xref: /qemu/qapi/misc-target.json (revision 4ce7a08d) 
1# -*- Mode: Python -*-
2# vim: filetype=python
3#
4
5##
6# @rtc-reset-reinjection:
7#
8# This command will reset the RTC interrupt reinjection backlog.
9# Can be used if another mechanism to synchronize guest time
10# is in effect, for example QEMU guest agent's guest-set-time
11# command.
12#
13# Since: 2.1
14#
15# Example:
16#
17# -> { "execute": "rtc-reset-reinjection" }
18# <- { "return": {} }
19#
20##
21{ 'command': 'rtc-reset-reinjection',
22  'if': 'TARGET_I386' }
23
24
25##
26# @SevState:
27#
28# An enumeration of SEV state information used during @query-sev.
29#
30# @uninit: The guest is uninitialized.
31#
32# @launch-update: The guest is currently being launched; plaintext data and
33#                 register state is being imported.
34#
35# @launch-secret: The guest is currently being launched; ciphertext data
36#                 is being imported.
37#
38# @running: The guest is fully launched or migrated in.
39#
40# @send-update: The guest is currently being migrated out to another machine.
41#
42# @receive-update: The guest is currently being migrated from another machine.
43#
44# Since: 2.12
45##
46{ 'enum': 'SevState',
47  'data': ['uninit', 'launch-update', 'launch-secret', 'running',
48           'send-update', 'receive-update' ],
49  'if': 'TARGET_I386' }
50
51##
52# @SevInfo:
53#
54# Information about Secure Encrypted Virtualization (SEV) support
55#
56# @enabled: true if SEV is active
57#
58# @api-major: SEV API major version
59#
60# @api-minor: SEV API minor version
61#
62# @build-id: SEV FW build id
63#
64# @policy: SEV policy value
65#
66# @state: SEV guest state
67#
68# @handle: SEV firmware handle
69#
70# Since: 2.12
71##
72{ 'struct': 'SevInfo',
73    'data': { 'enabled': 'bool',
74              'api-major': 'uint8',
75              'api-minor' : 'uint8',
76              'build-id' : 'uint8',
77              'policy' : 'uint32',
78              'state' : 'SevState',
79              'handle' : 'uint32'
80            },
81  'if': 'TARGET_I386'
82}
83
84##
85# @query-sev:
86#
87# Returns information about SEV
88#
89# Returns: @SevInfo
90#
91# Since: 2.12
92#
93# Example:
94#
95# -> { "execute": "query-sev" }
96# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
97#                  "build-id" : 0, "policy" : 0, "state" : "running",
98#                  "handle" : 1 } }
99#
100##
101{ 'command': 'query-sev', 'returns': 'SevInfo',
102  'if': 'TARGET_I386' }
103
104
105##
106# @SevLaunchMeasureInfo:
107#
108# SEV Guest Launch measurement information
109#
110# @data: the measurement value encoded in base64
111#
112# Since: 2.12
113#
114##
115{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'},
116  'if': 'TARGET_I386' }
117
118##
119# @query-sev-launch-measure:
120#
121# Query the SEV guest launch information.
122#
123# Returns: The @SevLaunchMeasureInfo for the guest
124#
125# Since: 2.12
126#
127# Example:
128#
129# -> { "execute": "query-sev-launch-measure" }
130# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
131#
132##
133{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo',
134  'if': 'TARGET_I386' }
135
136
137##
138# @SevCapability:
139#
140# The struct describes capability for a Secure Encrypted Virtualization
141# feature.
142#
143# @pdh:  Platform Diffie-Hellman key (base64 encoded)
144#
145# @cert-chain:  PDH certificate chain (base64 encoded)
146#
147# @cbitpos: C-bit location in page table entry
148#
149# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
150#                     enabled
151#
152# Since: 2.12
153##
154{ 'struct': 'SevCapability',
155  'data': { 'pdh': 'str',
156            'cert-chain': 'str',
157            'cbitpos': 'int',
158            'reduced-phys-bits': 'int'},
159  'if': 'TARGET_I386' }
160
161##
162# @query-sev-capabilities:
163#
164# This command is used to get the SEV capabilities, and is supported on AMD
165# X86 platforms only.
166#
167# Returns: SevCapability objects.
168#
169# Since: 2.12
170#
171# Example:
172#
173# -> { "execute": "query-sev-capabilities" }
174# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
175#                  "cbitpos": 47, "reduced-phys-bits": 5}}
176#
177##
178{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
179  'if': 'TARGET_I386' }
180
181##
182# @sev-inject-launch-secret:
183#
184# This command injects a secret blob into memory of SEV guest.
185#
186# @packet-header: the launch secret packet header encoded in base64
187#
188# @secret: the launch secret data to be injected encoded in base64
189#
190# @gpa: the guest physical address where secret will be injected.
191#
192# Since: 6.0
193#
194##
195{ 'command': 'sev-inject-launch-secret',
196  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
197  'if': 'TARGET_I386' }
198
199##
200# @SevAttestationReport:
201#
202# The struct describes attestation report for a Secure Encrypted
203# Virtualization feature.
204#
205# @data:  guest attestation report (base64 encoded)
206#
207#
208# Since: 6.1
209##
210{ 'struct': 'SevAttestationReport',
211  'data': { 'data': 'str'},
212  'if': 'TARGET_I386' }
213
214##
215# @query-sev-attestation-report:
216#
217# This command is used to get the SEV attestation report, and is
218# supported on AMD X86 platforms only.
219#
220# @mnonce: a random 16 bytes value encoded in base64 (it will be
221#          included in report)
222#
223# Returns: SevAttestationReport objects.
224#
225# Since: 6.1
226#
227# Example:
228#
229# -> { "execute" : "query-sev-attestation-report",
230#                  "arguments": { "mnonce": "aaaaaaa" } }
231# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
232#
233##
234{ 'command': 'query-sev-attestation-report',
235  'data': { 'mnonce': 'str' },
236  'returns': 'SevAttestationReport',
237  'if': 'TARGET_I386' }
238
239##
240# @dump-skeys:
241#
242# Dump guest's storage keys
243#
244# @filename: the path to the file to dump to
245#
246# This command is only supported on s390 architecture.
247#
248# Since: 2.5
249#
250# Example:
251#
252# -> { "execute": "dump-skeys",
253#      "arguments": { "filename": "/tmp/skeys" } }
254# <- { "return": {} }
255#
256##
257{ 'command': 'dump-skeys',
258  'data': { 'filename': 'str' },
259  'if': 'TARGET_S390X' }
260
261##
262# @GICCapability:
263#
264# The struct describes capability for a specific GIC (Generic
265# Interrupt Controller) version. These bits are not only decided by
266# QEMU/KVM software version, but also decided by the hardware that
267# the program is running upon.
268#
269# @version: version of GIC to be described. Currently, only 2 and 3
270#           are supported.
271#
272# @emulated: whether current QEMU/hardware supports emulated GIC
273#            device in user space.
274#
275# @kernel: whether current QEMU/hardware supports hardware
276#          accelerated GIC device in kernel.
277#
278# Since: 2.6
279##
280{ 'struct': 'GICCapability',
281  'data': { 'version': 'int',
282            'emulated': 'bool',
283            'kernel': 'bool' },
284  'if': 'TARGET_ARM' }
285
286##
287# @query-gic-capabilities:
288#
289# This command is ARM-only. It will return a list of GICCapability
290# objects that describe its capability bits.
291#
292# Returns: a list of GICCapability objects.
293#
294# Since: 2.6
295#
296# Example:
297#
298# -> { "execute": "query-gic-capabilities" }
299# <- { "return": [{ "version": 2, "emulated": true, "kernel": false },
300#                 { "version": 3, "emulated": false, "kernel": true } ] }
301#
302##
303{ 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
304  'if': 'TARGET_ARM' }
305
306
307##
308# @SGXEPCSection:
309#
310# Information about intel SGX EPC section info
311#
312# @node: the numa node
313#
314# @size: the size of EPC section
315#
316# Since: 7.0
317##
318{ 'struct': 'SGXEPCSection',
319  'data': { 'node': 'int',
320            'size': 'uint64'}}
321
322##
323# @SGXInfo:
324#
325# Information about intel Safe Guard eXtension (SGX) support
326#
327# @sgx: true if SGX is supported
328#
329# @sgx1: true if SGX1 is supported
330#
331# @sgx2: true if SGX2 is supported
332#
333# @flc: true if FLC is supported
334#
335# @section-size: The EPC section size for guest
336#                Redundant with @sections.  Just for backward compatibility.
337#
338# @sections: The EPC sections info for guest (Since: 7.0)
339#
340# Features:
341# @deprecated: Member @section-size is deprecated.  Use @sections instead.
342#
343# Since: 6.2
344##
345{ 'struct': 'SGXInfo',
346  'data': { 'sgx': 'bool',
347            'sgx1': 'bool',
348            'sgx2': 'bool',
349            'flc': 'bool',
350            'section-size': { 'type': 'uint64',
351                    'features': [ 'deprecated' ] },
352            'sections': ['SGXEPCSection']},
353   'if': 'TARGET_I386' }
354
355##
356# @query-sgx:
357#
358# Returns information about SGX
359#
360# Returns: @SGXInfo
361#
362# Since: 6.2
363#
364# Example:
365#
366# -> { "execute": "query-sgx" }
367# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
368#                  "flc": true,  "section-size" : 96468992,
369#                  "sections": [{"node": 0, "size": 67108864},
370#                  {"node": 1, "size": 29360128}]} }
371#
372##
373{ 'command': 'query-sgx', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
374
375##
376# @query-sgx-capabilities:
377#
378# Returns information from host SGX capabilities
379#
380# Returns: @SGXInfo
381#
382# Since: 6.2
383#
384# Example:
385#
386# -> { "execute": "query-sgx-capabilities" }
387# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true,
388#                  "flc": true, "section-size" : 96468992,
389#                  "section" : [{"node": 0, "size": 67108864},
390#                  {"node": 1, "size": 29360128}]} }
391#
392##
393{ 'command': 'query-sgx-capabilities', 'returns': 'SGXInfo', 'if': 'TARGET_I386' }
394