[mirror_qemu.git] / qapi / misc-target.json

# -*- Mode: Python -*-
# vim: filetype=python
#

##
# @rtc-reset-reinjection:
#
# This command will reset the RTC interrupt reinjection backlog.
# Can be used if another mechanism to synchronize guest time
# is in effect, for example QEMU guest agent's guest-set-time
# command.
#
# Since: 2.1
#
# Example:
#
# -> { "execute": "rtc-reset-reinjection" }
# <- { "return": {} }
#
##
{ 'command': 'rtc-reset-reinjection',
  'if': 'TARGET_I386' }

##
# @SevState:
#
# An enumeration of SEV state information used during @query-sev.
#
# @uninit: The guest is uninitialized.
#
# @launch-update: The guest is currently being launched; plaintext data and
#                 register state is being imported.
#
# @launch-secret: The guest is currently being launched; ciphertext data
#                 is being imported.
#
# @running: The guest is fully launched or migrated in.
#
# @send-update: The guest is currently being migrated out to another machine.
#
# @receive-update: The guest is currently being migrated from another machine.
#
# Since: 2.12
##
{ 'enum': 'SevState',
  'data': ['uninit', 'launch-update', 'launch-secret', 'running',
           'send-update', 'receive-update' ],
  'if': 'TARGET_I386' }

##
# @SevInfo:
#
# Information about Secure Encrypted Virtualization (SEV) support
#
# @enabled: true if SEV is active
#
# @api-major: SEV API major version
#
# @api-minor: SEV API minor version
#
# @build-id: SEV FW build id
#
# @policy: SEV policy value
#
# @state: SEV guest state
#
# @handle: SEV firmware handle
#
# Since: 2.12
##
{ 'struct': 'SevInfo',
    'data': { 'enabled': 'bool',
              'api-major': 'uint8',
              'api-minor' : 'uint8',
              'build-id' : 'uint8',
              'policy' : 'uint32',
              'state' : 'SevState',
              'handle' : 'uint32'
            },
  'if': 'TARGET_I386'
}

##
# @query-sev:
#
# Returns information about SEV
#
# Returns: @SevInfo
#
# Since: 2.12
#
# Example:
#
# -> { "execute": "query-sev" }
# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
#                  "build-id" : 0, "policy" : 0, "state" : "running",
#                  "handle" : 1 } }
#
##
{ 'command': 'query-sev', 'returns': 'SevInfo',
  'if': 'TARGET_I386' }

##
# @SevLaunchMeasureInfo:
#
# SEV Guest Launch measurement information
#
# @data: the measurement value encoded in base64
#
# Since: 2.12
##
{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
  'if': 'TARGET_I386' }

##
# @query-sev-launch-measure:
#
# Query the SEV guest launch information.
#
# Returns: The @SevLaunchMeasureInfo for the guest
#
# Since: 2.12
#
# Example:
#
# -> { "execute": "query-sev-launch-measure" }
# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
#
##
{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
  'if': 'TARGET_I386' }

##
# @SevCapability:
#
# The struct describes capability for a Secure Encrypted Virtualization
# feature.
#
# @pdh:  Platform Diffie-Hellman key (base64 encoded)
#
# @cert-chain:  PDH certificate chain (base64 encoded)
#
# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1)
#
# @cbitpos: C-bit location in page table entry
#
# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
#                     enabled
#
# Since: 2.12
##
{ 'struct': 'SevCapability',
  'data': { 'pdh': 'str',
            'cert-chain': 'str',
            'cpu0-id': 'str',
            'cbitpos': 'int',
            'reduced-phys-bits': 'int'},
  'if': 'TARGET_I386' }

##
# @query-sev-capabilities:
#
# This command is used to get the SEV capabilities, and is supported on AMD
# X86 platforms only.
#
# Returns: SevCapability objects.
#
# Since: 2.12
#
# Example:
#
# -> { "execute": "query-sev-capabilities" }
# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
#                  "cpu0-id": "2lvmGwo+...61iEinw==",
#                  "cbitpos": 47, "reduced-phys-bits": 5}}
#
##
{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
  'if': 'TARGET_I386' }

##
# @sev-inject-launch-secret:
#
# This command injects a secret blob into memory of SEV guest.
#
# @packet-header: the launch secret packet header encoded in base64
#
# @secret: the launch secret data to be injected encoded in base64
#
# @gpa: the guest physical address where secret will be injected.
#
# Since: 6.0
##
{ 'command': 'sev-inject-launch-secret',
  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
  'if': 'TARGET_I386' }

##
# @SevAttestationReport:
#
# The struct describes attestation report for a Secure Encrypted
# Virtualization feature.
#
# @data:  guest attestation report (base64 encoded)
#
# Since: 6.1
##
{ 'struct': 'SevAttestationReport',
  'data': { 'data': 'str'},
  'if': 'TARGET_I386' }

##
# @query-sev-attestation-report:
#
# This command is used to get the SEV attestation report, and is
# supported on AMD X86 platforms only.
#
# @mnonce: a random 16 bytes value encoded in base64 (it will be
#          included in report)
#
# Returns: SevAttestationReport objects.
#
# Since: 6.1
#
# Example:
#
# -> { "execute" : "query-sev-attestation-report",
#                  "arguments": { "mnonce": "aaaaaaa" } }
# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
#
##
{ 'command': 'query-sev-attestation-report',
  'data': { 'mnonce': 'str' },
  'returns': 'SevAttestationReport',
  'if': 'TARGET_I386' }

##
# @dump-skeys:
#
# Dump guest's storage keys
#
# @filename: the path to the file to dump to
#
# This command is only supported on s390 architecture.
#
# Since: 2.5
#
# Example:
#
# -> { "execute": "dump-skeys",
#      "arguments": { "filename": "/tmp/skeys" } }
# <- { "return": {} }
#
##
{ 'command': 'dump-skeys',
  'data': { 'filename': 'str' },
  'if': 'TARGET_S390X' }

##
# @GICCapability:
#
# The struct describes capability for a specific GIC (Generic
# Interrupt Controller) version. These bits are not only decided by
# QEMU/KVM software version, but also decided by the hardware that
# the program is running upon.
#
# @version: version of GIC to be described. Currently, only 2 and 3
#           are supported.
#
# @emulated: whether current QEMU/hardware supports emulated GIC
#            device in user space.
#
# @kernel: whether current QEMU/hardware supports hardware
#          accelerated GIC device in kernel.
#
# Since: 2.6
##
{ 'struct': 'GICCapability',
  'data': { 'version': 'int',
            'emulated': 'bool',
            'kernel': 'bool' },
  'if': 'TARGET_ARM' }

##
# @query-gic-capabilities:
#
# This command is ARM-only. It will return a list of GICCapability
# objects that describe its capability bits.
#
# Returns: a list of GICCapability objects.
#
# Since: 2.6
#
# Example:
#
# -> { "execute": "query-gic-capabilities" }
# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
#                 { "version": 3, "emulated": false, "kernel": true } ] }
#
##
{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
  'if': 'TARGET_ARM' }

##
# @SGXEPCSection:
#
# Information about intel SGX EPC section info
#
# @node: the numa node
#
# @size: the size of EPC section
#
# Since: 7.0
##
{ 'struct': 'SGXEPCSection',
  'data': { 'node': 'int',
            'size': 'uint64'}}

##
# @SGXInfo:
#
# Information about intel Safe Guard eXtension (SGX) support
#
# @sgx: true if SGX is supported
#
# @sgx1: true if SGX1 is supported
#
# @sgx2: true if SGX2 is supported
#
# @flc: true if FLC is supported
#
# @section-size: The EPC section size for guest
#                Redundant with @sections.  Just for backward compatibility.
#
# @sections: The EPC sections info for guest (Since: 7.0)
#
# Features:
# @deprecated: Member @section-size is deprecated.  Use @sections instead.
#
# Since: 6.2
##
{ 'struct': 'SGXInfo',
  'data': { 'sgx': 'bool',
            'sgx1': 'bool',
            'sgx2': 'bool',
            'flc': 'bool',
            'section-size': { 'type': 'uint64',
                    'features': [ 'deprecated' ] },
            'sections': ['SGXEPCSection']},
   'if': 'TARGET_I386' }

##
# @query-sgx:
#
# Returns information about SGX
#
# Returns: @SGXInfo
#
# Since: 6.2
#
# Example:
#
# -> { "execute": "query-sgx" }
# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
#                  "flc": true,  "section-size" : 96468992,
#                  "sections": [{"node": 0, "size": 67108864},
#                  {"node": 1, "size": 29360128}]} }
#
##
{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }

##
# @query-sgx-capabilities:
#
# Returns information from host SGX capabilities
#
# Returns: @SGXInfo
#
# Since: 6.2
#
# Example:
#
# -> { "execute": "query-sgx-capabilities" }
# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
#                  "flc": true, "section-size" : 96468992,
#                  "section" : [{"node": 0, "size": 67108864},
#                  {"node": 1, "size": 29360128}]} }
#
##
{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
Commit	Line	Data
61eb9e80	1	# -- Mode: Python --
f7160f32	2	# vim: filetype=python
61eb9e80 MA	3	#
61eb9e80 MA	4
61eb9e80	5	##
a6c7040f MAL	6	# @rtc-reset-reinjection:
	7	#
	8	# This command will reset the RTC interrupt reinjection backlog.
	9	# Can be used if another mechanism to synchronize guest time
	10	# is in effect, for example QEMU guest agent's guest-set-time
	11	# command.
	12	#
	13	# Since: 2.1
	14	#
	15	# Example:
	16	#
	17	# -> { "execute": "rtc-reset-reinjection" }
	18	# <- { "return": {} }
	19	#
	20	##
	21	{ 'command': 'rtc-reset-reinjection',
8a9f1e1d	22	'if': 'TARGET_I386' }
a6c7040f	23
a6c7040f MAL	24	##
	25	# @SevState:
	26	#
	27	# An enumeration of SEV state information used during @query-sev.
	28	#
	29	# @uninit: The guest is uninitialized.
	30	#
	31	# @launch-update: The guest is currently being launched; plaintext data and
	32	# register state is being imported.
	33	#
	34	# @launch-secret: The guest is currently being launched; ciphertext data
	35	# is being imported.
	36	#
	37	# @running: The guest is fully launched or migrated in.
	38	#
	39	# @send-update: The guest is currently being migrated out to another machine.
	40	#
	41	# @receive-update: The guest is currently being migrated from another machine.
	42	#
	43	# Since: 2.12
	44	##
	45	{ 'enum': 'SevState',
	46	'data': ['uninit', 'launch-update', 'launch-secret', 'running',
	47	'send-update', 'receive-update' ],
8a9f1e1d	48	'if': 'TARGET_I386' }
a6c7040f MAL	49
	50	##
	51	# @SevInfo:
	52	#
	53	# Information about Secure Encrypted Virtualization (SEV) support
	54	#
	55	# @enabled: true if SEV is active
	56	#
	57	# @api-major: SEV API major version
	58	#
	59	# @api-minor: SEV API minor version
	60	#
	61	# @build-id: SEV FW build id
	62	#
	63	# @policy: SEV policy value
	64	#
	65	# @state: SEV guest state
	66	#
	67	# @handle: SEV firmware handle
	68	#
	69	# Since: 2.12
	70	##
	71	{ 'struct': 'SevInfo',
	72	'data': { 'enabled': 'bool',
	73	'api-major': 'uint8',
	74	'api-minor' : 'uint8',
	75	'build-id' : 'uint8',
	76	'policy' : 'uint32',
	77	'state' : 'SevState',
	78	'handle' : 'uint32'
	79	},
8a9f1e1d	80	'if': 'TARGET_I386'
a6c7040f MAL	81	}
	82
	83	##
	84	# @query-sev:
	85	#
	86	# Returns information about SEV
	87	#
	88	# Returns: @SevInfo
	89	#
	90	# Since: 2.12
	91	#
	92	# Example:
	93	#
	94	# -> { "execute": "query-sev" }
	95	# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
	96	# "build-id" : 0, "policy" : 0, "state" : "running",
	97	# "handle" : 1 } }
	98	#
	99	##
	100	{ 'command': 'query-sev', 'returns': 'SevInfo',
8a9f1e1d	101	'if': 'TARGET_I386' }
a6c7040f	102
a6c7040f MAL	103	##
	104	# @SevLaunchMeasureInfo:
	105	#
	106	# SEV Guest Launch measurement information
	107	#
	108	# @data: the measurement value encoded in base64
	109	#
	110	# Since: 2.12
a6c7040f MAL	111	##
a6c7040f MAL	112	{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
8a9f1e1d	113	'if': 'TARGET_I386' }
a6c7040f MAL	114
	115	##
	116	# @query-sev-launch-measure:
	117	#
	118	# Query the SEV guest launch information.
	119	#
	120	# Returns: The @SevLaunchMeasureInfo for the guest
	121	#
	122	# Since: 2.12
	123	#
	124	# Example:
	125	#
	126	# -> { "execute": "query-sev-launch-measure" }
	127	# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
	128	#
	129	##
	130	{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
8a9f1e1d	131	'if': 'TARGET_I386' }
a6c7040f	132
a6c7040f MAL	133	##
	134	# @SevCapability:
	135	#
	136	# The struct describes capability for a Secure Encrypted Virtualization
	137	# feature.
	138	#
	139	# @pdh: Platform Diffie-Hellman key (base64 encoded)
	140	#
	141	# @cert-chain: PDH certificate chain (base64 encoded)
	142	#
de7371bc	143	# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1)
811b4ec7	144	#
a6c7040f MAL	145	# @cbitpos: C-bit location in page table entry
	146	#
	147	# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
	148	# enabled
	149	#
	150	# Since: 2.12
	151	##
	152	{ 'struct': 'SevCapability',
	153	'data': { 'pdh': 'str',
	154	'cert-chain': 'str',
811b4ec7	155	'cpu0-id': 'str',
a6c7040f MAL	156	'cbitpos': 'int',
a6c7040f MAL	157	'reduced-phys-bits': 'int'},
8a9f1e1d	158	'if': 'TARGET_I386' }
a6c7040f MAL	159
	160	##
	161	# @query-sev-capabilities:
	162	#
	163	# This command is used to get the SEV capabilities, and is supported on AMD
	164	# X86 platforms only.
	165	#
	166	# Returns: SevCapability objects.
	167	#
	168	# Since: 2.12
	169	#
	170	# Example:
	171	#
	172	# -> { "execute": "query-sev-capabilities" }
	173	# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
811b4ec7	174	# "cpu0-id": "2lvmGwo+...61iEinw==",
a6c7040f MAL	175	# "cbitpos": 47, "reduced-phys-bits": 5}}
a6c7040f MAL	176	#
61eb9e80	177	##
a6c7040f	178	{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
8a9f1e1d	179	'if': 'TARGET_I386' }
0e2f4530	180
c7f7e697 TFF	181	##
	182	# @sev-inject-launch-secret:
	183	#
	184	# This command injects a secret blob into memory of SEV guest.
	185	#
	186	# @packet-header: the launch secret packet header encoded in base64
	187	#
	188	# @secret: the launch secret data to be injected encoded in base64
	189	#
	190	# @gpa: the guest physical address where secret will be injected.
	191	#
	192	# Since: 6.0
c7f7e697 TFF	193	##
c7f7e697 TFF	194	{ 'command': 'sev-inject-launch-secret',
f522cef9	195	'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
8a9f1e1d	196	'if': 'TARGET_I386' }
c7f7e697	197
993e2605 PMD	198	##
	199	# @SevAttestationReport:
	200	#
	201	# The struct describes attestation report for a Secure Encrypted
	202	# Virtualization feature.
	203	#
	204	# @data: guest attestation report (base64 encoded)
	205	#
993e2605 PMD	206	# Since: 6.1
	207	##
	208	{ 'struct': 'SevAttestationReport',
	209	'data': { 'data': 'str'},
	210	'if': 'TARGET_I386' }
	211
	212	##
	213	# @query-sev-attestation-report:
	214	#
	215	# This command is used to get the SEV attestation report, and is
	216	# supported on AMD X86 platforms only.
	217	#
	218	# @mnonce: a random 16 bytes value encoded in base64 (it will be
	219	# included in report)
	220	#
	221	# Returns: SevAttestationReport objects.
	222	#
	223	# Since: 6.1
	224	#
	225	# Example:
	226	#
	227	# -> { "execute" : "query-sev-attestation-report",
	228	# "arguments": { "mnonce": "aaaaaaa" } }
	229	# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
	230	#
	231	##
	232	{ 'command': 'query-sev-attestation-report',
	233	'data': { 'mnonce': 'str' },
	234	'returns': 'SevAttestationReport',
	235	'if': 'TARGET_I386' }
	236
0e2f4530 MAL	237	##
	238	# @dump-skeys:
	239	#
	240	# Dump guest's storage keys
	241	#
	242	# @filename: the path to the file to dump to
	243	#
	244	# This command is only supported on s390 architecture.
	245	#
	246	# Since: 2.5
	247	#
	248	# Example:
	249	#
	250	# -> { "execute": "dump-skeys",
	251	# "arguments": { "filename": "/tmp/skeys" } }
	252	# <- { "return": {} }
	253	#
	254	##
	255	{ 'command': 'dump-skeys',
	256	'data': { 'filename': 'str' },
8a9f1e1d	257	'if': 'TARGET_S390X' }
0e2f4530	258
84c6499e MAL	259	##
	260	# @GICCapability:
	261	#
	262	# The struct describes capability for a specific GIC (Generic
	263	# Interrupt Controller) version. These bits are not only decided by
	264	# QEMU/KVM software version, but also decided by the hardware that
	265	# the program is running upon.
	266	#
26ec4e53 PM	267	# @version: version of GIC to be described. Currently, only 2 and 3
26ec4e53 PM	268	# are supported.
84c6499e MAL	269	#
	270	# @emulated: whether current QEMU/hardware supports emulated GIC
	271	# device in user space.
	272	#
26ec4e53 PM	273	# @kernel: whether current QEMU/hardware supports hardware
26ec4e53 PM	274	# accelerated GIC device in kernel.
84c6499e MAL	275	#
	276	# Since: 2.6
	277	##
	278	{ 'struct': 'GICCapability',
	279	'data': { 'version': 'int',
	280	'emulated': 'bool',
	281	'kernel': 'bool' },
8a9f1e1d	282	'if': 'TARGET_ARM' }
84c6499e MAL	283
	284	##
	285	# @query-gic-capabilities:
	286	#
	287	# This command is ARM-only. It will return a list of GICCapability
	288	# objects that describe its capability bits.
	289	#
	290	# Returns: a list of GICCapability objects.
	291	#
	292	# Since: 2.6
	293	#
	294	# Example:
	295	#
	296	# -> { "execute": "query-gic-capabilities" }
	297	# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
	298	# { "version": 3, "emulated": false, "kernel": true } ] }
	299	#
	300	##
	301	{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
8a9f1e1d	302	'if': 'TARGET_ARM' }
3ea1a802	303
4755927a YZ	304	##
	305	# @SGXEPCSection:
	306	#
	307	# Information about intel SGX EPC section info
	308	#
	309	# @node: the numa node
	310	#
a66bd91f	311	# @size: the size of EPC section
4755927a	312	#
a66bd91f	313	# Since: 7.0
4755927a YZ	314	##
	315	{ 'struct': 'SGXEPCSection',
	316	'data': { 'node': 'int',
	317	'size': 'uint64'}}
	318
57d874c4 YZ	319	##
	320	# @SGXInfo:
	321	#
	322	# Information about intel Safe Guard eXtension (SGX) support
	323	#
	324	# @sgx: true if SGX is supported
	325	#
	326	# @sgx1: true if SGX1 is supported
	327	#
	328	# @sgx2: true if SGX2 is supported
	329	#
	330	# @flc: true if FLC is supported
	331	#
a66bd91f YZ	332	# @section-size: The EPC section size for guest
	333	# Redundant with @sections. Just for backward compatibility.
	334	#
	335	# @sections: The EPC sections info for guest (Since: 7.0)
	336	#
	337	# Features:
	338	# @deprecated: Member @section-size is deprecated. Use @sections instead.
57d874c4 YZ	339	#
	340	# Since: 6.2
	341	##
	342	{ 'struct': 'SGXInfo',
	343	'data': { 'sgx': 'bool',
	344	'sgx1': 'bool',
	345	'sgx2': 'bool',
	346	'flc': 'bool',
a66bd91f YZ	347	'section-size': { 'type': 'uint64',
a66bd91f YZ	348	'features': [ 'deprecated' ] },
4755927a	349	'sections': ['SGXEPCSection']},
57d874c4 YZ	350	'if': 'TARGET_I386' }
	351
	352	##
	353	# @query-sgx:
	354	#
	355	# Returns information about SGX
	356	#
	357	# Returns: @SGXInfo
	358	#
	359	# Since: 6.2
	360	#
	361	# Example:
	362	#
	363	# -> { "execute": "query-sgx" }
	364	# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
a66bd91f YZ	365	# "flc": true, "section-size" : 96468992,
	366	# "sections": [{"node": 0, "size": 67108864},
	367	# {"node": 1, "size": 29360128}]} }
57d874c4 YZ	368	#
	369	##
	370	{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
0205c4fa YZ	371
	372	##
	373	# @query-sgx-capabilities:
	374	#
	375	# Returns information from host SGX capabilities
	376	#
	377	# Returns: @SGXInfo
	378	#
	379	# Since: 6.2
	380	#
	381	# Example:
	382	#
	383	# -> { "execute": "query-sgx-capabilities" }
	384	# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
a66bd91f YZ	385	# "flc": true, "section-size" : 96468992,
	386	# "section" : [{"node": 0, "size": 67108864},
	387	# {"node": 1, "size": 29360128}]} }
0205c4fa YZ	388	#
	389	##
	390	{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }