]>
Commit | Line | Data |
---|---|---|
61eb9e80 | 1 | # -*- Mode: Python -*- |
f7160f32 | 2 | # vim: filetype=python |
61eb9e80 MA |
3 | # |
4 | ||
61eb9e80 | 5 | ## |
a6c7040f MAL |
6 | # @rtc-reset-reinjection: |
7 | # | |
a937b6aa MA |
8 | # This command will reset the RTC interrupt reinjection backlog. Can |
9 | # be used if another mechanism to synchronize guest time is in effect, | |
10 | # for example QEMU guest agent's guest-set-time command. | |
a6c7040f MAL |
11 | # |
12 | # Since: 2.1 | |
13 | # | |
14 | # Example: | |
15 | # | |
16 | # -> { "execute": "rtc-reset-reinjection" } | |
17 | # <- { "return": {} } | |
a6c7040f MAL |
18 | ## |
19 | { 'command': 'rtc-reset-reinjection', | |
8a9f1e1d | 20 | 'if': 'TARGET_I386' } |
a6c7040f | 21 | |
a6c7040f MAL |
22 | ## |
23 | # @SevState: | |
24 | # | |
25 | # An enumeration of SEV state information used during @query-sev. | |
26 | # | |
27 | # @uninit: The guest is uninitialized. | |
28 | # | |
a937b6aa MA |
29 | # @launch-update: The guest is currently being launched; plaintext |
30 | # data and register state is being imported. | |
a6c7040f | 31 | # |
a937b6aa MA |
32 | # @launch-secret: The guest is currently being launched; ciphertext |
33 | # data is being imported. | |
a6c7040f MAL |
34 | # |
35 | # @running: The guest is fully launched or migrated in. | |
36 | # | |
a937b6aa MA |
37 | # @send-update: The guest is currently being migrated out to another |
38 | # machine. | |
a6c7040f | 39 | # |
a937b6aa MA |
40 | # @receive-update: The guest is currently being migrated from another |
41 | # machine. | |
a6c7040f MAL |
42 | # |
43 | # Since: 2.12 | |
44 | ## | |
45 | { 'enum': 'SevState', | |
46 | 'data': ['uninit', 'launch-update', 'launch-secret', 'running', | |
47 | 'send-update', 'receive-update' ], | |
8a9f1e1d | 48 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
49 | |
50 | ## | |
51 | # @SevInfo: | |
52 | # | |
53 | # Information about Secure Encrypted Virtualization (SEV) support | |
54 | # | |
55 | # @enabled: true if SEV is active | |
56 | # | |
57 | # @api-major: SEV API major version | |
58 | # | |
59 | # @api-minor: SEV API minor version | |
60 | # | |
61 | # @build-id: SEV FW build id | |
62 | # | |
63 | # @policy: SEV policy value | |
64 | # | |
65 | # @state: SEV guest state | |
66 | # | |
67 | # @handle: SEV firmware handle | |
68 | # | |
69 | # Since: 2.12 | |
70 | ## | |
71 | { 'struct': 'SevInfo', | |
72 | 'data': { 'enabled': 'bool', | |
73 | 'api-major': 'uint8', | |
74 | 'api-minor' : 'uint8', | |
75 | 'build-id' : 'uint8', | |
76 | 'policy' : 'uint32', | |
77 | 'state' : 'SevState', | |
78 | 'handle' : 'uint32' | |
79 | }, | |
8a9f1e1d | 80 | 'if': 'TARGET_I386' |
a6c7040f MAL |
81 | } |
82 | ||
83 | ## | |
84 | # @query-sev: | |
85 | # | |
86 | # Returns information about SEV | |
87 | # | |
88 | # Returns: @SevInfo | |
89 | # | |
90 | # Since: 2.12 | |
91 | # | |
92 | # Example: | |
93 | # | |
94 | # -> { "execute": "query-sev" } | |
95 | # <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, | |
96 | # "build-id" : 0, "policy" : 0, "state" : "running", | |
97 | # "handle" : 1 } } | |
a6c7040f MAL |
98 | ## |
99 | { 'command': 'query-sev', 'returns': 'SevInfo', | |
8a9f1e1d | 100 | 'if': 'TARGET_I386' } |
a6c7040f | 101 | |
a6c7040f MAL |
102 | ## |
103 | # @SevLaunchMeasureInfo: | |
104 | # | |
105 | # SEV Guest Launch measurement information | |
106 | # | |
107 | # @data: the measurement value encoded in base64 | |
108 | # | |
109 | # Since: 2.12 | |
a6c7040f MAL |
110 | ## |
111 | { 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, | |
8a9f1e1d | 112 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
113 | |
114 | ## | |
115 | # @query-sev-launch-measure: | |
116 | # | |
117 | # Query the SEV guest launch information. | |
118 | # | |
119 | # Returns: The @SevLaunchMeasureInfo for the guest | |
120 | # | |
121 | # Since: 2.12 | |
122 | # | |
123 | # Example: | |
124 | # | |
125 | # -> { "execute": "query-sev-launch-measure" } | |
126 | # <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } | |
a6c7040f MAL |
127 | ## |
128 | { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', | |
8a9f1e1d | 129 | 'if': 'TARGET_I386' } |
a6c7040f | 130 | |
a6c7040f MAL |
131 | ## |
132 | # @SevCapability: | |
133 | # | |
a937b6aa MA |
134 | # The struct describes capability for a Secure Encrypted |
135 | # Virtualization feature. | |
a6c7040f | 136 | # |
23e46452 | 137 | # @pdh: Platform Diffie-Hellman key (base64 encoded) |
a6c7040f | 138 | # |
23e46452 | 139 | # @cert-chain: PDH certificate chain (base64 encoded) |
a6c7040f | 140 | # |
de7371bc | 141 | # @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) |
811b4ec7 | 142 | # |
a6c7040f MAL |
143 | # @cbitpos: C-bit location in page table entry |
144 | # | |
a937b6aa MA |
145 | # @reduced-phys-bits: Number of physical Address bit reduction when |
146 | # SEV is enabled | |
a6c7040f MAL |
147 | # |
148 | # Since: 2.12 | |
149 | ## | |
150 | { 'struct': 'SevCapability', | |
151 | 'data': { 'pdh': 'str', | |
152 | 'cert-chain': 'str', | |
811b4ec7 | 153 | 'cpu0-id': 'str', |
a6c7040f MAL |
154 | 'cbitpos': 'int', |
155 | 'reduced-phys-bits': 'int'}, | |
8a9f1e1d | 156 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
157 | |
158 | ## | |
159 | # @query-sev-capabilities: | |
160 | # | |
a937b6aa MA |
161 | # This command is used to get the SEV capabilities, and is supported |
162 | # on AMD X86 platforms only. | |
a6c7040f MAL |
163 | # |
164 | # Returns: SevCapability objects. | |
165 | # | |
166 | # Since: 2.12 | |
167 | # | |
168 | # Example: | |
169 | # | |
170 | # -> { "execute": "query-sev-capabilities" } | |
171 | # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", | |
811b4ec7 | 172 | # "cpu0-id": "2lvmGwo+...61iEinw==", |
798a818f | 173 | # "cbitpos": 47, "reduced-phys-bits": 1}} |
61eb9e80 | 174 | ## |
a6c7040f | 175 | { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', |
8a9f1e1d | 176 | 'if': 'TARGET_I386' } |
0e2f4530 | 177 | |
c7f7e697 TFF |
178 | ## |
179 | # @sev-inject-launch-secret: | |
180 | # | |
181 | # This command injects a secret blob into memory of SEV guest. | |
182 | # | |
183 | # @packet-header: the launch secret packet header encoded in base64 | |
184 | # | |
185 | # @secret: the launch secret data to be injected encoded in base64 | |
186 | # | |
187 | # @gpa: the guest physical address where secret will be injected. | |
188 | # | |
189 | # Since: 6.0 | |
c7f7e697 TFF |
190 | ## |
191 | { 'command': 'sev-inject-launch-secret', | |
f522cef9 | 192 | 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, |
8a9f1e1d | 193 | 'if': 'TARGET_I386' } |
c7f7e697 | 194 | |
993e2605 PMD |
195 | ## |
196 | # @SevAttestationReport: | |
197 | # | |
198 | # The struct describes attestation report for a Secure Encrypted | |
199 | # Virtualization feature. | |
200 | # | |
23e46452 | 201 | # @data: guest attestation report (base64 encoded) |
993e2605 | 202 | # |
993e2605 PMD |
203 | # Since: 6.1 |
204 | ## | |
205 | { 'struct': 'SevAttestationReport', | |
206 | 'data': { 'data': 'str'}, | |
207 | 'if': 'TARGET_I386' } | |
208 | ||
209 | ## | |
210 | # @query-sev-attestation-report: | |
211 | # | |
212 | # This command is used to get the SEV attestation report, and is | |
213 | # supported on AMD X86 platforms only. | |
214 | # | |
215 | # @mnonce: a random 16 bytes value encoded in base64 (it will be | |
a937b6aa | 216 | # included in report) |
993e2605 PMD |
217 | # |
218 | # Returns: SevAttestationReport objects. | |
219 | # | |
220 | # Since: 6.1 | |
221 | # | |
222 | # Example: | |
223 | # | |
224 | # -> { "execute" : "query-sev-attestation-report", | |
225 | # "arguments": { "mnonce": "aaaaaaa" } } | |
226 | # <- { "return" : { "data": "aaaaaaaabbbddddd"} } | |
993e2605 PMD |
227 | ## |
228 | { 'command': 'query-sev-attestation-report', | |
229 | 'data': { 'mnonce': 'str' }, | |
230 | 'returns': 'SevAttestationReport', | |
231 | 'if': 'TARGET_I386' } | |
232 | ||
0e2f4530 MAL |
233 | ## |
234 | # @dump-skeys: | |
235 | # | |
236 | # Dump guest's storage keys | |
237 | # | |
238 | # @filename: the path to the file to dump to | |
239 | # | |
240 | # This command is only supported on s390 architecture. | |
241 | # | |
242 | # Since: 2.5 | |
243 | # | |
244 | # Example: | |
245 | # | |
246 | # -> { "execute": "dump-skeys", | |
247 | # "arguments": { "filename": "/tmp/skeys" } } | |
248 | # <- { "return": {} } | |
0e2f4530 MAL |
249 | ## |
250 | { 'command': 'dump-skeys', | |
251 | 'data': { 'filename': 'str' }, | |
8a9f1e1d | 252 | 'if': 'TARGET_S390X' } |
0e2f4530 | 253 | |
84c6499e MAL |
254 | ## |
255 | # @GICCapability: | |
256 | # | |
257 | # The struct describes capability for a specific GIC (Generic | |
a937b6aa MA |
258 | # Interrupt Controller) version. These bits are not only decided by |
259 | # QEMU/KVM software version, but also decided by the hardware that the | |
260 | # program is running upon. | |
84c6499e | 261 | # |
a937b6aa MA |
262 | # @version: version of GIC to be described. Currently, only 2 and 3 |
263 | # are supported. | |
84c6499e MAL |
264 | # |
265 | # @emulated: whether current QEMU/hardware supports emulated GIC | |
a937b6aa | 266 | # device in user space. |
84c6499e | 267 | # |
a937b6aa MA |
268 | # @kernel: whether current QEMU/hardware supports hardware accelerated |
269 | # GIC device in kernel. | |
84c6499e MAL |
270 | # |
271 | # Since: 2.6 | |
272 | ## | |
273 | { 'struct': 'GICCapability', | |
274 | 'data': { 'version': 'int', | |
275 | 'emulated': 'bool', | |
276 | 'kernel': 'bool' }, | |
8a9f1e1d | 277 | 'if': 'TARGET_ARM' } |
84c6499e MAL |
278 | |
279 | ## | |
280 | # @query-gic-capabilities: | |
281 | # | |
a937b6aa | 282 | # This command is ARM-only. It will return a list of GICCapability |
84c6499e MAL |
283 | # objects that describe its capability bits. |
284 | # | |
285 | # Returns: a list of GICCapability objects. | |
286 | # | |
287 | # Since: 2.6 | |
288 | # | |
289 | # Example: | |
290 | # | |
291 | # -> { "execute": "query-gic-capabilities" } | |
292 | # <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, | |
293 | # { "version": 3, "emulated": false, "kernel": true } ] } | |
84c6499e MAL |
294 | ## |
295 | { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], | |
8a9f1e1d | 296 | 'if': 'TARGET_ARM' } |
3ea1a802 | 297 | |
4755927a YZ |
298 | ## |
299 | # @SGXEPCSection: | |
300 | # | |
301 | # Information about intel SGX EPC section info | |
302 | # | |
303 | # @node: the numa node | |
304 | # | |
a66bd91f | 305 | # @size: the size of EPC section |
4755927a | 306 | # |
a66bd91f | 307 | # Since: 7.0 |
4755927a YZ |
308 | ## |
309 | { 'struct': 'SGXEPCSection', | |
310 | 'data': { 'node': 'int', | |
311 | 'size': 'uint64'}} | |
312 | ||
57d874c4 YZ |
313 | ## |
314 | # @SGXInfo: | |
315 | # | |
316 | # Information about intel Safe Guard eXtension (SGX) support | |
317 | # | |
318 | # @sgx: true if SGX is supported | |
319 | # | |
320 | # @sgx1: true if SGX1 is supported | |
321 | # | |
322 | # @sgx2: true if SGX2 is supported | |
323 | # | |
324 | # @flc: true if FLC is supported | |
325 | # | |
a66bd91f YZ |
326 | # @sections: The EPC sections info for guest (Since: 7.0) |
327 | # | |
57d874c4 YZ |
328 | # Since: 6.2 |
329 | ## | |
330 | { 'struct': 'SGXInfo', | |
331 | 'data': { 'sgx': 'bool', | |
332 | 'sgx1': 'bool', | |
333 | 'sgx2': 'bool', | |
334 | 'flc': 'bool', | |
4755927a | 335 | 'sections': ['SGXEPCSection']}, |
57d874c4 YZ |
336 | 'if': 'TARGET_I386' } |
337 | ||
338 | ## | |
339 | # @query-sgx: | |
340 | # | |
341 | # Returns information about SGX | |
342 | # | |
343 | # Returns: @SGXInfo | |
344 | # | |
345 | # Since: 6.2 | |
346 | # | |
347 | # Example: | |
348 | # | |
349 | # -> { "execute": "query-sgx" } | |
350 | # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, | |
fb418b51 | 351 | # "flc": true, |
a66bd91f YZ |
352 | # "sections": [{"node": 0, "size": 67108864}, |
353 | # {"node": 1, "size": 29360128}]} } | |
57d874c4 YZ |
354 | ## |
355 | { 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } | |
0205c4fa YZ |
356 | |
357 | ## | |
358 | # @query-sgx-capabilities: | |
359 | # | |
360 | # Returns information from host SGX capabilities | |
361 | # | |
362 | # Returns: @SGXInfo | |
363 | # | |
364 | # Since: 6.2 | |
365 | # | |
366 | # Example: | |
367 | # | |
368 | # -> { "execute": "query-sgx-capabilities" } | |
369 | # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, | |
fb418b51 | 370 | # "flc": true, |
a66bd91f YZ |
371 | # "section" : [{"node": 0, "size": 67108864}, |
372 | # {"node": 1, "size": 29360128}]} } | |
0205c4fa YZ |
373 | ## |
374 | { 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } | |
507cb64d JM |
375 | |
376 | ||
377 | ## | |
378 | # @EvtchnPortType: | |
379 | # | |
380 | # An enumeration of Xen event channel port types. | |
381 | # | |
382 | # @closed: The port is unused. | |
383 | # | |
384 | # @unbound: The port is allocated and ready to be bound. | |
385 | # | |
386 | # @interdomain: The port is connected as an interdomain interrupt. | |
387 | # | |
388 | # @pirq: The port is bound to a physical IRQ (PIRQ). | |
389 | # | |
390 | # @virq: The port is bound to a virtual IRQ (VIRQ). | |
391 | # | |
392 | # @ipi: The post is an inter-processor interrupt (IPI). | |
393 | # | |
394 | # Since: 8.0 | |
395 | ## | |
396 | { 'enum': 'EvtchnPortType', | |
397 | 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'], | |
398 | 'if': 'TARGET_I386' } | |
399 | ||
400 | ## | |
401 | # @EvtchnInfo: | |
402 | # | |
403 | # Information about a Xen event channel port | |
404 | # | |
405 | # @port: the port number | |
406 | # | |
407 | # @vcpu: target vCPU for this port | |
408 | # | |
409 | # @type: the port type | |
410 | # | |
411 | # @remote-domain: remote domain for interdomain ports | |
412 | # | |
413 | # @target: remote port ID, or virq/pirq number | |
414 | # | |
415 | # @pending: port is currently active pending delivery | |
416 | # | |
417 | # @masked: port is masked | |
418 | # | |
419 | # Since: 8.0 | |
420 | ## | |
421 | { 'struct': 'EvtchnInfo', | |
422 | 'data': {'port': 'uint16', | |
423 | 'vcpu': 'uint32', | |
424 | 'type': 'EvtchnPortType', | |
425 | 'remote-domain': 'str', | |
426 | 'target': 'uint16', | |
427 | 'pending': 'bool', | |
428 | 'masked': 'bool'}, | |
429 | 'if': 'TARGET_I386' } | |
430 | ||
431 | ||
432 | ## | |
433 | # @xen-event-list: | |
434 | # | |
435 | # Query the Xen event channels opened by the guest. | |
436 | # | |
437 | # Returns: list of open event channel ports. | |
438 | # | |
439 | # Since: 8.0 | |
440 | # | |
441 | # Example: | |
442 | # | |
443 | # -> { "execute": "xen-event-list" } | |
444 | # <- { "return": [ | |
445 | # { | |
446 | # "pending": false, | |
447 | # "port": 1, | |
448 | # "vcpu": 1, | |
449 | # "remote-domain": "qemu", | |
450 | # "masked": false, | |
451 | # "type": "interdomain", | |
452 | # "target": 1 | |
453 | # }, | |
454 | # { | |
455 | # "pending": false, | |
456 | # "port": 2, | |
457 | # "vcpu": 0, | |
458 | # "remote-domain": "", | |
459 | # "masked": false, | |
460 | # "type": "virq", | |
461 | # "target": 0 | |
462 | # } | |
463 | # ] | |
464 | # } | |
507cb64d JM |
465 | ## |
466 | { 'command': 'xen-event-list', | |
467 | 'returns': ['EvtchnInfo'], | |
468 | 'if': 'TARGET_I386' } | |
469 | ||
470 | ## | |
471 | # @xen-event-inject: | |
472 | # | |
473 | # Inject a Xen event channel port (interrupt) to the guest. | |
474 | # | |
475 | # @port: The port number | |
476 | # | |
a937b6aa MA |
477 | # Returns: |
478 | # - Nothing on success. | |
507cb64d JM |
479 | # |
480 | # Since: 8.0 | |
481 | # | |
482 | # Example: | |
483 | # | |
484 | # -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } | |
485 | # <- { "return": { } } | |
507cb64d JM |
486 | ## |
487 | { 'command': 'xen-event-inject', | |
488 | 'data': { 'port': 'uint32' }, | |
489 | 'if': 'TARGET_I386' } |