]>
Commit | Line | Data |
---|---|---|
61eb9e80 | 1 | # -*- Mode: Python -*- |
f7160f32 | 2 | # vim: filetype=python |
61eb9e80 MA |
3 | # |
4 | ||
61eb9e80 | 5 | ## |
a6c7040f MAL |
6 | # @rtc-reset-reinjection: |
7 | # | |
8 | # This command will reset the RTC interrupt reinjection backlog. | |
9 | # Can be used if another mechanism to synchronize guest time | |
10 | # is in effect, for example QEMU guest agent's guest-set-time | |
11 | # command. | |
12 | # | |
13 | # Since: 2.1 | |
14 | # | |
15 | # Example: | |
16 | # | |
17 | # -> { "execute": "rtc-reset-reinjection" } | |
18 | # <- { "return": {} } | |
19 | # | |
20 | ## | |
21 | { 'command': 'rtc-reset-reinjection', | |
8a9f1e1d | 22 | 'if': 'TARGET_I386' } |
a6c7040f | 23 | |
a6c7040f MAL |
24 | ## |
25 | # @SevState: | |
26 | # | |
27 | # An enumeration of SEV state information used during @query-sev. | |
28 | # | |
29 | # @uninit: The guest is uninitialized. | |
30 | # | |
31 | # @launch-update: The guest is currently being launched; plaintext data and | |
32 | # register state is being imported. | |
33 | # | |
34 | # @launch-secret: The guest is currently being launched; ciphertext data | |
35 | # is being imported. | |
36 | # | |
37 | # @running: The guest is fully launched or migrated in. | |
38 | # | |
39 | # @send-update: The guest is currently being migrated out to another machine. | |
40 | # | |
41 | # @receive-update: The guest is currently being migrated from another machine. | |
42 | # | |
43 | # Since: 2.12 | |
44 | ## | |
45 | { 'enum': 'SevState', | |
46 | 'data': ['uninit', 'launch-update', 'launch-secret', 'running', | |
47 | 'send-update', 'receive-update' ], | |
8a9f1e1d | 48 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
49 | |
50 | ## | |
51 | # @SevInfo: | |
52 | # | |
53 | # Information about Secure Encrypted Virtualization (SEV) support | |
54 | # | |
55 | # @enabled: true if SEV is active | |
56 | # | |
57 | # @api-major: SEV API major version | |
58 | # | |
59 | # @api-minor: SEV API minor version | |
60 | # | |
61 | # @build-id: SEV FW build id | |
62 | # | |
63 | # @policy: SEV policy value | |
64 | # | |
65 | # @state: SEV guest state | |
66 | # | |
67 | # @handle: SEV firmware handle | |
68 | # | |
69 | # Since: 2.12 | |
70 | ## | |
71 | { 'struct': 'SevInfo', | |
72 | 'data': { 'enabled': 'bool', | |
73 | 'api-major': 'uint8', | |
74 | 'api-minor' : 'uint8', | |
75 | 'build-id' : 'uint8', | |
76 | 'policy' : 'uint32', | |
77 | 'state' : 'SevState', | |
78 | 'handle' : 'uint32' | |
79 | }, | |
8a9f1e1d | 80 | 'if': 'TARGET_I386' |
a6c7040f MAL |
81 | } |
82 | ||
83 | ## | |
84 | # @query-sev: | |
85 | # | |
86 | # Returns information about SEV | |
87 | # | |
88 | # Returns: @SevInfo | |
89 | # | |
90 | # Since: 2.12 | |
91 | # | |
92 | # Example: | |
93 | # | |
94 | # -> { "execute": "query-sev" } | |
95 | # <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, | |
96 | # "build-id" : 0, "policy" : 0, "state" : "running", | |
97 | # "handle" : 1 } } | |
98 | # | |
99 | ## | |
100 | { 'command': 'query-sev', 'returns': 'SevInfo', | |
8a9f1e1d | 101 | 'if': 'TARGET_I386' } |
a6c7040f | 102 | |
a6c7040f MAL |
103 | ## |
104 | # @SevLaunchMeasureInfo: | |
105 | # | |
106 | # SEV Guest Launch measurement information | |
107 | # | |
108 | # @data: the measurement value encoded in base64 | |
109 | # | |
110 | # Since: 2.12 | |
a6c7040f MAL |
111 | ## |
112 | { 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'}, | |
8a9f1e1d | 113 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
114 | |
115 | ## | |
116 | # @query-sev-launch-measure: | |
117 | # | |
118 | # Query the SEV guest launch information. | |
119 | # | |
120 | # Returns: The @SevLaunchMeasureInfo for the guest | |
121 | # | |
122 | # Since: 2.12 | |
123 | # | |
124 | # Example: | |
125 | # | |
126 | # -> { "execute": "query-sev-launch-measure" } | |
127 | # <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } | |
128 | # | |
129 | ## | |
130 | { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo', | |
8a9f1e1d | 131 | 'if': 'TARGET_I386' } |
a6c7040f | 132 | |
a6c7040f MAL |
133 | ## |
134 | # @SevCapability: | |
135 | # | |
136 | # The struct describes capability for a Secure Encrypted Virtualization | |
137 | # feature. | |
138 | # | |
139 | # @pdh: Platform Diffie-Hellman key (base64 encoded) | |
140 | # | |
141 | # @cert-chain: PDH certificate chain (base64 encoded) | |
142 | # | |
de7371bc | 143 | # @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) |
811b4ec7 | 144 | # |
a6c7040f MAL |
145 | # @cbitpos: C-bit location in page table entry |
146 | # | |
147 | # @reduced-phys-bits: Number of physical Address bit reduction when SEV is | |
148 | # enabled | |
149 | # | |
150 | # Since: 2.12 | |
151 | ## | |
152 | { 'struct': 'SevCapability', | |
153 | 'data': { 'pdh': 'str', | |
154 | 'cert-chain': 'str', | |
811b4ec7 | 155 | 'cpu0-id': 'str', |
a6c7040f MAL |
156 | 'cbitpos': 'int', |
157 | 'reduced-phys-bits': 'int'}, | |
8a9f1e1d | 158 | 'if': 'TARGET_I386' } |
a6c7040f MAL |
159 | |
160 | ## | |
161 | # @query-sev-capabilities: | |
162 | # | |
163 | # This command is used to get the SEV capabilities, and is supported on AMD | |
164 | # X86 platforms only. | |
165 | # | |
166 | # Returns: SevCapability objects. | |
167 | # | |
168 | # Since: 2.12 | |
169 | # | |
170 | # Example: | |
171 | # | |
172 | # -> { "execute": "query-sev-capabilities" } | |
173 | # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", | |
811b4ec7 | 174 | # "cpu0-id": "2lvmGwo+...61iEinw==", |
a6c7040f MAL |
175 | # "cbitpos": 47, "reduced-phys-bits": 5}} |
176 | # | |
61eb9e80 | 177 | ## |
a6c7040f | 178 | { 'command': 'query-sev-capabilities', 'returns': 'SevCapability', |
8a9f1e1d | 179 | 'if': 'TARGET_I386' } |
0e2f4530 | 180 | |
c7f7e697 TFF |
181 | ## |
182 | # @sev-inject-launch-secret: | |
183 | # | |
184 | # This command injects a secret blob into memory of SEV guest. | |
185 | # | |
186 | # @packet-header: the launch secret packet header encoded in base64 | |
187 | # | |
188 | # @secret: the launch secret data to be injected encoded in base64 | |
189 | # | |
190 | # @gpa: the guest physical address where secret will be injected. | |
191 | # | |
192 | # Since: 6.0 | |
c7f7e697 TFF |
193 | ## |
194 | { 'command': 'sev-inject-launch-secret', | |
f522cef9 | 195 | 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, |
8a9f1e1d | 196 | 'if': 'TARGET_I386' } |
c7f7e697 | 197 | |
993e2605 PMD |
198 | ## |
199 | # @SevAttestationReport: | |
200 | # | |
201 | # The struct describes attestation report for a Secure Encrypted | |
202 | # Virtualization feature. | |
203 | # | |
204 | # @data: guest attestation report (base64 encoded) | |
205 | # | |
993e2605 PMD |
206 | # Since: 6.1 |
207 | ## | |
208 | { 'struct': 'SevAttestationReport', | |
209 | 'data': { 'data': 'str'}, | |
210 | 'if': 'TARGET_I386' } | |
211 | ||
212 | ## | |
213 | # @query-sev-attestation-report: | |
214 | # | |
215 | # This command is used to get the SEV attestation report, and is | |
216 | # supported on AMD X86 platforms only. | |
217 | # | |
218 | # @mnonce: a random 16 bytes value encoded in base64 (it will be | |
219 | # included in report) | |
220 | # | |
221 | # Returns: SevAttestationReport objects. | |
222 | # | |
223 | # Since: 6.1 | |
224 | # | |
225 | # Example: | |
226 | # | |
227 | # -> { "execute" : "query-sev-attestation-report", | |
228 | # "arguments": { "mnonce": "aaaaaaa" } } | |
229 | # <- { "return" : { "data": "aaaaaaaabbbddddd"} } | |
230 | # | |
231 | ## | |
232 | { 'command': 'query-sev-attestation-report', | |
233 | 'data': { 'mnonce': 'str' }, | |
234 | 'returns': 'SevAttestationReport', | |
235 | 'if': 'TARGET_I386' } | |
236 | ||
0e2f4530 MAL |
237 | ## |
238 | # @dump-skeys: | |
239 | # | |
240 | # Dump guest's storage keys | |
241 | # | |
242 | # @filename: the path to the file to dump to | |
243 | # | |
244 | # This command is only supported on s390 architecture. | |
245 | # | |
246 | # Since: 2.5 | |
247 | # | |
248 | # Example: | |
249 | # | |
250 | # -> { "execute": "dump-skeys", | |
251 | # "arguments": { "filename": "/tmp/skeys" } } | |
252 | # <- { "return": {} } | |
253 | # | |
254 | ## | |
255 | { 'command': 'dump-skeys', | |
256 | 'data': { 'filename': 'str' }, | |
8a9f1e1d | 257 | 'if': 'TARGET_S390X' } |
0e2f4530 | 258 | |
84c6499e MAL |
259 | ## |
260 | # @GICCapability: | |
261 | # | |
262 | # The struct describes capability for a specific GIC (Generic | |
263 | # Interrupt Controller) version. These bits are not only decided by | |
264 | # QEMU/KVM software version, but also decided by the hardware that | |
265 | # the program is running upon. | |
266 | # | |
26ec4e53 PM |
267 | # @version: version of GIC to be described. Currently, only 2 and 3 |
268 | # are supported. | |
84c6499e MAL |
269 | # |
270 | # @emulated: whether current QEMU/hardware supports emulated GIC | |
271 | # device in user space. | |
272 | # | |
26ec4e53 PM |
273 | # @kernel: whether current QEMU/hardware supports hardware |
274 | # accelerated GIC device in kernel. | |
84c6499e MAL |
275 | # |
276 | # Since: 2.6 | |
277 | ## | |
278 | { 'struct': 'GICCapability', | |
279 | 'data': { 'version': 'int', | |
280 | 'emulated': 'bool', | |
281 | 'kernel': 'bool' }, | |
8a9f1e1d | 282 | 'if': 'TARGET_ARM' } |
84c6499e MAL |
283 | |
284 | ## | |
285 | # @query-gic-capabilities: | |
286 | # | |
287 | # This command is ARM-only. It will return a list of GICCapability | |
288 | # objects that describe its capability bits. | |
289 | # | |
290 | # Returns: a list of GICCapability objects. | |
291 | # | |
292 | # Since: 2.6 | |
293 | # | |
294 | # Example: | |
295 | # | |
296 | # -> { "execute": "query-gic-capabilities" } | |
297 | # <- { "return": [{ "version": 2, "emulated": true, "kernel": false }, | |
298 | # { "version": 3, "emulated": false, "kernel": true } ] } | |
299 | # | |
300 | ## | |
301 | { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], | |
8a9f1e1d | 302 | 'if': 'TARGET_ARM' } |
3ea1a802 | 303 | |
4755927a YZ |
304 | ## |
305 | # @SGXEPCSection: | |
306 | # | |
307 | # Information about intel SGX EPC section info | |
308 | # | |
309 | # @node: the numa node | |
310 | # | |
a66bd91f | 311 | # @size: the size of EPC section |
4755927a | 312 | # |
a66bd91f | 313 | # Since: 7.0 |
4755927a YZ |
314 | ## |
315 | { 'struct': 'SGXEPCSection', | |
316 | 'data': { 'node': 'int', | |
317 | 'size': 'uint64'}} | |
318 | ||
57d874c4 YZ |
319 | ## |
320 | # @SGXInfo: | |
321 | # | |
322 | # Information about intel Safe Guard eXtension (SGX) support | |
323 | # | |
324 | # @sgx: true if SGX is supported | |
325 | # | |
326 | # @sgx1: true if SGX1 is supported | |
327 | # | |
328 | # @sgx2: true if SGX2 is supported | |
329 | # | |
330 | # @flc: true if FLC is supported | |
331 | # | |
a66bd91f YZ |
332 | # @section-size: The EPC section size for guest |
333 | # Redundant with @sections. Just for backward compatibility. | |
334 | # | |
335 | # @sections: The EPC sections info for guest (Since: 7.0) | |
336 | # | |
337 | # Features: | |
338 | # @deprecated: Member @section-size is deprecated. Use @sections instead. | |
57d874c4 YZ |
339 | # |
340 | # Since: 6.2 | |
341 | ## | |
342 | { 'struct': 'SGXInfo', | |
343 | 'data': { 'sgx': 'bool', | |
344 | 'sgx1': 'bool', | |
345 | 'sgx2': 'bool', | |
346 | 'flc': 'bool', | |
a66bd91f YZ |
347 | 'section-size': { 'type': 'uint64', |
348 | 'features': [ 'deprecated' ] }, | |
4755927a | 349 | 'sections': ['SGXEPCSection']}, |
57d874c4 YZ |
350 | 'if': 'TARGET_I386' } |
351 | ||
352 | ## | |
353 | # @query-sgx: | |
354 | # | |
355 | # Returns information about SGX | |
356 | # | |
357 | # Returns: @SGXInfo | |
358 | # | |
359 | # Since: 6.2 | |
360 | # | |
361 | # Example: | |
362 | # | |
363 | # -> { "execute": "query-sgx" } | |
364 | # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, | |
a66bd91f YZ |
365 | # "flc": true, "section-size" : 96468992, |
366 | # "sections": [{"node": 0, "size": 67108864}, | |
367 | # {"node": 1, "size": 29360128}]} } | |
57d874c4 YZ |
368 | # |
369 | ## | |
370 | { 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } | |
0205c4fa YZ |
371 | |
372 | ## | |
373 | # @query-sgx-capabilities: | |
374 | # | |
375 | # Returns information from host SGX capabilities | |
376 | # | |
377 | # Returns: @SGXInfo | |
378 | # | |
379 | # Since: 6.2 | |
380 | # | |
381 | # Example: | |
382 | # | |
383 | # -> { "execute": "query-sgx-capabilities" } | |
384 | # <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, | |
a66bd91f YZ |
385 | # "flc": true, "section-size" : 96468992, |
386 | # "section" : [{"node": 0, "size": 67108864}, | |
387 | # {"node": 1, "size": 29360128}]} } | |
0205c4fa YZ |
388 | # |
389 | ## | |
390 | { 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' } |