xref: /qemu/qapi/misc-target.json (revision 49f95221) 
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# @rtc-reset-reinjection:
7#
8# This command will reset the RTC interrupt reinjection backlog.
9# Can be used if another mechanism to synchronize guest time
10# is in effect, for example QEMU guest agent's guest-set-time
11# command.
12#
13# Since: 2.1
14#
15# Example:
16#
17# -> { "execute": "rtc-reset-reinjection" }
18# <- { "return": {} }
19#
20##
21{ 'command': 'rtc-reset-reinjection',
22  'if': 'TARGET_I386' }
23
24
25##
26# @SevState:
27#
28# An enumeration of SEV state information used during @query-sev.
29#
30# @uninit: The guest is uninitialized.
31#
32# @launch-update: The guest is currently being launched; plaintext data and
33#                 register state is being imported.
34#
35# @launch-secret: The guest is currently being launched; ciphertext data
36#                 is being imported.
37#
38# @running: The guest is fully launched or migrated in.
39#
40# @send-update: The guest is currently being migrated out to another machine.
41#
42# @receive-update: The guest is currently being migrated from another machine.
43#
44# Since: 2.12
45##
46{ 'enum': 'SevState',
47  'data': ['uninit', 'launch-update', 'launch-secret', 'running',
48           'send-update', 'receive-update' ],
49  'if': 'TARGET_I386' }
50
51##
52# @SevInfo:
53#
54# Information about Secure Encrypted Virtualization (SEV) support
55#
56# @enabled: true if SEV is active
57#
58# @api-major: SEV API major version
59#
60# @api-minor: SEV API minor version
61#
62# @build-id: SEV FW build id
63#
64# @policy: SEV policy value
65#
66# @state: SEV guest state
67#
68# @handle: SEV firmware handle
69#
70# Since: 2.12
71##
72{ 'struct': 'SevInfo',
73    'data': { 'enabled': 'bool',
74              'api-major': 'uint8',
75              'api-minor' : 'uint8',
76              'build-id' : 'uint8',
77              'policy' : 'uint32',
78              'state' : 'SevState',
79              'handle' : 'uint32'
80            },
81  'if': 'TARGET_I386'
82}
83
84##
85# @query-sev:
86#
87# Returns information about SEV
88#
89# Returns: @SevInfo
90#
91# Since: 2.12
92#
93# Example:
94#
95# -> { "execute": "query-sev" }
96# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
97#                  "build-id" : 0, "policy" : 0, "state" : "running",
98#                  "handle" : 1 } }
99#
100##
101{ 'command': 'query-sev', 'returns': 'SevInfo',
102  'if': 'TARGET_I386' }
103
104
105##
106# @SevLaunchMeasureInfo:
107#
108# SEV Guest Launch measurement information
109#
110# @data: the measurement value encoded in base64
111#
112# Since: 2.12
113#
114##
115{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
116  'if': 'TARGET_I386' }
117
118##
119# @query-sev-launch-measure:
120#
121# Query the SEV guest launch information.
122#
123# Returns: The @SevLaunchMeasureInfo for the guest
124#
125# Since: 2.12
126#
127# Example:
128#
129# -> { "execute": "query-sev-launch-measure" }
130# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
131#
132##
133{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
134  'if': 'TARGET_I386' }
135
136
137##
138# @SevCapability:
139#
140# The struct describes capability for a Secure Encrypted Virtualization
141# feature.
142#
143# @pdh:  Platform Diffie-Hellman key (base64 encoded)
144#
145# @cert-chain:  PDH certificate chain (base64 encoded)
146#
147# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.0)
148#
149# @cbitpos: C-bit location in page table entry
150#
151# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
152#                     enabled
153#
154# Since: 2.12
155##
156{ 'struct': 'SevCapability',
157  'data': { 'pdh': 'str',
158            'cert-chain': 'str',
159            'cpu0-id': 'str',
160            'cbitpos': 'int',
161            'reduced-phys-bits': 'int'},
162  'if': 'TARGET_I386' }
163
164##
165# @query-sev-capabilities:
166#
167# This command is used to get the SEV capabilities, and is supported on AMD
168# X86 platforms only.
169#
170# Returns: SevCapability objects.
171#
172# Since: 2.12
173#
174# Example:
175#
176# -> { "execute": "query-sev-capabilities" }
177# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
178#                  "cpu0-id": "2lvmGwo+...61iEinw==",
179#                  "cbitpos": 47, "reduced-phys-bits": 5}}
180#
181##
182{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
183  'if': 'TARGET_I386' }
184
185##
186# @sev-inject-launch-secret:
187#
188# This command injects a secret blob into memory of SEV guest.
189#
190# @packet-header: the launch secret packet header encoded in base64
191#
192# @secret: the launch secret data to be injected encoded in base64
193#
194# @gpa: the guest physical address where secret will be injected.
195#
196# Since: 6.0
197#
198##
199{ 'command': 'sev-inject-launch-secret',
200  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
201  'if': 'TARGET_I386' }
202
203##
204# @SevAttestationReport:
205#
206# The struct describes attestation report for a Secure Encrypted
207# Virtualization feature.
208#
209# @data:  guest attestation report (base64 encoded)
210#
211#
212# Since: 6.1
213##
214{ 'struct': 'SevAttestationReport',
215  'data': { 'data': 'str'},
216  'if': 'TARGET_I386' }
217
218##
219# @query-sev-attestation-report:
220#
221# This command is used to get the SEV attestation report, and is
222# supported on AMD X86 platforms only.
223#
224# @mnonce: a random 16 bytes value encoded in base64 (it will be
225#          included in report)
226#
227# Returns: SevAttestationReport objects.
228#
229# Since: 6.1
230#
231# Example:
232#
233# -> { "execute" : "query-sev-attestation-report",
234#                  "arguments": { "mnonce": "aaaaaaa" } }
235# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
236#
237##
238{ 'command': 'query-sev-attestation-report',
239  'data': { 'mnonce': 'str' },
240  'returns': 'SevAttestationReport',
241  'if': 'TARGET_I386' }
242
243##
244# @dump-skeys:
245#
246# Dump guest's storage keys
247#
248# @filename: the path to the file to dump to
249#
250# This command is only supported on s390 architecture.
251#
252# Since: 2.5
253#
254# Example:
255#
256# -> { "execute": "dump-skeys",
257#      "arguments": { "filename": "/tmp/skeys" } }
258# <- { "return": {} }
259#
260##
261{ 'command': 'dump-skeys',
262  'data': { 'filename': 'str' },
263  'if': 'TARGET_S390X' }
264
265##
266# @GICCapability:
267#
268# The struct describes capability for a specific GIC (Generic
269# Interrupt Controller) version. These bits are not only decided by
270# QEMU/KVM software version, but also decided by the hardware that
271# the program is running upon.
272#
273# @version: version of GIC to be described. Currently, only 2 and 3
274#           are supported.
275#
276# @emulated: whether current QEMU/hardware supports emulated GIC
277#            device in user space.
278#
279# @kernel: whether current QEMU/hardware supports hardware
280#          accelerated GIC device in kernel.
281#
282# Since: 2.6
283##
284{ 'struct': 'GICCapability',
285  'data': { 'version': 'int',
286            'emulated': 'bool',
287            'kernel': 'bool' },
288  'if': 'TARGET_ARM' }
289
290##
291# @query-gic-capabilities:
292#
293# This command is ARM-only. It will return a list of GICCapability
294# objects that describe its capability bits.
295#
296# Returns: a list of GICCapability objects.
297#
298# Since: 2.6
299#
300# Example:
301#
302# -> { "execute": "query-gic-capabilities" }
303# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
304#                 { "version": 3, "emulated": false, "kernel": true } ] }
305#
306##
307{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
308  'if': 'TARGET_ARM' }
309
310
311##
312# @SGXEPCSection:
313#
314# Information about intel SGX EPC section info
315#
316# @node: the numa node
317#
318# @size: the size of EPC section
319#
320# Since: 7.0
321##
322{ 'struct': 'SGXEPCSection',
323  'data': { 'node': 'int',
324            'size': 'uint64'}}
325
326##
327# @SGXInfo:
328#
329# Information about intel Safe Guard eXtension (SGX) support
330#
331# @sgx: true if SGX is supported
332#
333# @sgx1: true if SGX1 is supported
334#
335# @sgx2: true if SGX2 is supported
336#
337# @flc: true if FLC is supported
338#
339# @section-size: The EPC section size for guest
340#                Redundant with @sections.  Just for backward compatibility.
341#
342# @sections: The EPC sections info for guest (Since: 7.0)
343#
344# Features:
345# @deprecated: Member @section-size is deprecated.  Use @sections instead.
346#
347# Since: 6.2
348##
349{ 'struct': 'SGXInfo',
350  'data': { 'sgx': 'bool',
351            'sgx1': 'bool',
352            'sgx2': 'bool',
353            'flc': 'bool',
354            'section-size': { 'type': 'uint64',
355                    'features': [ 'deprecated' ] },
356            'sections': ['SGXEPCSection']},
357   'if': 'TARGET_I386' }
358
359##
360# @query-sgx:
361#
362# Returns information about SGX
363#
364# Returns: @SGXInfo
365#
366# Since: 6.2
367#
368# Example:
369#
370# -> { "execute": "query-sgx" }
371# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
372#                  "flc": true,  "section-size" : 96468992,
373#                  "sections": [{"node": 0, "size": 67108864},
374#                  {"node": 1, "size": 29360128}]} }
375#
376##
377{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
378
379##
380# @query-sgx-capabilities:
381#
382# Returns information from host SGX capabilities
383#
384# Returns: @SGXInfo
385#
386# Since: 6.2
387#
388# Example:
389#
390# -> { "execute": "query-sgx-capabilities" }
391# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
392#                  "flc": true, "section-size" : 96468992,
393#                  "section" : [{"node": 0, "size": 67108864},
394#                  {"node": 1, "size": 29360128}]} }
395#
396##
397{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
398