1# -*- Mode: Python -*- 2# vim: filetype=python 3# 4# SPDX-License-Identifier: GPL-2.0-or-later 5 6## 7# @rtc-reset-reinjection: 8# 9# This command will reset the RTC interrupt reinjection backlog. Can 10# be used if another mechanism to synchronize guest time is in effect, 11# for example QEMU guest agent's guest-set-time command. 12# 13# Use of this command is only applicable for x86 machines with an RTC, 14# and on other machines will silently return without performing any 15# action. 16# 17# Since: 2.1 18# 19# .. qmp-example:: 20# 21# -> { "execute": "rtc-reset-reinjection" } 22# <- { "return": {} } 23## 24{ 'command': 'rtc-reset-reinjection' } 25 26## 27# @SevState: 28# 29# An enumeration of SEV state information used during @query-sev. 30# 31# @uninit: The guest is uninitialized. 32# 33# @launch-update: The guest is currently being launched; plaintext 34# data and register state is being imported. 35# 36# @launch-secret: The guest is currently being launched; ciphertext 37# data is being imported. 38# 39# @running: The guest is fully launched or migrated in. 40# 41# @send-update: The guest is currently being migrated out to another 42# machine. 43# 44# @receive-update: The guest is currently being migrated from another 45# machine. 46# 47# Since: 2.12 48## 49{ 'enum': 'SevState', 50 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 51 'send-update', 'receive-update' ] } 52 53## 54# @SevGuestType: 55# 56# An enumeration indicating the type of SEV guest being run. 57# 58# @sev: The guest is a legacy SEV or SEV-ES guest. 59# 60# @sev-snp: The guest is an SEV-SNP guest. 61# 62# Since: 6.2 63## 64{ 'enum': 'SevGuestType', 65 'data': [ 'sev', 'sev-snp' ] } 66 67## 68# @SevGuestInfo: 69# 70# Information specific to legacy SEV/SEV-ES guests. 71# 72# @policy: SEV policy value 73# 74# @handle: SEV firmware handle 75# 76# Since: 2.12 77## 78{ 'struct': 'SevGuestInfo', 79 'data': { 'policy': 'uint32', 80 'handle': 'uint32' } } 81 82## 83# @SevSnpGuestInfo: 84# 85# Information specific to SEV-SNP guests. 86# 87# @snp-policy: SEV-SNP policy value 88# 89# Since: 9.1 90## 91{ 'struct': 'SevSnpGuestInfo', 92 'data': { 'snp-policy': 'uint64' } } 93 94## 95# @SevInfo: 96# 97# Information about Secure Encrypted Virtualization (SEV) support 98# 99# @enabled: true if SEV is active 100# 101# @api-major: SEV API major version 102# 103# @api-minor: SEV API minor version 104# 105# @build-id: SEV FW build id 106# 107# @state: SEV guest state 108# 109# @sev-type: Type of SEV guest being run 110# 111# Since: 2.12 112## 113{ 'union': 'SevInfo', 114 'base': { 'enabled': 'bool', 115 'api-major': 'uint8', 116 'api-minor' : 'uint8', 117 'build-id' : 'uint8', 118 'state' : 'SevState', 119 'sev-type' : 'SevGuestType' }, 120 'discriminator': 'sev-type', 121 'data': { 122 'sev': 'SevGuestInfo', 123 'sev-snp': 'SevSnpGuestInfo' } } 124 125 126## 127# @query-sev: 128# 129# Return information about SEV/SEV-ES/SEV-SNP. 130# 131# If unavailable due to an incompatible configuration the returned 132# @enabled field is set to 'false' and the state of all other fields 133# is unspecified. 134# 135# Returns: @SevInfo 136# 137# Since: 2.12 138# 139# .. qmp-example:: 140# 141# -> { "execute": "query-sev" } 142# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, 143# "build-id" : 0, "policy" : 0, "state" : "running", 144# "handle" : 1 } } 145## 146{ 'command': 'query-sev', 'returns': 'SevInfo' } 147 148## 149# @SevLaunchMeasureInfo: 150# 151# SEV Guest Launch measurement information 152# 153# @data: the measurement value encoded in base64 154# 155# Since: 2.12 156## 157{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } 158 159## 160# @query-sev-launch-measure: 161# 162# Query the SEV/SEV-ES guest launch information. 163# 164# This is only valid on x86 machines configured with KVM and the 165# 'sev-guest' confidential virtualization object. The launch 166# measurement for SEV-SNP guests is only available within the guest. 167# 168# Returns: The @SevLaunchMeasureInfo for the guest 169# 170# Errors: 171# - If the launch measurement is unavailable, either due to an 172# invalid guest configuration or if the guest has not reached 173# the required SEV state, GenericError 174# 175# Since: 2.12 176# 177# .. qmp-example:: 178# 179# -> { "execute": "query-sev-launch-measure" } 180# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } 181## 182{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' } 183 184## 185# @SevCapability: 186# 187# The struct describes capability for a Secure Encrypted 188# Virtualization feature. 189# 190# @pdh: Platform Diffie-Hellman key (base64 encoded) 191# 192# @cert-chain: PDH certificate chain (base64 encoded) 193# 194# @cpu0-id: Unique ID of CPU0 (base64 encoded) (since 7.1) 195# 196# @cbitpos: C-bit location in page table entry 197# 198# @reduced-phys-bits: Number of physical address bit reduction when 199# SEV is enabled 200# 201# Since: 2.12 202## 203{ 'struct': 'SevCapability', 204 'data': { 'pdh': 'str', 205 'cert-chain': 'str', 206 'cpu0-id': 'str', 207 'cbitpos': 'int', 208 'reduced-phys-bits': 'int'} } 209 210## 211# @query-sev-capabilities: 212# 213# Get SEV capabilities. 214# 215# This is only supported on AMD X86 platforms with KVM enabled. 216# 217# Returns: SevCapability objects. 218# 219# Errors: 220# - If SEV is not available on the platform, GenericError 221# 222# Since: 2.12 223# 224# .. qmp-example:: 225# 226# -> { "execute": "query-sev-capabilities" } 227# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE", 228# "cpu0-id": "2lvmGwo+...61iEinw==", 229# "cbitpos": 47, "reduced-phys-bits": 1}} 230## 231{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability' } 232 233## 234# @sev-inject-launch-secret: 235# 236# This command injects a secret blob into memory of a SEV/SEV-ES 237# guest. 238# 239# This is only valid on x86 machines configured with KVM and the 240# 'sev-guest' confidential virtualization object. SEV-SNP guests do 241# not support launch secret injection. 242# 243# @packet-header: the launch secret packet header encoded in base64 244# 245# @secret: the launch secret data to be injected encoded in base64 246# 247# @gpa: the guest physical address where secret will be injected. 248# 249# Errors: 250# - If launch secret injection is not possible, either due to 251# an invalid guest configuration, or if the guest has not 252# reached the required SEV state, GenericError 253# 254# Since: 6.0 255## 256{ 'command': 'sev-inject-launch-secret', 257 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' } } 258 259## 260# @SevAttestationReport: 261# 262# The struct describes attestation report for a Secure Encrypted 263# Virtualization feature. 264# 265# @data: guest attestation report (base64 encoded) 266# 267# Since: 6.1 268## 269{ 'struct': 'SevAttestationReport', 270 'data': { 'data': 'str'} } 271 272## 273# @query-sev-attestation-report: 274# 275# This command is used to get the SEV attestation report. 276# 277# This is only valid on x86 machines configured with KVM and the 278# 'sev-guest' confidential virtualization object. The attestation 279# report for SEV-SNP guests is only available within the guest. 280# 281# @mnonce: a random 16 bytes value encoded in base64 (it will be 282# included in report) 283# 284# Returns: SevAttestationReport objects. 285# 286# Errors: 287# - This will return an error if the attestation report is 288# unavailable, either due to an invalid guest configuration 289# or if the guest has not reached the required SEV state, 290# GenericError 291# 292# Since: 6.1 293# 294# .. qmp-example:: 295# 296# -> { "execute" : "query-sev-attestation-report", 297# "arguments": { "mnonce": "aaaaaaa" } } 298# <- { "return" : { "data": "aaaaaaaabbbddddd"} } 299## 300{ 'command': 'query-sev-attestation-report', 301 'data': { 'mnonce': 'str' }, 302 'returns': 'SevAttestationReport' } 303 304## 305# @SgxEpcSection: 306# 307# Information about intel SGX EPC section 308# 309# @node: the numa node 310# 311# @size: the size of EPC section 312# 313# Since: 7.0 314## 315{ 'struct': 'SgxEpcSection', 316 'data': { 'node': 'int', 317 'size': 'uint64'}} 318 319## 320# @SgxInfo: 321# 322# Information about intel Safe Guard eXtension (SGX) support 323# 324# @sgx: true if SGX is supported 325# 326# @sgx1: true if SGX1 is supported 327# 328# @sgx2: true if SGX2 is supported 329# 330# @flc: true if FLC is supported 331# 332# @sections: The EPC sections information (Since: 7.0) 333# 334# Since: 6.2 335## 336{ 'struct': 'SgxInfo', 337 'data': { 'sgx': 'bool', 338 'sgx1': 'bool', 339 'sgx2': 'bool', 340 'flc': 'bool', 341 'sections': ['SgxEpcSection']} } 342 343## 344# @query-sgx: 345# 346# Return information about configured SGX capabilities of guest 347# 348# Returns: @SgxInfo 349# 350# Since: 6.2 351# 352# .. qmp-example:: 353# 354# -> { "execute": "query-sgx" } 355# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 356# "flc": true, 357# "sections": [{"node": 0, "size": 67108864}, 358# {"node": 1, "size": 29360128}]} } 359## 360{ 'command': 'query-sgx', 'returns': 'SgxInfo' } 361 362## 363# @query-sgx-capabilities: 364# 365# Return information about SGX capabilities of host 366# 367# Returns: @SgxInfo 368# 369# Since: 6.2 370# 371# .. qmp-example:: 372# 373# -> { "execute": "query-sgx-capabilities" } 374# <- { "return": { "sgx": true, "sgx1" : true, "sgx2" : true, 375# "flc": true, 376# "section" : [{"node": 0, "size": 67108864}, 377# {"node": 1, "size": 29360128}]} } 378## 379{ 'command': 'query-sgx-capabilities', 'returns': 'SgxInfo' } 380 381## 382# @EvtchnPortType: 383# 384# An enumeration of Xen event channel port types. 385# 386# @closed: The port is unused. 387# 388# @unbound: The port is allocated and ready to be bound. 389# 390# @interdomain: The port is connected as an interdomain interrupt. 391# 392# @pirq: The port is bound to a physical IRQ (PIRQ). 393# 394# @virq: The port is bound to a virtual IRQ (VIRQ). 395# 396# @ipi: The post is an inter-processor interrupt (IPI). 397# 398# Since: 8.0 399## 400{ 'enum': 'EvtchnPortType', 401 'data': ['closed', 'unbound', 'interdomain', 'pirq', 'virq', 'ipi'] } 402 403## 404# @EvtchnInfo: 405# 406# Information about a Xen event channel port 407# 408# @port: the port number 409# 410# @vcpu: target vCPU for this port 411# 412# @type: the port type 413# 414# @remote-domain: remote domain for interdomain ports 415# 416# @target: remote port ID, or virq/pirq number 417# 418# @pending: port is currently active pending delivery 419# 420# @masked: port is masked 421# 422# Since: 8.0 423## 424{ 'struct': 'EvtchnInfo', 425 'data': {'port': 'uint16', 426 'vcpu': 'uint32', 427 'type': 'EvtchnPortType', 428 'remote-domain': 'str', 429 'target': 'uint16', 430 'pending': 'bool', 431 'masked': 'bool'} } 432 433 434## 435# @xen-event-list: 436# 437# Query the Xen event channels opened by the guest. 438# 439# Returns: list of open event channel ports. 440# 441# Since: 8.0 442# 443# .. qmp-example:: 444# 445# -> { "execute": "xen-event-list" } 446# <- { "return": [ 447# { 448# "pending": false, 449# "port": 1, 450# "vcpu": 1, 451# "remote-domain": "qemu", 452# "masked": false, 453# "type": "interdomain", 454# "target": 1 455# }, 456# { 457# "pending": false, 458# "port": 2, 459# "vcpu": 0, 460# "remote-domain": "", 461# "masked": false, 462# "type": "virq", 463# "target": 0 464# } 465# ] 466# } 467## 468{ 'command': 'xen-event-list', 469 'returns': ['EvtchnInfo'] } 470 471## 472# @xen-event-inject: 473# 474# Inject a Xen event channel port (interrupt) to the guest. 475# 476# @port: The port number 477# 478# Since: 8.0 479# 480# .. qmp-example:: 481# 482# -> { "execute": "xen-event-inject", "arguments": { "port": 1 } } 483# <- { "return": { } } 484## 485{ 'command': 'xen-event-inject', 486 'data': { 'port': 'uint32' } } 487