8', | |
109 | 'build-id' : 'uint8', | |
110 | 'policy' : 'uint32', | |
111 | 'state' : 'SevState', | |
112 | 'handle' : 'uint32' | |
113 | }, | |
8a9f1e1d | 114 | 'if': 'TARGET_I386' |
a6c7040f MAL |
115 | } |
116 | ||
117 | ## | |
118 | # @query-sev: | |
119 | # | |
120 | # Returns information about SEV | |
121 | # | |
122 | # Returns: @SevInfo | |
123 | # | |
124 | # Since: 2.12 | |
125 | # | |
126 | # Example: | |
127 | # | |
128 | # -> { "execute": "query-sev" } | |
129 | # <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, | |
130 | # "build-id" : 0, "policy" : 0, "state" : "running", | |
131 | # "handle" : 1 } } | |
132 | # | |
133 | ## | |
134 | { 'command': 'query-sev', 'returns': 'SevInfo', | |
8a9f1e1d | 135 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
136 | |
137 | ||
138 | ## | |
139 | # @SevLaunchMeasureInfo: | |
140 | # | |
141 | # SEV Guest Launch measurement information | |
142 | # | |
143 | # @data: the measurement value encoded in base64 | |
144 | # | |
145 | # Since: 2.12 | |
146 | # | |
147 | ## | |
148 | { 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, | |
8a9f1e1d | 149 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
150 | |
151 | ## | |
152 | # @query-sev-launch-measure: | |
153 | # | |
154 | # Query the SEV guest launch information. | |
155 | # | |
156 | # Returns: The @SevLaunchMeasureInfo for the guest | |
157 | # | |
158 | # Since: 2.12 | |
159 | # | |
160 | # Example: | |
161 | # | |
162 | # -> { "execute": "query-sev-launch-measure" } | |
163 | # <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } | |
164 | # | |
165 | ## | |
166 | { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', | |
8a9f1e1d | 167 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
168 | |
169 | ||
170 | ## | |
171 | # @SevCapability: | |
172 | # | |
173 | # The struct describes capability for a Secure Encrypted Virtualization | |
174 | # feature. | |
175 | # | |
176 | # @pdh: Platform Diffie-Hellman key (base64 encoded) | |
177 | # | |
178 | # @cert-chain: PDH certificate chain (base64 encoded) | |
179 | # | |
180 | # @cbitpos: C-bit location in page table entry | |
181 | # | |
182 | # @reduced-phys-bits: Number of physical Address bit reduction when SEV is | |
183 | # enabled | |
184 | # | |
185 | # Since: 2.12 | |
186 | ## | |
187 | { 'struct': 'SevCapability', | |
188 | 'data': { 'pdh': 'str', | |
189 | 'cert-chain': 'str', | |
190 | 'cbitpos': 'int', | |
191 | 'reduced-phys-bits': 'int'}, | |
8a9f1e1d | 192 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
193 | |
194 | ## | |
195 | # @query-sev-capabilities: | |
196 | # | |
197 | # This command is used to get the SEV capabilities, and is supported on AMD | |
198 | # X86 platforms only. | |
199 | # | |
200 | # Returns: SevCapability objects. | |
201 | # | |
202 | # Since: 2.12 | |
203 | # | |
204 | # Example: | |
205 | # | |
206 | # -> { "execute": "query-sev-capabilities" } | |
207 | # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", | |
208 | # "cbitpos": 47, "reduced-phys-bits": 5}} | |
209 | # | |
61eb9e80 | 210 | ## |
a6c7040f | 211 | { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', |
8a9f1e1d | 212 | 'if': 'TARGET_I386' } |
0e2f4530 | 213 | |
c7f7e697 TFF |
214 | ## |
215 | # @sev-inject-launch-secret: | |
216 | # | |
217 | # This command injects a secret blob into memory of SEV guest. | |
218 | # | |
219 | # @packet-header: the launch secret packet header encoded in base64 | |
220 | # | |
221 | # @secret: the launch secret data to be injected encoded in base64 | |
222 | # | |
223 | # @gpa: the guest physical address where secret will be injected. | |
224 | # | |
225 | # Since: 6.0 | |
226 | # | |
227 | ## | |
228 | { 'command': 'sev-inject-launch-secret', | |
f522cef9 | 229 | 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, |
8a9f1e1d | 230 | 'if': 'TARGET_I386' } |
c7f7e697 | 231 | |
0e2f4530 MAL |
232 | ## |
233 | # @dump-skeys: | |
234 | # | |
235 | # Dump guest's storage keys | |
236 | # | |
237 | # @filename: the path to the file to dump to | |
238 | # | |
239 | # This command is only supported on s390 architecture. | |
240 | # | |
241 | # Since: 2.5 | |
242 | # | |
243 | # Example: | |
244 | # | |
245 | # -> { "execute": "dump-skeys", | |
246 | # "arguments": { "filename": "/tmp/skeys" } } | |
247 | # <- { "return": {} } | |
248 | # | |
249 | ## | |
250 | { 'command': 'dump-skeys', | |
251 | 'data': { 'filename': 'str' }, | |
8a9f1e1d | 252 | 'if': 'TARGET_S390X' } |
0e2f4530 | 253 | |
84c6499e MAL |
254 | ## |
255 | # @GICCapability: | |
256 | # | |
257 | # The struct describes capability for a specific GIC (Generic | |
258 | # Interrupt Controller) version. These bits are not only decided by | |
259 | # QEMU/KVM software version, but also decided by the hardware that | |
260 | # the program is running upon. | |
261 | # | |
26ec4e53 PM |
262 | # @version: version of GIC to be described. Currently, only 2 and 3 |
263 | # are supported. | |
84c6499e MAL |
264 | # |
265 | # @emulated: whether current QEMU/hardware supports emulated GIC | |
266 | # device in user space. | |
267 | # | |
26ec4e53 PM |
268 | # @kernel: whether current QEMU/hardware supports hardware |
269 | # accelerated GIC device in kernel. | |
84c6499e MAL |
270 | # |
271 | # Since: 2.6 | |
272 | ## | |
273 | { 'struct': 'GICCapability', | |
274 | 'data': { 'version': 'int', | |
275 | 'emulated': 'bool', | |
276 | 'kernel': 'bool' }, | |
8a9f1e1d | 277 | 'if': 'TARGET_ARM' } |
84c6499e MAL |
278 | |
279 | ## | |
280 | # @query-gic-capabilities: | |
281 | # | |
282 | # This command is ARM-only. It will return a list of GICCapability | |
283 | # objects that describe its capability bits. | |
284 | # | |
285 | # Returns: a list of GICCapability objects. | |
286 | # | |
287 | # Since: 2.6 | |
288 | # | |
289 | # Example: | |
290 | # | |
291 | # -> { "execute": "query-gic-capabilities" } | |
292 | # <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, | |
293 | # { "version": 3, "emulated": false, "kernel": true } ] } | |
294 | # | |
295 | ## | |
296 | { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], | |
8a9f1e1d | 297 | 'if': 'TARGET_ARM' } |
3ea1a802 BS |
298 | |
299 | ||
300 | ## | |
301 | # @SevAttestationReport: | |
302 | # | |
303 | # The struct describes attestation report for a Secure Encrypted Virtualization | |
304 | # feature. | |
305 | # | |
306 | # @data: guest attestation report (base64 encoded) | |
307 | # | |
308 | # | |
309 | # Since: 6.1 | |
310 | ## | |
311 | { 'struct': 'SevAttestationReport', | |
312 | 'data': { 'data': 'str'}, | |
8a9f1e1d | 313 | 'if': 'TARGET_I386' } |
3ea1a802 BS |
314 | |
315 | ## | |
316 | # @query-sev-attestation-report: | |
317 | # | |
318 | # This command is used to get the SEV attestation report, and is supported on AMD | |
319 | # X86 platforms only. | |
320 | # | |
321 | # @mnonce: a random 16 bytes value encoded in base64 (it will be included in report) | |
322 | # | |
323 | # Returns: SevAttestationReport objects. | |
324 | # | |
325 | # Since: 6.1 | |
326 | # | |
327 | # Example: | |
328 | # | |
329 | # -> { "execute" : "query-sev-attestation-report", "arguments": { "mnonce": "aaaaaaa" } } | |
330 | # <- { "return" : { "data": "aaaaaaaabbbddddd"} } | |
331 | # | |
332 | ## | |
333 | { 'command': 'query-sev-attestation-report', 'data': { 'mnonce': 'str' }, | |
334 | 'returns': 'SevAttestationReport', | |
8a9f1e1d | 335 | 'if': 'TARGET_I386' } |