24
54
Full system emulation. In this mode, QEMU emulates a full system (for
25
example a PC), including a processor and various peripherials. It can
26
be used to launch different Operating Systems without rebooting the
27
PC or to debug system code.
55
example a PC), including one or several processors and various
56
peripherals. It can be used to launch different Operating Systems
57
without rebooting the PC or to debug system code.
30
User mode emulation (Linux host only). In this mode, QEMU can launch
31
Linux processes compiled for one CPU on another CPU. It can be used to
60
User mode emulation. In this mode, QEMU can launch
61
processes compiled for one CPU on another CPU. It can be used to
32
62
launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
33
63
to ease cross-compilation and cross-debugging.
37
As QEMU requires no host kernel driver to run, it is very safe and
67
QEMU can run without an host kernel driver and yet gives acceptable
40
70
For system emulation, the following hardware targets are supported:
42
@item PC (x86 processor)
72
@item PC (x86 or x86_64 processor)
73
@item ISA PC (old style PC without PCI bus)
43
74
@item PREP (PowerPC processor)
75
@item G3 BW PowerMac (PowerPC processor)
76
@item Mac99 PowerMac (PowerPC processor, in progress)
77
@item Sun4m/Sun4c/Sun4d (32-bit Sparc processor)
78
@item Sun4u (64-bit Sparc processor, in progress)
79
@item Malta board (32-bit and 64-bit MIPS processors)
80
@item ARM Integrator/CP (ARM)
81
@item ARM Versatile baseboard (ARM)
82
@item ARM RealView Emulation baseboard (ARM)
83
@item Spitz, Akita, Borzoi and Terrier PDAs (PXA270 processor)
84
@item Luminary Micro LM3S811EVB (ARM Cortex-M3)
85
@item Luminary Micro LM3S6965EVB (ARM Cortex-M3)
86
@item Freescale MCF5208EVB (ColdFire V2).
87
@item Arnewsh MCF5206 evaluation board (ColdFire V2).
88
@item Palm Tungsten|E PDA (OMAP310 processor)
46
For user emulation, x86, PowerPC, ARM, and SPARC CPUs are supported.
91
For user emulation, x86, PowerPC, ARM, 32-bit MIPS, Sparc32/64 and ColdFire(m68k) CPUs are supported.
48
94
@chapter Installation
96
If you want to compile QEMU yourself, see @ref{compilation}.
99
* install_linux:: Linux
100
* install_windows:: Windows
101
* install_mac:: Macintosh
52
If you want to compile QEMU, please read the @file{README} which gives
53
the related information. Otherwise just download the binary
54
distribution (@file{qemu-XXX-i386.tar.gz}) and untar it as root in
60
tar zxvf /tmp/qemu-XXX-i386.tar.gz
107
If a precompiled package is available for your distribution - you just
108
have to install it. Otherwise, see @ref{compilation}.
110
@node install_windows
66
@item Install the current versions of MSYS and MinGW from
67
@url{http://www.mingw.org/}. You can find detailed installation
68
instructions in the download section and the FAQ.
71
the MinGW development library of SDL 1.2.x
72
(@file{SDL-devel-1.2.x-mingw32.tar.gz}) from
73
@url{http://www.libsdl.org}. Unpack it in a temporary place, and
74
unpack the archive @file{i386-mingw32msvc.tar.gz} in the MinGW tool
75
directory. Edit the @file{sdl-config} script so that it gives the
76
correct SDL directory when invoked.
78
@item Extract the current version of QEMU.
80
@item Start the MSYS shell (file @file{msys.bat}).
82
@item Change to the QEMU directory. Launch @file{./configure} and
83
@file{make}. If you have problems using SDL, verify that
84
@file{sdl-config} can be launched from the MSYS command line.
86
@item You can install QEMU in @file{Program Files/Qemu} by typing
87
@file{make install}. Don't forget to copy @file{SDL.dll} in
88
@file{Program Files/Qemu}.
92
@section Cross compilation for Windows with Linux
96
Install the MinGW cross compilation tools available at
97
@url{http://www.mingw.org/}.
100
Install the Win32 version of SDL (@url{http://www.libsdl.org}) by
101
unpacking @file{i386-mingw32msvc.tar.gz}. Set up the PATH environment
102
variable so that @file{i386-mingw32msvc-sdl-config} can be launched by
103
the QEMU configuration script.
106
Configure QEMU for Windows cross compilation:
108
./configure --enable-mingw32
110
If necessary, you can change the cross-prefix according to the prefix
111
choosen for the MinGW tools with --cross-prefix. You can also use
112
--prefix to set the Win32 install path.
114
@item You can install QEMU in the installation directory by typing
115
@file{make install}. Don't forget to copy @file{SDL.dll} in the
116
installation directory.
120
Note: Currently, Wine does not seem able to launch
113
Download the experimental binary installer at
114
@url{http://www.free.oszoo.org/@/download.html}.
123
117
@section Mac OS X
125
Mac OS X is currently not supported.
127
@chapter QEMU PC System emulator invocation
119
Download the experimental binary installer at
120
@url{http://www.free.oszoo.org/@/download.html}.
122
@node QEMU PC System emulator
123
@chapter QEMU PC System emulator
126
* pcsys_introduction:: Introduction
127
* pcsys_quickstart:: Quick Start
128
* sec_invocation:: Invocation
130
* pcsys_monitor:: QEMU Monitor
131
* disk_images:: Disk Images
132
* pcsys_network:: Network emulation
133
* direct_linux_boot:: Direct Linux Boot
134
* pcsys_usb:: USB emulation
135
* vnc_security:: VNC security
136
* gdb_usage:: GDB usage
137
* pcsys_os_specific:: Target OS specific information
140
@node pcsys_introduction
129
141
@section Introduction
131
143
@c man begin DESCRIPTION
133
The QEMU System emulator simulates a complete PC.
135
In order to meet specific user needs, two versions of QEMU are
141
@code{qemu-fast} uses the host Memory Management Unit (MMU) to simulate
142
the x86 MMU. It is @emph{fast} but has limitations because the whole 4 GB
143
address space cannot be used and some memory mapped peripherials
144
cannot be emulated accurately yet. Therefore, a specific Linux kernel
145
must be used (@xref{linux_compile}).
148
@code{qemu} uses a software MMU. It is about @emph{two times
149
slower} but gives a more accurate emulation.
153
QEMU emulates the following PC peripherials:
145
The QEMU PC System emulator simulates the
146
following peripherals:
157
VGA (hardware level, including all non standard modes)
150
i440FX host PCI bridge and PIIX3 PCI to ISA bridge
152
Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
153
extensions (hardware level, including all non standard modes).
159
155
PS/2 mouse and keyboard
161
2 IDE interfaces with hard disk and CD-ROM support
157
2 PCI IDE interfaces with hard disk and CD-ROM support
165
up to 6 NE2000 network adapters
161
PCI/ISA PCI network adapters
165
Creative SoundBlaster 16 sound card
167
ENSONIQ AudioPCI ES1370 sound card
169
Adlib(OPL2) - Yamaha YM3812 compatible chip
171
PCI UHCI USB controller and a virtual USB hub.
174
SMP is supported with up to 255 CPUs.
176
Note that adlib is only available when QEMU was configured with
179
QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
182
QEMU uses YM3812 emulation by Tatsuyuki Satoh.
186
@node pcsys_quickstart
174
187
@section Quick Start
176
189
Download and uncompress the linux image (@file{linux.img}) and type:
199
Use @var{file} as floppy disk 0/1 image (@xref{disk_images}).
205
Use @var{file} as hard disk 0, 1, 2 or 3 image (@xref{disk_images}).
208
Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and
209
@option{-cdrom} at the same time).
212
Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
211
@item -M @var{machine}
212
Select the emulated @var{machine} (@code{-M ?} for list)
214
@item -fda @var{file}
215
@item -fdb @var{file}
216
Use @var{file} as floppy disk 0/1 image (@pxref{disk_images}). You can
217
use the host floppy by using @file{/dev/fd0} as filename (@pxref{host_drives}).
219
@item -hda @var{file}
220
@item -hdb @var{file}
221
@item -hdc @var{file}
222
@item -hdd @var{file}
223
Use @var{file} as hard disk 0, 1, 2 or 3 image (@pxref{disk_images}).
225
@item -cdrom @var{file}
226
Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and
227
@option{-cdrom} at the same time). You can use the host CD-ROM by
228
using @file{/dev/cdrom} as filename (@pxref{host_drives}).
230
@item -drive @var{option}[,@var{option}[,@var{option}[,...]]]
232
Define a new drive. Valid options are:
235
@item file=@var{file}
236
This option defines which disk image (@pxref{disk_images}) to use with
238
@item if=@var{interface}
239
This option defines on which type on interface the drive is connected.
240
Available types are: ide, scsi, sd, mtd, floppy, pflash.
241
@item bus=@var{bus},unit=@var{unit}
242
These options define where is connected the drive by defining the bus number and
244
@item index=@var{index}
245
This option defines where is connected the drive by using an index in the list
246
of available connectors of a given interface type.
247
@item media=@var{media}
248
This option defines the type of the media: disk or cdrom.
249
@item cyls=@var{c},heads=@var{h},secs=@var{s}[,trans=@var{t}]
250
These options have the same definition as they have in @option{-hdachs}.
251
@item snapshot=@var{snapshot}
252
@var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}).
253
@item cache=@var{cache}
254
@var{cache} is "on" or "off" and allows to disable host cache to access data.
257
Instead of @option{-cdrom} you can use:
259
qemu -drive file=file,index=2,media=cdrom
262
Instead of @option{-hda}, @option{-hdb}, @option{-hdc}, @option{-hdd}, you can
265
qemu -drive file=file,index=0,media=disk
266
qemu -drive file=file,index=1,media=disk
267
qemu -drive file=file,index=2,media=disk
268
qemu -drive file=file,index=3,media=disk
271
You can connect a CDROM to the slave of ide0:
273
qemu -drive file=file,if=ide,index=1,media=cdrom
276
If you don't specify the "file=" argument, you define an empty drive:
278
qemu -drive if=ide,index=1,media=cdrom
281
You can connect a SCSI disk with unit ID 6 on the bus #0:
283
qemu -drive file=file,if=scsi,bus=0,unit=6
286
Instead of @option{-fda}, @option{-fdb}, you can use:
288
qemu -drive file=file,index=0,if=floppy
289
qemu -drive file=file,index=1,if=floppy
292
By default, @var{interface} is "ide" and @var{index} is automatically
295
qemu -drive file=a -drive file=b"
302
@item -boot [a|c|d|n]
303
Boot on floppy (a), hard disk (c), CD-ROM (d), or Etherboot (n). Hard disk boot
216
307
Write to temporary files instead of disk image files. In this case,
217
308
the raw disk image you use is not written back. You can however force
218
the write back by pressing @key{C-a s} (@xref{disk_images}).
221
Set virtual RAM size to @var{megs} megabytes.
224
Use @var{file} as initial ram disk.
309
the write back by pressing @key{C-a s} (@pxref{disk_images}).
312
Disable boot signature checking for floppy disks in Bochs BIOS. It may
313
be needed to boot from old floppy disks.
316
Set virtual RAM size to @var{megs} megabytes. Default is 128 MiB.
319
Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255
320
CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs
325
Will show the audio subsystem help: list of drivers, tunable
328
@item -soundhw @var{card1}[,@var{card2},...] or -soundhw all
330
Enable audio and selected sound hardware. Use ? to print all
331
available sound hardware.
334
qemu -soundhw sb16,adlib hda
335
qemu -soundhw es1370 hda
336
qemu -soundhw all hda
341
Set the real time clock to local time (the default is to UTC
342
time). This option is needed to have correct date in MS-DOS or
345
@item -startdate @var{date}
346
Set the initial date of the real time clock. Valid format for
347
@var{date} are: @code{now} or @code{2006-06-17T16:01:21} or
348
@code{2006-06-17}. The default value is @code{now}.
350
@item -pidfile @var{file}
351
Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
355
Daemonize the QEMU process after initialization. QEMU will not detach from
356
standard IO until it is ready to receive connections on any of its devices.
357
This option is a useful way for external programs to launch QEMU without having
358
to cope with initialization race conditions.
361
Use it when installing Windows 2000 to avoid a disk full bug. After
362
Windows 2000 is installed, you no longer need this option (this option
363
slows down the IDE transfers).
365
@item -option-rom @var{file}
366
Load the contents of @var{file} as an option ROM.
367
This option is useful to load things like EtherBoot.
369
@item -name @var{name}
370
Sets the @var{name} of the guest.
371
This name will be display in the SDL window caption.
372
The @var{name} will also be used for the VNC server.
231
384
the console. Therefore, you can still use QEMU to debug a Linux kernel
232
385
with a serial console.
236
The SB16 emulation is disabled by default as it may give problems with
237
Windows. You can enable it manually with this option.
389
Do not use decorations for SDL windows and start them using the whole
390
available screen space. This makes the using QEMU in a dedicated desktop
391
workspace more convenient.
394
Start in full screen.
396
@item -vnc @var{display}[,@var{option}[,@var{option}[,...]]]
398
Normally, QEMU uses SDL to display the VGA output. With this option,
399
you can have QEMU listen on VNC display @var{display} and redirect the VGA
400
display over the VNC session. It is very useful to enable the usb
401
tablet device when using this option (option @option{-usbdevice
402
tablet}). When using the VNC display, you must use the @option{-k}
403
parameter to set the keyboard layout if you are not using en-us. Valid
404
syntax for the @var{display} is
408
@item @var{interface}:@var{d}
410
TCP connections will only be allowed from @var{interface} on display @var{d}.
411
By convention the TCP port is 5900+@var{d}. Optionally, @var{interface} can
412
be omitted in which case the server will bind to all interfaces.
414
@item @var{unix}:@var{path}
416
Connections will be allowed over UNIX domain sockets where @var{path} is the
417
location of a unix socket to listen for connections on.
421
VNC is initialized by not started. The monitor @code{change} command can be used
422
to later start the VNC server.
426
Following the @var{display} value there may be one or more @var{option} flags
427
separated by commas. Valid options are
433
Require that password based authentication is used for client connections.
434
The password must be set separately using the @code{change} command in the
439
Require that client use TLS when communicating with the VNC server. This
440
uses anonymous TLS credentials so is susceptible to a man-in-the-middle
441
attack. It is recommended that this option be combined with either the
442
@var{x509} or @var{x509verify} options.
444
@item x509=@var{/path/to/certificate/dir}
446
Valid if @option{tls} is specified. Require that x509 credentials are used
447
for negotiating the TLS session. The server will send its x509 certificate
448
to the client. It is recommended that a password be set on the VNC server
449
to provide authentication of the client when this is used. The path following
450
this option specifies where the x509 certificates are to be loaded from.
451
See the @ref{vnc_security} section for details on generating certificates.
453
@item x509verify=@var{/path/to/certificate/dir}
455
Valid if @option{tls} is specified. Require that x509 credentials are used
456
for negotiating the TLS session. The server will send its x509 certificate
457
to the client, and request that the client send its own x509 certificate.
458
The server will validate the client's certificate against the CA certificate,
459
and reject clients when validation fails. If the certificate authority is
460
trusted, this is a sufficient authentication mechanism. You may still wish
461
to set a password on the VNC server as a second authentication layer. The
462
path following this option specifies where the x509 certificates are to
463
be loaded from. See the @ref{vnc_security} section for details on generating
468
@item -k @var{language}
470
Use keyboard layout @var{language} (for example @code{fr} for
471
French). This option is only needed where it is not easy to get raw PC
472
keycodes (e.g. on Macs, with some X11 servers or with a VNC
473
display). You don't normally need to use it on PC/Linux or PC/Windows
476
The available layouts are:
478
ar de-ch es fo fr-ca hu ja mk no pt-br sv
479
da en-gb et fr fr-ch is lt nl pl ru th
480
de en-us fi fr-be hr it lv nl-be pt sl tr
483
The default is @code{en-us}.
491
Enable the USB driver (will be the default soon)
493
@item -usbdevice @var{devname}
494
Add the USB device @var{devname}. @xref{usb_devices}.
246
Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script
247
is launched to configure the host network interface (usually tun0)
248
corresponding to the virtual NE2000 card.
252
Set the mac address of the first interface (the format is
253
aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
254
new network interface.
257
Assumes @var{fd} talks to a tap/tun host network interface and use
258
it. Read @url{http://bellard.org/qemu/tetrinet.html} to have an
262
(Experimental) Use the user mode network stack. This is the default if
263
no tun/tap network init script is found.
266
Use the dummy network stack: no packet will be received on the network
501
@item -net nic[,vlan=@var{n}][,macaddr=@var{addr}][,model=@var{type}]
502
Create a new Network Interface Card and connect it to VLAN @var{n} (@var{n}
503
= 0 is the default). The NIC is an ne2k_pci by default on the PC
504
target. Optionally, the MAC address can be changed. If no
505
@option{-net} option is specified, a single NIC is created.
506
Qemu can emulate several different models of network card.
507
Valid values for @var{type} are
508
@code{i82551}, @code{i82557b}, @code{i82559er},
509
@code{ne2k_pci}, @code{ne2k_isa}, @code{pcnet}, @code{rtl8139},
510
@code{smc91c111}, @code{lance} and @code{mcf_fec}.
511
Not all devices are supported on all targets. Use -net nic,model=?
512
for a list of available devices for your target.
514
@item -net user[,vlan=@var{n}][,hostname=@var{name}]
515
Use the user mode network stack which requires no administrator
516
privilege to run. @option{hostname=name} can be used to specify the client
517
hostname reported by the builtin DHCP server.
519
@item -net tap[,vlan=@var{n}][,fd=@var{h}][,ifname=@var{name}][,script=@var{file}]
520
Connect the host TAP network interface @var{name} to VLAN @var{n} and
521
use the network script @var{file} to configure it. The default
522
network script is @file{/etc/qemu-ifup}. Use @option{script=no} to
523
disable script execution. If @var{name} is not
524
provided, the OS automatically provides one. @option{fd}=@var{h} can be
525
used to specify the handle of an already opened host TAP interface. Example:
528
qemu linux.img -net nic -net tap
531
More complicated example (two NICs, each one connected to a TAP device)
533
qemu linux.img -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \
534
-net nic,vlan=1 -net tap,vlan=1,ifname=tap1
538
@item -net socket[,vlan=@var{n}][,fd=@var{h}][,listen=[@var{host}]:@var{port}][,connect=@var{host}:@var{port}]
540
Connect the VLAN @var{n} to a remote VLAN in another QEMU virtual
541
machine using a TCP socket connection. If @option{listen} is
542
specified, QEMU waits for incoming connections on @var{port}
543
(@var{host} is optional). @option{connect} is used to connect to
544
another QEMU instance using the @option{listen} option. @option{fd}=@var{h}
545
specifies an already opened TCP socket.
549
# launch a first QEMU instance
550
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
551
-net socket,listen=:1234
552
# connect the VLAN 0 of this instance to the VLAN 0
553
# of the first instance
554
qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
555
-net socket,connect=127.0.0.1:1234
558
@item -net socket[,vlan=@var{n}][,fd=@var{h}][,mcast=@var{maddr}:@var{port}]
560
Create a VLAN @var{n} shared with another QEMU virtual
561
machines using a UDP multicast socket, effectively making a bus for
562
every QEMU with same multicast address @var{maddr} and @var{port}.
566
Several QEMU can be running on different hosts and share same bus (assuming
567
correct multicast setup for these hosts).
569
mcast support is compatible with User Mode Linux (argument @option{eth@var{N}=mcast}), see
570
@url{http://user-mode-linux.sf.net}.
572
Use @option{fd=h} to specify an already opened UDP multicast socket.
577
# launch one QEMU instance
578
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
579
-net socket,mcast=230.0.0.1:1234
580
# launch another QEMU instance on same "bus"
581
qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
582
-net socket,mcast=230.0.0.1:1234
583
# launch yet another QEMU instance on same "bus"
584
qemu linux.img -net nic,macaddr=52:54:00:12:34:58 \
585
-net socket,mcast=230.0.0.1:1234
588
Example (User Mode Linux compat.):
590
# launch QEMU instance (note mcast address selected
592
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
593
-net socket,mcast=239.192.168.1:1102
595
/path/to/linux ubd0=/path/to/root_fs eth0=mcast
599
Indicate that no network devices should be configured. It is used to
600
override the default configuration (@option{-net nic -net user}) which
601
is activated if no @option{-net} options are provided.
603
@item -tftp @var{dir}
604
When using the user mode network stack, activate a built-in TFTP
605
server. The files in @var{dir} will be exposed as the root of a TFTP server.
606
The TFTP client on the guest must be configured in binary mode (use the command
607
@code{bin} of the Unix TFTP client). The host IP address on the guest is as
610
@item -bootp @var{file}
611
When using the user mode network stack, broadcast @var{file} as the BOOTP
612
filename. In conjunction with @option{-tftp}, this can be used to network boot
613
a guest from a local directory.
615
Example (using pxelinux):
617
qemu -hda linux.img -boot n -tftp /path/to/tftp/files -bootp /pxelinux.0
621
When using the user mode network stack, activate a built-in SMB
622
server so that Windows OSes can access to the host files in @file{@var{dir}}
625
In the guest Windows OS, the line:
629
must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me)
630
or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000).
632
Then @file{@var{dir}} can be accessed in @file{\\smbserver\qemu}.
634
Note that a SAMBA server must be installed on the host OS in
635
@file{/usr/sbin/smbd}. QEMU was tested successfully with smbd version
636
2.2.7a from the Red Hat 9 and version 3.0.10-1.fc3 from Fedora Core 3.
638
@item -redir [tcp|udp]:@var{host-port}:[@var{guest-host}]:@var{guest-port}
640
When using the user mode network stack, redirect incoming TCP or UDP
641
connections to the host port @var{host-port} to the guest
642
@var{guest-host} on guest port @var{guest-port}. If @var{guest-host}
643
is not specified, its value is 10.0.2.15 (default address given by the
644
built-in DHCP server).
646
For example, to redirect host X11 connection from screen 1 to guest
647
screen 0, use the following:
651
qemu -redir tcp:6001::6000 [...]
652
# this host xterm should open in the guest X11 server
656
To redirect telnet connections from host port 5555 to telnet port on
657
the guest, use the following:
661
qemu -redir tcp:5555::23 [...]
662
telnet localhost 5555
665
Then when you use on the host @code{telnet localhost 5555}, you
666
connect to the guest telnet server.
271
Linux boot specific. When using this options, you can use a given
670
Linux boot specific: When using these options, you can use a given
272
671
Linux kernel without installing it in the disk image. It can be useful
273
672
for easier testing of various kernels.
277
@item -kernel bzImage
676
@item -kernel @var{bzImage}
278
677
Use @var{bzImage} as kernel image.
280
@item -append cmdline
679
@item -append @var{cmdline}
281
680
Use @var{cmdline} as kernel command line
682
@item -initrd @var{file}
284
683
Use @var{file} as initial ram disk.
687
Debug/Expert options:
690
@item -serial @var{dev}
691
Redirect the virtual serial port to host character device
692
@var{dev}. The default device is @code{vc} in graphical mode and
693
@code{stdio} in non graphical mode.
695
This option can be used several times to simulate up to 4 serials
698
Use @code{-serial none} to disable all serial ports.
700
Available character devices are:
703
Virtual console. Optionally, a width and height can be given in pixel with
707
It is also possible to specify width or height in characters:
712
[Linux only] Pseudo TTY (a new PTY is automatically allocated)
714
No device is allocated.
718
[Linux only] Use host tty, e.g. @file{/dev/ttyS0}. The host serial port
719
parameters are set according to the emulated ones.
720
@item /dev/parport@var{N}
721
[Linux only, parallel port only] Use host parallel port
722
@var{N}. Currently SPP and EPP parallel port features can be used.
723
@item file:@var{filename}
724
Write output to @var{filename}. No character can be read.
726
[Unix only] standard input/output
727
@item pipe:@var{filename}
728
name pipe @var{filename}
730
[Windows only] Use host serial port @var{n}
731
@item udp:[@var{remote_host}]:@var{remote_port}[@@[@var{src_ip}]:@var{src_port}]
732
This implements UDP Net Console.
733
When @var{remote_host} or @var{src_ip} are not specified
734
they default to @code{0.0.0.0}.
735
When not using a specified @var{src_port} a random port is automatically chosen.
737
If you just want a simple readonly console you can use @code{netcat} or
738
@code{nc}, by starting qemu with: @code{-serial udp::4555} and nc as:
739
@code{nc -u -l -p 4555}. Any time qemu writes something to that port it
740
will appear in the netconsole session.
742
If you plan to send characters back via netconsole or you want to stop
743
and start qemu a lot of times, you should have qemu use the same
744
source port each time by using something like @code{-serial
745
udp::4555@@:4556} to qemu. Another approach is to use a patched
746
version of netcat which can listen to a TCP port and send and receive
747
characters via udp. If you have a patched version of netcat which
748
activates telnet remote echo and single char transfer, then you can
749
use the following options to step up a netcat redirector to allow
750
telnet on port 5555 to access the qemu port.
753
-serial udp::4555@@:4556
754
@item netcat options:
755
-u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T
756
@item telnet options:
761
@item tcp:[@var{host}]:@var{port}[,@var{server}][,nowait][,nodelay]
762
The TCP Net Console has two modes of operation. It can send the serial
763
I/O to a location or wait for a connection from a location. By default
764
the TCP Net Console is sent to @var{host} at the @var{port}. If you use
765
the @var{server} option QEMU will wait for a client socket application
766
to connect to the port before continuing, unless the @code{nowait}
767
option was specified. The @code{nodelay} option disables the Nagle buffering
768
algorithm. If @var{host} is omitted, 0.0.0.0 is assumed. Only
769
one TCP connection at a time is accepted. You can use @code{telnet} to
770
connect to the corresponding character device.
772
@item Example to send tcp console to 192.168.0.2 port 4444
773
-serial tcp:192.168.0.2:4444
774
@item Example to listen and wait on port 4444 for connection
775
-serial tcp::4444,server
776
@item Example to not wait and listen on ip 192.168.0.100 port 4444
777
-serial tcp:192.168.0.100:4444,server,nowait
780
@item telnet:@var{host}:@var{port}[,server][,nowait][,nodelay]
781
The telnet protocol is used instead of raw tcp sockets. The options
782
work the same as if you had specified @code{-serial tcp}. The
783
difference is that the port acts like a telnet server or client using
784
telnet option negotiation. This will also allow you to send the
785
MAGIC_SYSRQ sequence if you use a telnet that supports sending the break
786
sequence. Typically in unix telnet you do it with Control-] and then
787
type "send break" followed by pressing the enter key.
789
@item unix:@var{path}[,server][,nowait]
790
A unix domain socket is used instead of a tcp socket. The option works the
791
same as if you had specified @code{-serial tcp} except the unix domain socket
792
@var{path} is used for connections.
794
@item mon:@var{dev_string}
795
This is a special option to allow the monitor to be multiplexed onto
796
another serial port. The monitor is accessed with key sequence of
797
@key{Control-a} and then pressing @key{c}. See monitor access
798
@ref{pcsys_keys} in the -nographic section for more keys.
799
@var{dev_string} should be any one of the serial devices specified
800
above. An example to multiplex the monitor onto a telnet server
801
listening on port 4444 would be:
803
@item -serial mon:telnet::4444,server,nowait
808
@item -parallel @var{dev}
809
Redirect the virtual parallel port to host device @var{dev} (same
810
devices as the serial port). On Linux hosts, @file{/dev/parportN} can
811
be used to use hardware devices connected on the corresponding host
814
This option can be used several times to simulate up to 3 parallel
817
Use @code{-parallel none} to disable all parallel ports.
819
@item -monitor @var{dev}
820
Redirect the monitor to host device @var{dev} (same devices as the
822
The default device is @code{vc} in graphical mode and @code{stdio} in
825
@item -echr numeric_ascii_value
826
Change the escape character used for switching to the monitor when using
827
monitor and serial sharing. The default is @code{0x01} when using the
828
@code{-nographic} option. @code{0x01} is equal to pressing
829
@code{Control-a}. You can select a different character from the ascii
830
control keys where 1 through 26 map to Control-a through Control-z. For
831
instance you could use the either of the following to change the escape
832
character to Control-t.
291
Wait gdb connection to port 1234 (@xref{gdb_usage}).
293
Change gdb connection port.
839
Wait gdb connection to port 1234 (@pxref{gdb_usage}).
841
Change gdb connection port. @var{port} can be either a decimal number
842
to specify a TCP port, or a host device (same devices as the serial port).
295
844
Do not start CPU at startup (you must type 'c' in the monitor).
297
846
Output log in /tmp/qemu.log
847
@item -hdachs @var{c},@var{h},@var{s},[,@var{t}]
848
Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <=
849
@var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS
850
translation mode (@var{t}=none, lba or auto). Usually QEMU can guess
851
all those parameters. This option is useful for old MS-DOS disk
855
Set the directory for the BIOS, VGA BIOS and keymaps.
858
Simulate a standard VGA card with Bochs VBE extensions (default is
859
Cirrus Logic GD5446 PCI VGA). If your guest OS supports the VESA 2.0
860
VBE extensions (e.g. Windows XP) and if you want to use high
861
resolution modes (>= 1280x1024x16) then you should use this option.
864
Disable ACPI (Advanced Configuration and Power Interface) support. Use
865
it if your guest OS complains about ACPI problems (PC target machine
869
Exit instead of rebooting.
872
Start right away with a saved state (@code{loadvm} in monitor)
875
Enable semihosting syscall emulation (ARM and M68K target machines only).
877
On ARM this implements the "Angel" interface.
878
On M68K this implements the "ColdFire GDB" interface used by libgloss.
880
Note that this allows guest direct access to the host filesystem,
881
so should only be used with trusted guest OS.
300
891
During the graphical emulation, you can use the following keys:
897
Switch to virtual console 'n'. Standard console mappings are:
900
Target system display
303
908
Toggle mouse and keyboard grab.
308
During emulation, you can use @key{C-S} (Control and Shift) to release the mouse pointer. If you are using the serial console, use @key{C-a h}
309
to get terminal commands:
911
In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
912
@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
914
During emulation, if you are using the @option{-nographic} option, use
915
@key{Ctrl-a h} to get terminal commands:
317
923
Save disk data back to file (if -snapshot)
925
toggle console timestamps
319
927
Send break (magic sysrq in Linux)
493
1202
@node disk_images
494
1203
@section Disk Images
496
@subsection Raw disk images
498
The disk images can simply be raw images of the hard disk. You can
499
create them with the command:
1205
Since version 0.6.1, QEMU supports many disk image formats, including
1206
growable disk images (their size increase as non empty sectors are
1207
written), compressed and encrypted disk images. Version 0.8.3 added
1208
the new qcow2 disk image format which is essential to support VM
1212
* disk_images_quickstart:: Quick start for disk image creation
1213
* disk_images_snapshot_mode:: Snapshot mode
1214
* vm_snapshots:: VM snapshots
1215
* qemu_img_invocation:: qemu-img Invocation
1216
* host_drives:: Using host drives
1217
* disk_images_fat_images:: Virtual FAT disk images
1220
@node disk_images_quickstart
1221
@subsection Quick start for disk image creation
1223
You can create a disk image with the command:
501
dd of=myimage bs=1024 seek=mysize count=0
1225
qemu-img create myimage.img mysize
503
where @var{myimage} is the image filename and @var{mysize} is its size
1227
where @var{myimage.img} is the disk image filename and @var{mysize} is its
1228
size in kilobytes. You can add an @code{M} suffix to give the size in
1229
megabytes and a @code{G} suffix for gigabytes.
1231
See @ref{qemu_img_invocation} for more information.
1233
@node disk_images_snapshot_mode
506
1234
@subsection Snapshot mode
508
1236
If you use the option @option{-snapshot}, all disk images are
509
1237
considered as read only. When sectors in written, they are written in
510
1238
a temporary file created in @file{/tmp}. You can however force the
511
write back to the raw disk images by pressing @key{C-a s}.
513
NOTE: The snapshot mode only works with raw disk images.
515
@subsection Copy On Write disk images
517
QEMU also supports user mode Linux
518
(@url{http://user-mode-linux.sourceforge.net/}) Copy On Write (COW)
519
disk images. The COW disk images are much smaller than normal images
520
as they store only modified sectors. They also permit the use of the
521
same disk image template for many users.
523
To create a COW disk images, use the command:
526
qemu-mkcow -f myrawimage.bin mycowimage.cow
529
@file{myrawimage.bin} is a raw image you want to use as original disk
530
image. It will never be written to.
532
@file{mycowimage.cow} is the COW disk image which is created by
533
@code{qemu-mkcow}. You can use it directly with the @option{-hdx}
534
options. You must not modify the original raw disk image if you use
535
COW images, as COW images only store the modified sectors from the raw
536
disk image. QEMU stores the original raw disk image name and its
537
modified time in the COW disk image so that chances of mistakes are
540
If the raw disk image is not read-only, by pressing @key{C-a s} you
541
can flush the COW disk image back into the raw disk image, as in
544
COW disk images can also be created without a corresponding raw disk
545
image. It is useful to have a big initial virtual disk image without
546
using much disk space. Use:
549
qemu-mkcow mycowimage.cow 1024
552
to create a 1 gigabyte empty COW disk image.
557
COW disk images must be created on file systems supporting
558
@emph{holes} such as ext2 or ext3.
560
Since holes are used, the displayed size of the COW disk image is not
561
the real one. To know it, use the @code{ls -ls} command.
1239
write back to the raw disk images by using the @code{commit} monitor
1240
command (or @key{C-a s} in the serial console).
1243
@subsection VM snapshots
1245
VM snapshots are snapshots of the complete virtual machine including
1246
CPU state, RAM, device state and the content of all the writable
1247
disks. In order to use VM snapshots, you must have at least one non
1248
removable and writable block device using the @code{qcow2} disk image
1249
format. Normally this device is the first virtual hard drive.
1251
Use the monitor command @code{savevm} to create a new VM snapshot or
1252
replace an existing one. A human readable name can be assigned to each
1253
snapshot in addition to its numerical ID.
1255
Use @code{loadvm} to restore a VM snapshot and @code{delvm} to remove
1256
a VM snapshot. @code{info snapshots} lists the available snapshots
1257
with their associated information:
1260
(qemu) info snapshots
1261
Snapshot devices: hda
1262
Snapshot list (from hda):
1263
ID TAG VM SIZE DATE VM CLOCK
1264
1 start 41M 2006-08-06 12:38:02 00:00:14.954
1265
2 40M 2006-08-06 12:43:29 00:00:18.633
1266
3 msys 40M 2006-08-06 12:44:04 00:00:23.514
1269
A VM snapshot is made of a VM state info (its size is shown in
1270
@code{info snapshots}) and a snapshot of every writable disk image.
1271
The VM state info is stored in the first @code{qcow2} non removable
1272
and writable block device. The disk image snapshots are stored in
1273
every disk image. The size of a snapshot in a disk image is difficult
1274
to evaluate and is not shown by @code{info snapshots} because the
1275
associated disk sectors are shared among all the snapshots to save
1276
disk space (otherwise each snapshot would need a full copy of all the
1279
When using the (unrelated) @code{-snapshot} option
1280
(@ref{disk_images_snapshot_mode}), you can always make VM snapshots,
1281
but they are deleted as soon as you exit QEMU.
1283
VM snapshots currently have the following known limitations:
1286
They cannot cope with removable devices if they are removed or
1287
inserted after a snapshot is done.
1289
A few device drivers still have incomplete snapshot support so their
1290
state is not saved or restored properly (in particular USB).
1293
@node qemu_img_invocation
1294
@subsection @code{qemu-img} Invocation
1296
@include qemu-img.texi
1299
@subsection Using host drives
1301
In addition to disk image files, QEMU can directly access host
1302
devices. We describe here the usage for QEMU version >= 0.8.3.
1304
@subsubsection Linux
1306
On Linux, you can directly use the host device filename instead of a
1307
disk image filename provided you have enough privileges to access
1308
it. For example, use @file{/dev/cdrom} to access to the CDROM or
1309
@file{/dev/fd0} for the floppy.
1313
You can specify a CDROM device even if no CDROM is loaded. QEMU has
1314
specific code to detect CDROM insertion or removal. CDROM ejection by
1315
the guest OS is supported. Currently only data CDs are supported.
1317
You can specify a floppy device even if no floppy is loaded. Floppy
1318
removal is currently not detected accurately (if you change floppy
1319
without doing floppy access while the floppy is not loaded, the guest
1320
OS will think that the same floppy is loaded).
1322
Hard disks can be used. Normally you must specify the whole disk
1323
(@file{/dev/hdb} instead of @file{/dev/hdb1}) so that the guest OS can
1324
see it as a partitioned disk. WARNING: unless you know what you do, it
1325
is better to only make READ-ONLY accesses to the hard disk otherwise
1326
you may corrupt your host data (use the @option{-snapshot} command
1327
line option or modify the device permissions accordingly).
1330
@subsubsection Windows
1334
The preferred syntax is the drive letter (e.g. @file{d:}). The
1335
alternate syntax @file{\\.\d:} is supported. @file{/dev/cdrom} is
1336
supported as an alias to the first CDROM drive.
1338
Currently there is no specific code to handle removable media, so it
1339
is better to use the @code{change} or @code{eject} monitor commands to
1340
change or eject media.
1342
Hard disks can be used with the syntax: @file{\\.\PhysicalDrive@var{N}}
1343
where @var{N} is the drive number (0 is the first hard disk).
1345
WARNING: unless you know what you do, it is better to only make
1346
READ-ONLY accesses to the hard disk otherwise you may corrupt your
1347
host data (use the @option{-snapshot} command line so that the
1348
modifications are written in a temporary file).
1352
@subsubsection Mac OS X
1354
@file{/dev/cdrom} is an alias to the first CDROM.
1356
Currently there is no specific code to handle removable media, so it
1357
is better to use the @code{change} or @code{eject} monitor commands to
1358
change or eject media.
1360
@node disk_images_fat_images
1361
@subsection Virtual FAT disk images
1363
QEMU can automatically create a virtual FAT disk image from a
1364
directory tree. In order to use it, just type:
1367
qemu linux.img -hdb fat:/my_directory
1370
Then you access access to all the files in the @file{/my_directory}
1371
directory without having to copy them in a disk image or to export
1372
them via SAMBA or NFS. The default access is @emph{read-only}.
1374
Floppies can be emulated with the @code{:floppy:} option:
1377
qemu linux.img -fda fat:floppy:/my_directory
1380
A read/write support is available for testing (beta stage) with the
1384
qemu linux.img -fda fat:floppy:rw:/my_directory
1387
What you should @emph{never} do:
1389
@item use non-ASCII filenames ;
1390
@item use "-snapshot" together with ":rw:" ;
1391
@item expect it to work when loadvm'ing ;
1392
@item write to the FAT directory on the host system while accessing it with the guest system.
564
1396
@section Network emulation
566
QEMU simulates up to 6 networks cards (NE2000 boards). Each card can
567
be connected to a specific host network interface.
569
@subsection Using tun/tap network interface
571
This is the standard way to emulate network. QEMU adds a virtual
572
network device on your host (called @code{tun0}), and you can then
573
configure it as if it was a real ethernet card.
1398
QEMU can simulate several network cards (PCI or ISA cards on the PC
1399
target) and can connect them to an arbitrary number of Virtual Local
1400
Area Networks (VLANs). Host TAP devices can be connected to any QEMU
1401
VLAN. VLAN can be connected between separate instances of QEMU to
1402
simulate large networks. For simpler usage, a non privileged user mode
1403
network stack can replace the TAP device to have a basic network
1408
QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
1409
connection between several network devices. These devices can be for
1410
example QEMU virtual Ethernet cards or virtual Host ethernet devices
1413
@subsection Using TAP network interfaces
1415
This is the standard way to connect QEMU to a real network. QEMU adds
1416
a virtual network device on your host (called @code{tapN}), and you
1417
can then configure it as if it was a real ethernet card.
1419
@subsubsection Linux host
575
1421
As an example, you can download the @file{linux-test-xxx.tar.gz}
576
1422
archive and copy the script @file{qemu-ifup} in @file{/etc} and
577
1423
configure properly @code{sudo} so that the command @code{ifconfig}
578
1424
contained in @file{qemu-ifup} can be executed as root. You must verify
579
that your host kernel supports the TUN/TAP network interfaces: the
1425
that your host kernel supports the TAP network interfaces: the
580
1426
device @file{/dev/net/tun} must be present.
582
See @ref{direct_linux_boot} to have an example of network use with a
1428
See @ref{sec_invocation} to have examples of command lines using the
1429
TAP network interfaces.
1431
@subsubsection Windows host
1433
There is a virtual ethernet driver for Windows 2000/XP systems, called
1434
TAP-Win32. But it is not included in standard QEMU for Windows,
1435
so you will need to get it separately. It is part of OpenVPN package,
1436
so download OpenVPN from : @url{http://openvpn.net/}.
585
1438
@subsection Using the user mode network stack
587
This is @emph{experimental} (version 0.5.4). You must configure qemu
588
with @code{--enable-slirp}. Then by using the option
589
@option{-user-net} or if you have no tun/tap init script, QEMU uses a
590
completely user mode network stack (you don't need root priviledge to
591
use the virtual network). The virtual network configuration is the
1440
By using the option @option{-net user} (default configuration if no
1441
@option{-net} option is specified), QEMU uses a completely user mode
1442
network stack (you don't need root privilege to use the virtual
1443
network). The virtual network configuration is the following:
596
QEMU Virtual Machine <------> Firewall/DHCP server <-----> Internet
597
(10.0.2.x) | (10.0.2.2)
1447
QEMU VLAN <------> Firewall/DHCP server <-----> Internet
1450
----> DNS server (10.0.2.3)
1452
----> SMB server (10.0.2.4)
603
1455
The QEMU VM behaves as if it was behind a firewall which blocks all
604
1456
incoming connections. You can use a DHCP client to automatically
605
configure the network in the QEMU VM.
1457
configure the network in the QEMU VM. The DHCP server assign addresses
1458
to the hosts starting from 10.0.2.15.
607
1460
In order to check that the user mode network is working, you can ping
608
1461
the address 10.0.2.2 and verify that you got an address in the range
609
1462
10.0.2.x from the QEMU virtual DHCP server.
1464
Note that @code{ping} is not supported reliably to the internet as it
1465
would require root privileges. It means you can only ping the local
1468
When using the built-in TFTP server, the router is also the TFTP
1471
When using the @option{-redir} option, TCP or UDP connections can be
1472
redirected from the host to the guest. It allows for example to
1473
redirect X11, telnet or SSH connections.
1475
@subsection Connecting VLANs between QEMU instances
1477
Using the @option{-net socket} option, it is possible to make VLANs
1478
that span several QEMU instances. See @ref{sec_invocation} to have a
611
1481
@node direct_linux_boot
612
1482
@section Direct Linux Boot
614
1484
This section explains how to launch a Linux kernel inside QEMU without
615
1485
having to make a full bootable image. It is very useful for fast Linux
616
kernel testing. The QEMU network configuration is also explained.
620
Download the archive @file{linux-test-xxx.tar.gz} containing a Linux
621
kernel and a disk image.
623
@item Optional: If you want network support (for example to launch X11 examples), you
624
must copy the script @file{qemu-ifup} in @file{/etc} and configure
625
properly @code{sudo} so that the command @code{ifconfig} contained in
626
@file{qemu-ifup} can be executed as root. You must verify that your host
627
kernel supports the TUN/TAP network interfaces: the device
628
@file{/dev/net/tun} must be present.
630
When network is enabled, there is a virtual network connection between
631
the host kernel and the emulated kernel. The emulated kernel is seen
632
from the host kernel at IP address 172.20.0.2 and the host kernel is
633
seen from the emulated kernel at IP address 172.20.0.1.
635
@item Launch @code{qemu.sh}. You should have the following output:
639
Connected to host network interface: tun0
640
Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
641
BIOS-provided physical RAM map:
642
BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
643
BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
644
32MB LOWMEM available.
645
On node 0 totalpages: 8192
649
Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
650
ide_setup: ide2=noprobe
651
ide_setup: ide3=noprobe
652
ide_setup: ide4=noprobe
653
ide_setup: ide5=noprobe
655
Detected 2399.621 MHz processor.
656
Console: colour EGA 80x25
657
Calibrating delay loop... 4744.80 BogoMIPS
658
Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
659
Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
660
Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
661
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
662
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
663
Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
664
CPU: Intel Pentium Pro stepping 03
665
Checking 'hlt' instruction... OK.
666
POSIX conformance testing by UNIFIX
667
Linux NET4.0 for Linux 2.4
668
Based upon Swansea University Computer Society NET3.039
669
Initializing RT netlink socket
672
Journalled Block Device driver loaded
673
Detected PS/2 Mouse Port.
674
pty: 256 Unix98 ptys configured
675
Serial driver version 5.05c (2001-07-08) with no serial options enabled
676
ttyS00 at 0x03f8 (irq = 4) is a 16450
677
ne.c:v1.10 9/23/94 Donald Becker (becker@scyld.com)
678
Last modified Nov 1, 2000 by Paul Gortmaker
679
NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
680
eth0: NE2000 found at 0x300, using IRQ 9.
681
RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
682
Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
683
ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
684
hda: QEMU HARDDISK, ATA DISK drive
685
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
686
hda: attached ide-disk driver.
687
hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
690
Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
691
NET4: Linux TCP/IP 1.0 for NET4.0
692
IP Protocols: ICMP, UDP, TCP, IGMP
693
IP: routing cache hash table of 512 buckets, 4Kbytes
694
TCP: Hash tables configured (established 2048 bind 4096)
695
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
696
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
697
VFS: Mounted root (ext2 filesystem).
698
Freeing unused kernel memory: 64k freed
700
Linux version 2.4.21 (bellard@voyager.localdomain) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
702
QEMU Linux test distribution (based on Redhat 9)
704
Type 'exit' to halt the system
710
Then you can play with the kernel inside the virtual serial console. You
711
can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help
712
about the keys you can type inside the virtual serial console. In
713
particular, use @key{Ctrl-a x} to exit QEMU and use @key{Ctrl-a b} as
717
If the network is enabled, launch the script @file{/etc/linuxrc} in the
718
emulator (don't forget the leading dot):
723
Then enable X11 connections on your PC from the emulated Linux:
728
You can now launch @file{xterm} or @file{xlogo} and verify that you have
729
a real Virtual Linux system !
736
A 2.5.74 kernel is also included in the archive. Just
737
replace the bzImage in qemu.sh to try it.
740
qemu-fast creates a temporary file in @var{$QEMU_TMPDIR} (@file{/tmp} is the
741
default) containing all the simulated PC memory. If possible, try to use
742
a temporary directory using the tmpfs filesystem to avoid too many
743
unnecessary disk accesses.
746
In order to exit cleanly from qemu, you can do a @emph{shutdown} inside
747
qemu. qemu will automatically exit when the Linux shutdown is done.
750
You can boot slightly faster by disabling the probe of non present IDE
751
interfaces. To do so, add the following options on the kernel command
754
ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
758
The example disk image is a modified version of the one made by Kevin
759
Lawton for the plex86 Project (@url{www.plex86.org}).
764
@section Linux Kernel Compilation
766
You can use any linux kernel with QEMU. However, if you want to use
767
@code{qemu-fast} to get maximum performances, you must use a modified
768
guest kernel. If you are using a 2.6 guest kernel, you can use
769
directly the patch @file{linux-2.6-qemu-fast.patch} made by Rusty
770
Russel available in the QEMU source archive. Otherwise, you can make the
771
following changes @emph{by hand} to the Linux kernel:
775
The kernel must be mapped at 0x90000000 (the default is
776
0xc0000000). You must modify only two lines in the kernel source:
778
In @file{include/asm/page.h}, replace
780
#define __PAGE_OFFSET (0xc0000000)
784
#define __PAGE_OFFSET (0x90000000)
787
And in @file{arch/i386/vmlinux.lds}, replace
789
. = 0xc0000000 + 0x100000;
793
. = 0x90000000 + 0x100000;
797
If you want to enable SMP (Symmetric Multi-Processing) support, you
798
must make the following change in @file{include/asm/fixmap.h}. Replace
800
#define FIXADDR_TOP (0xffffX000UL)
804
#define FIXADDR_TOP (0xa7ffX000UL)
806
(X is 'e' or 'f' depending on the kernel version). Although you can
807
use an SMP kernel with QEMU, it only supports one CPU.
810
If you are not using a 2.6 kernel as host kernel but if you use a target
811
2.6 kernel, you must also ensure that the 'HZ' define is set to 100
812
(1000 is the default) as QEMU cannot currently emulate timers at
813
frequencies greater than 100 Hz on host Linux systems < 2.6. In
814
@file{include/asm/param.h}, replace:
817
# define HZ 1000 /* Internal kernel timer frequency */
821
# define HZ 100 /* Internal kernel timer frequency */
826
The file config-2.x.x gives the configuration of the example kernels.
833
As you would do to make a real kernel. Then you can use with QEMU
834
exactly the same kernel as you would boot on your PC (in
835
@file{arch/i386/boot/bzImage}).
1490
qemu -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
1493
Use @option{-kernel} to provide the Linux kernel image and
1494
@option{-append} to give the kernel command line arguments. The
1495
@option{-initrd} option can be used to provide an INITRD image.
1497
When using the direct Linux boot, a disk image for the first hard disk
1498
@file{hda} is required because its boot sector is used to launch the
1501
If you do not need graphical output, you can disable it and redirect
1502
the virtual serial port and the QEMU monitor to the console with the
1503
@option{-nographic} option. The typical command line is:
1505
qemu -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
1506
-append "root=/dev/hda console=ttyS0" -nographic
1509
Use @key{Ctrl-a c} to switch between the serial console and the
1510
monitor (@pxref{pcsys_keys}).
1513
@section USB emulation
1515
QEMU emulates a PCI UHCI USB controller. You can virtually plug
1516
virtual USB devices or real host USB devices (experimental, works only
1517
on Linux hosts). Qemu will automatically create and connect virtual USB hubs
1518
as necessary to connect multiple USB devices.
1522
* host_usb_devices::
1525
@subsection Connecting USB devices
1527
USB devices can be connected with the @option{-usbdevice} commandline option
1528
or the @code{usb_add} monitor command. Available devices are:
1532
Virtual Mouse. This will override the PS/2 mouse emulation when activated.
1534
Pointer device that uses absolute coordinates (like a touchscreen).
1535
This means qemu is able to report the mouse position without having
1536
to grab the mouse. Also overrides the PS/2 mouse emulation when activated.
1537
@item @code{disk:@var{file}}
1538
Mass storage device based on @var{file} (@pxref{disk_images})
1539
@item @code{host:@var{bus.addr}}
1540
Pass through the host device identified by @var{bus.addr}
1542
@item @code{host:@var{vendor_id:product_id}}
1543
Pass through the host device identified by @var{vendor_id:product_id}
1545
@item @code{wacom-tablet}
1546
Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet}
1547
above but it can be used with the tslib library because in addition to touch
1548
coordinates it reports touch pressure.
1549
@item @code{keyboard}
1550
Standard USB keyboard. Will override the PS/2 keyboard (if present).
1553
@node host_usb_devices
1554
@subsection Using host USB devices on a Linux host
1556
WARNING: this is an experimental feature. QEMU will slow down when
1557
using it. USB devices requiring real time streaming (i.e. USB Video
1558
Cameras) are not supported yet.
1561
@item If you use an early Linux 2.4 kernel, verify that no Linux driver
1562
is actually using the USB device. A simple way to do that is simply to
1563
disable the corresponding kernel module by renaming it from @file{mydriver.o}
1564
to @file{mydriver.o.disabled}.
1566
@item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
1572
@item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
1574
chown -R myuid /proc/bus/usb
1577
@item Launch QEMU and do in the monitor:
1580
Device 1.2, speed 480 Mb/s
1581
Class 00: USB device 1234:5678, USB DISK
1583
You should see the list of the devices you can use (Never try to use
1584
hubs, it won't work).
1586
@item Add the device in QEMU by using:
1588
usb_add host:1234:5678
1591
Normally the guest OS should report that a new USB device is
1592
plugged. You can use the option @option{-usbdevice} to do the same.
1594
@item Now you can try to use the host USB device in QEMU.
1598
When relaunching QEMU, you may have to unplug and plug again the USB
1599
device to make it work again (this is a bug).
1602
@section VNC security
1604
The VNC server capability provides access to the graphical console
1605
of the guest VM across the network. This has a number of security
1606
considerations depending on the deployment scenarios.
1610
* vnc_sec_password::
1611
* vnc_sec_certificate::
1612
* vnc_sec_certificate_verify::
1613
* vnc_sec_certificate_pw::
1614
* vnc_generate_cert::
1617
@subsection Without passwords
1619
The simplest VNC server setup does not include any form of authentication.
1620
For this setup it is recommended to restrict it to listen on a UNIX domain
1621
socket only. For example
1624
qemu [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
1627
This ensures that only users on local box with read/write access to that
1628
path can access the VNC server. To securely access the VNC server from a
1629
remote machine, a combination of netcat+ssh can be used to provide a secure
1632
@node vnc_sec_password
1633
@subsection With passwords
1635
The VNC protocol has limited support for password based authentication. Since
1636
the protocol limits passwords to 8 characters it should not be considered
1637
to provide high security. The password can be fairly easily brute-forced by
1638
a client making repeat connections. For this reason, a VNC server using password
1639
authentication should be restricted to only listen on the loopback interface
1640
or UNIX domain sockets. Password ayuthentication is requested with the @code{password}
1641
option, and then once QEMU is running the password is set with the monitor. Until
1642
the monitor is used to set the password all clients will be rejected.
1645
qemu [...OPTIONS...] -vnc :1,password -monitor stdio
1646
(qemu) change vnc password
1651
@node vnc_sec_certificate
1652
@subsection With x509 certificates
1654
The QEMU VNC server also implements the VeNCrypt extension allowing use of
1655
TLS for encryption of the session, and x509 certificates for authentication.
1656
The use of x509 certificates is strongly recommended, because TLS on its
1657
own is susceptible to man-in-the-middle attacks. Basic x509 certificate
1658
support provides a secure session, but no authentication. This allows any
1659
client to connect, and provides an encrypted session.
1662
qemu [...OPTIONS...] -vnc :1,tls,x509=/etc/pki/qemu -monitor stdio
1665
In the above example @code{/etc/pki/qemu} should contain at least three files,
1666
@code{ca-cert.pem}, @code{server-cert.pem} and @code{server-key.pem}. Unprivileged
1667
users will want to use a private directory, for example @code{$HOME/.pki/qemu}.
1668
NB the @code{server-key.pem} file should be protected with file mode 0600 to
1669
only be readable by the user owning it.
1671
@node vnc_sec_certificate_verify
1672
@subsection With x509 certificates and client verification
1674
Certificates can also provide a means to authenticate the client connecting.
1675
The server will request that the client provide a certificate, which it will
1676
then validate against the CA certificate. This is a good choice if deploying
1677
in an environment with a private internal certificate authority.
1680
qemu [...OPTIONS...] -vnc :1,tls,x509verify=/etc/pki/qemu -monitor stdio
1684
@node vnc_sec_certificate_pw
1685
@subsection With x509 certificates, client verification and passwords
1687
Finally, the previous method can be combined with VNC password authentication
1688
to provide two layers of authentication for clients.
1691
qemu [...OPTIONS...] -vnc :1,password,tls,x509verify=/etc/pki/qemu -monitor stdio
1692
(qemu) change vnc password
1697
@node vnc_generate_cert
1698
@subsection Generating certificates for VNC
1700
The GNU TLS packages provides a command called @code{certtool} which can
1701
be used to generate certificates and keys in PEM format. At a minimum it
1702
is neccessary to setup a certificate authority, and issue certificates to
1703
each server. If using certificates for authentication, then each client
1704
will also need to be issued a certificate. The recommendation is for the
1705
server to keep its certificates in either @code{/etc/pki/qemu} or for
1706
unprivileged users in @code{$HOME/.pki/qemu}.
1710
* vnc_generate_server::
1711
* vnc_generate_client::
1713
@node vnc_generate_ca
1714
@subsubsection Setup the Certificate Authority
1716
This step only needs to be performed once per organization / organizational
1717
unit. First the CA needs a private key. This key must be kept VERY secret
1718
and secure. If this key is compromised the entire trust chain of the certificates
1719
issued with it is lost.
1722
# certtool --generate-privkey > ca-key.pem
1725
A CA needs to have a public certificate. For simplicity it can be a self-signed
1726
certificate, or one issue by a commercial certificate issuing authority. To
1727
generate a self-signed certificate requires one core piece of information, the
1728
name of the organization.
1731
# cat > ca.info <<EOF
1732
cn = Name of your organization
1736
# certtool --generate-self-signed \
1737
--load-privkey ca-key.pem
1738
--template ca.info \
1739
--outfile ca-cert.pem
1742
The @code{ca-cert.pem} file should be copied to all servers and clients wishing to utilize
1743
TLS support in the VNC server. The @code{ca-key.pem} must not be disclosed/copied at all.
1745
@node vnc_generate_server
1746
@subsubsection Issuing server certificates
1748
Each server (or host) needs to be issued with a key and certificate. When connecting
1749
the certificate is sent to the client which validates it against the CA certificate.
1750
The core piece of information for a server certificate is the hostname. This should
1751
be the fully qualified hostname that the client will connect with, since the client
1752
will typically also verify the hostname in the certificate. On the host holding the
1753
secure CA private key:
1756
# cat > server.info <<EOF
1757
organization = Name of your organization
1758
cn = server.foo.example.com
1763
# certtool --generate-privkey > server-key.pem
1764
# certtool --generate-certificate \
1765
--load-ca-certificate ca-cert.pem \
1766
--load-ca-privkey ca-key.pem \
1767
--load-privkey server server-key.pem \
1768
--template server.info \
1769
--outfile server-cert.pem
1772
The @code{server-key.pem} and @code{server-cert.pem} files should now be securely copied
1773
to the server for which they were generated. The @code{server-key.pem} is security
1774
sensitive and should be kept protected with file mode 0600 to prevent disclosure.
1776
@node vnc_generate_client
1777
@subsubsection Issuing client certificates
1779
If the QEMU VNC server is to use the @code{x509verify} option to validate client
1780
certificates as its authentication mechanism, each client also needs to be issued
1781
a certificate. The client certificate contains enough metadata to uniquely identify
1782
the client, typically organization, state, city, building, etc. On the host holding
1783
the secure CA private key:
1786
# cat > client.info <<EOF
1790
organiazation = Name of your organization
1791
cn = client.foo.example.com
1796
# certtool --generate-privkey > client-key.pem
1797
# certtool --generate-certificate \
1798
--load-ca-certificate ca-cert.pem \
1799
--load-ca-privkey ca-key.pem \
1800
--load-privkey client-key.pem \
1801
--template client.info \
1802
--outfile client-cert.pem
1805
The @code{client-key.pem} and @code{client-cert.pem} files should now be securely
1806
copied to the client for which they were generated.
838
1809
@section GDB usage
872
1844
Use @code{x/10i $eip} to display the code at the PC position.
874
1846
Use @code{set architecture i8086} to dump 16 bit code. Then use
875
@code{x/10i $cs*16+*eip} to dump the code at the PC position.
1847
@code{x/10i $cs*16+$eip} to dump the code at the PC position.
878
@chapter QEMU PREP PowerPC System emulator invocation
1850
@node pcsys_os_specific
1851
@section Target OS specific information
1855
To have access to SVGA graphic modes under X11, use the @code{vesa} or
1856
the @code{cirrus} X11 driver. For optimal performances, use 16 bit
1857
color depth in the guest and the host OS.
1859
When using a 2.6 guest Linux kernel, you should add the option
1860
@code{clock=pit} on the kernel command line because the 2.6 Linux
1861
kernels make very strict real time clock checks by default that QEMU
1862
cannot simulate exactly.
1864
When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
1865
not activated because QEMU is slower with this patch. The QEMU
1866
Accelerator Module is also much slower in this case. Earlier Fedora
1867
Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporate this
1868
patch by default. Newer kernels don't have it.
1872
If you have a slow host, using Windows 95 is better as it gives the
1873
best speed. Windows 2000 is also a good choice.
1875
@subsubsection SVGA graphic modes support
1877
QEMU emulates a Cirrus Logic GD5446 Video
1878
card. All Windows versions starting from Windows 95 should recognize
1879
and use this graphic card. For optimal performances, use 16 bit color
1880
depth in the guest and the host OS.
1882
If you are using Windows XP as guest OS and if you want to use high
1883
resolution modes which the Cirrus Logic BIOS does not support (i.e. >=
1884
1280x1024x16), then you should use the VESA VBE virtual graphic card
1885
(option @option{-std-vga}).
1887
@subsubsection CPU usage reduction
1889
Windows 9x does not correctly use the CPU HLT
1890
instruction. The result is that it takes host CPU cycles even when
1891
idle. You can install the utility from
1892
@url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this
1893
problem. Note that no such tool is needed for NT, 2000 or XP.
1895
@subsubsection Windows 2000 disk full problem
1897
Windows 2000 has a bug which gives a disk full problem during its
1898
installation. When installing it, use the @option{-win2k-hack} QEMU
1899
option to enable a specific workaround. After Windows 2000 is
1900
installed, you no longer need this option (this option slows down the
1903
@subsubsection Windows 2000 shutdown
1905
Windows 2000 cannot automatically shutdown in QEMU although Windows 98
1906
can. It comes from the fact that Windows 2000 does not automatically
1907
use the APM driver provided by the BIOS.
1909
In order to correct that, do the following (thanks to Struan
1910
Bartlett): go to the Control Panel => Add/Remove Hardware & Next =>
1911
Add/Troubleshoot a device => Add a new device & Next => No, select the
1912
hardware from a list & Next => NT Apm/Legacy Support & Next => Next
1913
(again) a few times. Now the driver is installed and Windows 2000 now
1914
correctly instructs QEMU to shutdown at the appropriate moment.
1916
@subsubsection Share a directory between Unix and Windows
1918
See @ref{sec_invocation} about the help of the option @option{-smb}.
1920
@subsubsection Windows XP security problem
1922
Some releases of Windows XP install correctly but give a security
1925
A problem is preventing Windows from accurately checking the
1926
license for this computer. Error code: 0x800703e6.
1929
The workaround is to install a service pack for XP after a boot in safe
1930
mode. Then reboot, and the problem should go away. Since there is no
1931
network while in safe mode, its recommended to download the full
1932
installation of SP1 or SP2 and transfer that via an ISO or using the
1933
vvfat block device ("-hdb fat:directory_which_holds_the_SP").
1935
@subsection MS-DOS and FreeDOS
1937
@subsubsection CPU usage reduction
1939
DOS does not correctly use the CPU HLT instruction. The result is that
1940
it takes host CPU cycles even when idle. You can install the utility
1941
from @url{http://www.vmware.com/software/dosidle210.zip} to solve this
1944
@node QEMU System emulator for non PC targets
1945
@chapter QEMU System emulator for non PC targets
1947
QEMU is a generic emulator and it emulates many non PC
1948
machines. Most of the options are similar to the PC emulator. The
1949
differences are mentioned in the following sections.
1952
* QEMU PowerPC System emulator::
1953
* Sparc32 System emulator::
1954
* Sparc64 System emulator::
1955
* MIPS System emulator::
1956
* ARM System emulator::
1957
* ColdFire System emulator::
1960
@node QEMU PowerPC System emulator
1961
@section QEMU PowerPC System emulator
880
1963
Use the executable @file{qemu-system-ppc} to simulate a complete PREP
883
QEMU emulates the following PREP peripherials:
1964
or PowerMac PowerPC system.
1966
QEMU emulates the following PowerMac peripherals:
1972
PCI VGA compatible card with VESA Bochs Extensions
1974
2 PMAC IDE interfaces with hard disk and CD-ROM support
1980
VIA-CUDA with ADB keyboard and mouse.
1983
QEMU emulates the following PREP peripherals:
1989
PCI VGA compatible card with VESA Bochs Extensions
887
1991
2 IDE interfaces with hard disk and CD-ROM support
891
up to 6 NE2000 network adapters
1995
NE2000 network adapters
895
1999
PREP Non Volatile RAM
2001
PC compatible keyboard and mouse.
898
You can read the qemu PC system emulation chapter to have more
899
informations about QEMU usage.
2004
QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
2005
@url{http://perso.magic.fr/l_indien/OpenHackWare/index.htm}.
2007
@c man begin OPTIONS
2009
The following options are specific to the PowerPC emulation:
2013
@item -g WxH[xDEPTH]
2015
Set the initial VGA graphic mode. The default is 800x600x15.
901
2022
More information is available at
902
@url{http://jocelyn.mayer.free.fr/qemu-ppc/}.
904
@chapter QEMU User space emulator invocation
2023
@url{http://perso.magic.fr/l_indien/qemu-ppc/}.
2025
@node Sparc32 System emulator
2026
@section Sparc32 System emulator
2028
Use the executable @file{qemu-system-sparc} to simulate a SPARCstation
2029
5, SPARCstation 10, SPARCstation 20, SPARCserver 600MP (sun4m
2030
architecture), SPARCstation 2 (sun4c architecture), SPARCserver 1000,
2031
or SPARCcenter 2000 (sun4d architecture). The emulation is somewhat
2032
complete. SMP up to 16 CPUs is supported, but Linux limits the number
2033
of usable CPUs to 4.
2035
QEMU emulates the following sun4m/sun4d peripherals:
2043
Lance (Am7990) Ethernet
2045
Non Volatile RAM M48T08
2047
Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
2048
and power/reset logic
2050
ESP SCSI controller with hard disk and CD-ROM support
2052
Floppy drive (not on SS-600MP)
2054
CS4231 sound device (only on SS-5, not working yet)
2057
The number of peripherals is fixed in the architecture. Maximum
2058
memory size depends on the machine type, for SS-5 it is 256MB and for
2061
Since version 0.8.2, QEMU uses OpenBIOS
2062
@url{http://www.openbios.org/}. OpenBIOS is a free (GPL v2) portable
2063
firmware implementation. The goal is to implement a 100% IEEE
2064
1275-1994 (referred to as Open Firmware) compliant firmware.
2066
A sample Linux 2.6 series kernel and ram disk image are available on
2067
the QEMU web site. Please note that currently NetBSD, OpenBSD or
2068
Solaris kernels don't work.
2070
@c man begin OPTIONS
2072
The following options are specific to the Sparc32 emulation:
2076
@item -g WxHx[xDEPTH]
2078
Set the initial TCX graphic mode. The default is 1024x768x8, currently
2079
the only other possible mode is 1024x768x24.
2081
@item -prom-env string
2083
Set OpenBIOS variables in NVRAM, for example:
2086
qemu-system-sparc -prom-env 'auto-boot?=false' \
2087
-prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
2090
@item -M [SS-5|SS-10|SS-20|SS-600MP|SS-2|SS-1000|SS-2000]
2092
Set the emulated machine type. Default is SS-5.
2098
@node Sparc64 System emulator
2099
@section Sparc64 System emulator
2101
Use the executable @file{qemu-system-sparc64} to simulate a Sun4u machine.
2102
The emulator is not usable for anything yet.
2104
QEMU emulates the following sun4u peripherals:
2108
UltraSparc IIi APB PCI Bridge
2110
PCI VGA compatible card with VESA Bochs Extensions
2112
Non Volatile RAM M48T59
2114
PC-compatible serial ports
2117
@node MIPS System emulator
2118
@section MIPS System emulator
2120
Four executables cover simulation of 32 and 64-bit MIPS systems in
2121
both endian options, @file{qemu-system-mips}, @file{qemu-system-mipsel}
2122
@file{qemu-system-mips64} and @file{qemu-system-mips64el}.
2123
Four different machine types are emulated:
2127
A generic ISA PC-like machine "mips"
2129
The MIPS Malta prototype board "malta"
2131
An ACER Pica "pica61". This machine needs the 64-bit emulator.
2133
MIPS emulator pseudo board "mipssim"
2136
The generic emulation is supported by Debian 'Etch' and is able to
2137
install Debian into a virtual disk image. The following devices are
2142
A range of MIPS CPUs, default is the 24Kf
2144
PC style serial port
2151
The Malta emulation supports the following devices:
2155
Core board with MIPS 24Kf CPU and Galileo system controller
2157
PIIX4 PCI/USB/SMbus controller
2159
The Multi-I/O chip's serial device
2161
PCnet32 PCI network card
2163
Malta FPGA serial device
2165
Cirrus VGA graphics card
2168
The ACER Pica emulation supports:
2174
PC-style IRQ and DMA controllers
2181
The mipssim pseudo board emulation provides an environment similiar
2182
to what the proprietary MIPS emulator uses for running Linux.
2187
A range of MIPS CPUs, default is the 24Kf
2189
PC style serial port
2191
MIPSnet network emulation
2194
@node ARM System emulator
2195
@section ARM System emulator
2197
Use the executable @file{qemu-system-arm} to simulate a ARM
2198
machine. The ARM Integrator/CP board is emulated with the following
2203
ARM926E, ARM1026E, ARM946E, ARM1136 or Cortex-A8 CPU
2207
SMC 91c111 Ethernet adapter
2209
PL110 LCD controller
2211
PL050 KMI with PS/2 keyboard and mouse.
2213
PL181 MultiMedia Card Interface with SD card.
2216
The ARM Versatile baseboard is emulated with the following devices:
2220
ARM926E, ARM1136 or Cortex-A8 CPU
2222
PL190 Vectored Interrupt Controller
2226
SMC 91c111 Ethernet adapter
2228
PL110 LCD controller
2230
PL050 KMI with PS/2 keyboard and mouse.
2232
PCI host bridge. Note the emulated PCI bridge only provides access to
2233
PCI memory space. It does not provide access to PCI IO space.
2234
This means some devices (eg. ne2k_pci NIC) are not usable, and others
2235
(eg. rtl8139 NIC) are only usable when the guest drivers use the memory
2236
mapped control registers.
2238
PCI OHCI USB controller.
2240
LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices.
2242
PL181 MultiMedia Card Interface with SD card.
2245
The ARM RealView Emulation baseboard is emulated with the following devices:
2249
ARM926E, ARM1136, ARM11MPCORE(x4) or Cortex-A8 CPU
2251
ARM AMBA Generic/Distributed Interrupt Controller
2255
SMC 91c111 Ethernet adapter
2257
PL110 LCD controller
2259
PL050 KMI with PS/2 keyboard and mouse
2263
PCI OHCI USB controller
2265
LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices
2267
PL181 MultiMedia Card Interface with SD card.
2270
The XScale-based clamshell PDA models ("Spitz", "Akita", "Borzoi"
2271
and "Terrier") emulation includes the following peripherals:
2275
Intel PXA270 System-on-chip (ARM V5TE core)
2279
IBM/Hitachi DSCM microdrive in a PXA PCMCIA slot - not in "Akita"
2281
On-chip OHCI USB controller
2283
On-chip LCD controller
2285
On-chip Real Time Clock
2287
TI ADS7846 touchscreen controller on SSP bus
2289
Maxim MAX1111 analog-digital converter on I@math{^2}C bus
2291
GPIO-connected keyboard controller and LEDs
2293
Secure Digital card connected to PXA MMC/SD host
2297
WM8750 audio CODEC on I@math{^2}C and I@math{^2}S busses
2300
The Palm Tungsten|E PDA (codename "Cheetah") emulation includes the
2305
Texas Instruments OMAP310 System-on-chip (ARM 925T core)
2307
ROM and RAM memories (ROM firmware image can be loaded with -option-rom)
2309
On-chip LCD controller
2311
On-chip Real Time Clock
2313
TI TSC2102i touchscreen controller / analog-digital converter / Audio
2314
CODEC, connected through MicroWire and I@math{^2}S busses
2316
GPIO-connected matrix keypad
2318
Secure Digital card connected to OMAP MMC/SD host
2323
The Luminary Micro Stellaris LM3S811EVB emulation includes the following
2330
64k Flash and 8k SRAM.
2332
Timers, UARTs, ADC and I@math{^2}C interface.
2334
OSRAM Pictiva 96x16 OLED with SSD0303 controller on I@math{^2}C bus.
2337
The Luminary Micro Stellaris LM3S6965EVB emulation includes the following
2344
256k Flash and 64k SRAM.
2346
Timers, UARTs, ADC, I@math{^2}C and SSI interfaces.
2348
OSRAM Pictiva 128x64 OLED with SSD0323 controller connected via SSI.
2351
A Linux 2.6 test image is available on the QEMU web site. More
2352
information is available in the QEMU mailing-list archive.
2354
@node ColdFire System emulator
2355
@section ColdFire System emulator
2357
Use the executable @file{qemu-system-m68k} to simulate a ColdFire machine.
2358
The emulator is able to boot a uClinux kernel.
2360
The M5208EVB emulation includes the following devices:
2364
MCF5208 ColdFire V2 Microprocessor (ISA A+ with EMAC).
2366
Three Two on-chip UARTs.
2368
Fast Ethernet Controller (FEC)
2371
The AN5206 emulation includes the following devices:
2375
MCF5206 ColdFire V2 Microprocessor.
2380
@node QEMU User space emulator
2381
@chapter QEMU User space emulator
2384
* Supported Operating Systems ::
2385
* Linux User space emulator::
2386
* Mac OS X/Darwin User space emulator ::
2389
@node Supported Operating Systems
2390
@section Supported Operating Systems
2392
The following OS are supported in user space emulation:
2396
Linux (referred as qemu-linux-user)
2398
Mac OS X/Darwin (referred as qemu-darwin-user)
2401
@node Linux User space emulator
2402
@section Linux User space emulator
2407
* Command line options::
2412
@subsection Quick Start
908
2414
In order to launch a Linux process, QEMU needs the process executable
909
itself and all the target (x86) dynamic libraries used by it.
2415
itself and all the target (x86) dynamic libraries used by it.
913
2419
@item On x86, you can just try to launch any process by using the native
917
2423
qemu-i386 -L / /bin/ls
920
2426
@code{-L /} tells that the x86 dynamic linker must be searched with a
921
2427
@file{/} prefix.
923
@item Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):
2429
@item Since QEMU is also a linux process, you can launch qemu with
2430
qemu (NOTE: you can only do that if you compiled QEMU from the sources):
926
2433
qemu-i386 -L / qemu-i386 -L / /bin/ls