]> git.proxmox.com Git - mirror_qemu.git/blame - qemu-doc.texi
Merge remote-tracking branch 'kwolf/for-anthony' into staging
[mirror_qemu.git] / qemu-doc.texi
CommitLineData
386405f7 1\input texinfo @c -*- texinfo -*-
debc7065
FB
2@c %**start of header
3@setfilename qemu-doc.info
e080e785
SW
4
5@documentlanguage en
6@documentencoding UTF-8
7
8f40c388 8@settitle QEMU Emulator User Documentation
debc7065
FB
9@exampleindent 0
10@paragraphindent 0
11@c %**end of header
386405f7 12
a1a32b05
SW
13@ifinfo
14@direntry
15* QEMU: (qemu-doc). The QEMU Emulator User Documentation.
16@end direntry
17@end ifinfo
18
0806e3f6 19@iftex
386405f7
FB
20@titlepage
21@sp 7
8f40c388 22@center @titlefont{QEMU Emulator}
debc7065
FB
23@sp 1
24@center @titlefont{User Documentation}
386405f7
FB
25@sp 3
26@end titlepage
0806e3f6 27@end iftex
386405f7 28
debc7065
FB
29@ifnottex
30@node Top
31@top
32
33@menu
34* Introduction::
35* Installation::
36* QEMU PC System emulator::
37* QEMU System emulator for non PC targets::
83195237 38* QEMU User space emulator::
debc7065 39* compilation:: Compilation from the sources
7544a042 40* License::
debc7065
FB
41* Index::
42@end menu
43@end ifnottex
44
45@contents
46
47@node Introduction
386405f7
FB
48@chapter Introduction
49
debc7065
FB
50@menu
51* intro_features:: Features
52@end menu
53
54@node intro_features
322d0c66 55@section Features
386405f7 56
1f673135
FB
57QEMU is a FAST! processor emulator using dynamic translation to
58achieve good emulation speed.
1eb20527
FB
59
60QEMU has two operating modes:
0806e3f6 61
d7e5edca 62@itemize
7544a042 63@cindex operating modes
0806e3f6 64
5fafdf24 65@item
7544a042 66@cindex system emulation
1f673135 67Full system emulation. In this mode, QEMU emulates a full system (for
3f9f3aa1
FB
68example a PC), including one or several processors and various
69peripherals. It can be used to launch different Operating Systems
70without rebooting the PC or to debug system code.
1eb20527 71
5fafdf24 72@item
7544a042 73@cindex user mode emulation
83195237
FB
74User mode emulation. In this mode, QEMU can launch
75processes compiled for one CPU on another CPU. It can be used to
1f673135
FB
76launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
77to ease cross-compilation and cross-debugging.
1eb20527
FB
78
79@end itemize
80
7c3fc84d 81QEMU can run without an host kernel driver and yet gives acceptable
5fafdf24 82performance.
322d0c66 83
52c00a5f
FB
84For system emulation, the following hardware targets are supported:
85@itemize
7544a042
SW
86@cindex emulated target systems
87@cindex supported target systems
9d0a8e6f 88@item PC (x86 or x86_64 processor)
3f9f3aa1 89@item ISA PC (old style PC without PCI bus)
52c00a5f 90@item PREP (PowerPC processor)
d45952a0 91@item G3 Beige PowerMac (PowerPC processor)
9d0a8e6f 92@item Mac99 PowerMac (PowerPC processor, in progress)
ee76f82e 93@item Sun4m/Sun4c/Sun4d (32-bit Sparc processor)
c7ba218d 94@item Sun4u/Sun4v (64-bit Sparc processor, in progress)
d9aedc32 95@item Malta board (32-bit and 64-bit MIPS processors)
88cb0a02 96@item MIPS Magnum (64-bit MIPS processor)
9ee6e8bb
PB
97@item ARM Integrator/CP (ARM)
98@item ARM Versatile baseboard (ARM)
0ef849d7 99@item ARM RealView Emulation/Platform baseboard (ARM)
ef4c3856 100@item Spitz, Akita, Borzoi, Terrier and Tosa PDAs (PXA270 processor)
9ee6e8bb
PB
101@item Luminary Micro LM3S811EVB (ARM Cortex-M3)
102@item Luminary Micro LM3S6965EVB (ARM Cortex-M3)
707e011b 103@item Freescale MCF5208EVB (ColdFire V2).
209a4e69 104@item Arnewsh MCF5206 evaluation board (ColdFire V2).
02645926 105@item Palm Tungsten|E PDA (OMAP310 processor)
c30bb264 106@item N800 and N810 tablets (OMAP2420 processor)
57cd6e97 107@item MusicPal (MV88W8618 ARM processor)
ef4c3856
AZ
108@item Gumstix "Connex" and "Verdex" motherboards (PXA255/270).
109@item Siemens SX1 smartphone (OMAP310 processor)
48c50a62
EI
110@item AXIS-Devboard88 (CRISv32 ETRAX-FS).
111@item Petalogix Spartan 3aDSP1800 MMU ref design (MicroBlaze).
3aeaea65 112@item Avnet LX60/LX110/LX200 boards (Xtensa)
52c00a5f 113@end itemize
386405f7 114
7544a042
SW
115@cindex supported user mode targets
116For user emulation, x86 (32 and 64 bit), PowerPC (32 and 64 bit),
117ARM, MIPS (32 bit only), Sparc (32 and 64 bit),
118Alpha, ColdFire(m68k), CRISv32 and MicroBlaze CPUs are supported.
0806e3f6 119
debc7065 120@node Installation
5b9f457a
FB
121@chapter Installation
122
15a34c63
FB
123If you want to compile QEMU yourself, see @ref{compilation}.
124
debc7065
FB
125@menu
126* install_linux:: Linux
127* install_windows:: Windows
128* install_mac:: Macintosh
129@end menu
130
131@node install_linux
1f673135 132@section Linux
7544a042 133@cindex installation (Linux)
1f673135 134
7c3fc84d
FB
135If a precompiled package is available for your distribution - you just
136have to install it. Otherwise, see @ref{compilation}.
5b9f457a 137
debc7065 138@node install_windows
1f673135 139@section Windows
7544a042 140@cindex installation (Windows)
8cd0ac2f 141
15a34c63 142Download the experimental binary installer at
debc7065 143@url{http://www.free.oszoo.org/@/download.html}.
7544a042 144TODO (no longer available)
d691f669 145
debc7065 146@node install_mac
1f673135 147@section Mac OS X
d691f669 148
15a34c63 149Download the experimental binary installer at
debc7065 150@url{http://www.free.oszoo.org/@/download.html}.
7544a042 151TODO (no longer available)
df0f11a0 152
debc7065 153@node QEMU PC System emulator
3f9f3aa1 154@chapter QEMU PC System emulator
7544a042 155@cindex system emulation (PC)
1eb20527 156
debc7065
FB
157@menu
158* pcsys_introduction:: Introduction
159* pcsys_quickstart:: Quick Start
160* sec_invocation:: Invocation
161* pcsys_keys:: Keys
162* pcsys_monitor:: QEMU Monitor
163* disk_images:: Disk Images
164* pcsys_network:: Network emulation
576fd0a1 165* pcsys_other_devs:: Other Devices
debc7065
FB
166* direct_linux_boot:: Direct Linux Boot
167* pcsys_usb:: USB emulation
f858dcae 168* vnc_security:: VNC security
debc7065
FB
169* gdb_usage:: GDB usage
170* pcsys_os_specific:: Target OS specific information
171@end menu
172
173@node pcsys_introduction
0806e3f6
FB
174@section Introduction
175
176@c man begin DESCRIPTION
177
3f9f3aa1
FB
178The QEMU PC System emulator simulates the
179following peripherals:
0806e3f6
FB
180
181@itemize @minus
5fafdf24 182@item
15a34c63 183i440FX host PCI bridge and PIIX3 PCI to ISA bridge
0806e3f6 184@item
15a34c63
FB
185Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
186extensions (hardware level, including all non standard modes).
0806e3f6
FB
187@item
188PS/2 mouse and keyboard
5fafdf24 189@item
15a34c63 1902 PCI IDE interfaces with hard disk and CD-ROM support
1f673135
FB
191@item
192Floppy disk
5fafdf24 193@item
3a2eeac0 194PCI and ISA network adapters
0806e3f6 195@item
05d5818c
FB
196Serial ports
197@item
c0fe3827
FB
198Creative SoundBlaster 16 sound card
199@item
200ENSONIQ AudioPCI ES1370 sound card
201@item
e5c9a13e
AZ
202Intel 82801AA AC97 Audio compatible sound card
203@item
7d72e762
GH
204Intel HD Audio Controller and HDA codec
205@item
2d983446 206Adlib (OPL2) - Yamaha YM3812 compatible chip
b389dbfb 207@item
26463dbc
AZ
208Gravis Ultrasound GF1 sound card
209@item
cc53d26d 210CS4231A compatible sound card
211@item
b389dbfb 212PCI UHCI USB controller and a virtual USB hub.
0806e3f6
FB
213@end itemize
214
3f9f3aa1
FB
215SMP is supported with up to 255 CPUs.
216
1d1f8c33 217Note that adlib, gus and cs4231a are only available when QEMU was
218configured with --audio-card-list option containing the name(s) of
e5178e8d 219required card(s).
c0fe3827 220
15a34c63
FB
221QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
222VGA BIOS.
223
c0fe3827
FB
224QEMU uses YM3812 emulation by Tatsuyuki Satoh.
225
2d983446 226QEMU uses GUS emulation (GUSEMU32 @url{http://www.deinmeister.de/gusemu/})
26463dbc 227by Tibor "TS" Schütz.
423d65f4 228
1a1a0e20 229Note that, by default, GUS shares IRQ(7) with parallel ports and so
720036a5 230qemu must be told to not have parallel ports to have working GUS
231
232@example
233qemu dos.img -soundhw gus -parallel none
234@end example
235
236Alternatively:
237@example
238qemu dos.img -device gus,irq=5
239@end example
240
241Or some other unclaimed IRQ.
242
cc53d26d 243CS4231A is the chip used in Windows Sound System and GUSMAX products
244
0806e3f6
FB
245@c man end
246
debc7065 247@node pcsys_quickstart
1eb20527 248@section Quick Start
7544a042 249@cindex quick start
1eb20527 250
285dc330 251Download and uncompress the linux image (@file{linux.img}) and type:
0806e3f6
FB
252
253@example
285dc330 254qemu linux.img
0806e3f6
FB
255@end example
256
257Linux should boot and give you a prompt.
258
6cc721cf 259@node sec_invocation
ec410fc9
FB
260@section Invocation
261
262@example
0806e3f6 263@c man begin SYNOPSIS
89dfe898 264usage: qemu [options] [@var{disk_image}]
0806e3f6 265@c man end
ec410fc9
FB
266@end example
267
0806e3f6 268@c man begin OPTIONS
d2c639d6
BS
269@var{disk_image} is a raw hard disk image for IDE hard disk 0. Some
270targets do not need a disk image.
ec410fc9 271
5824d651 272@include qemu-options.texi
ec410fc9 273
3e11db9a
FB
274@c man end
275
debc7065 276@node pcsys_keys
3e11db9a
FB
277@section Keys
278
279@c man begin OPTIONS
280
de1db2a1
BH
281During the graphical emulation, you can use special key combinations to change
282modes. The default key mappings are shown below, but if you use @code{-alt-grab}
283then the modifier is Ctrl-Alt-Shift (instead of Ctrl-Alt) and if you use
284@code{-ctrl-grab} then the modifier is the right Ctrl key (instead of Ctrl-Alt):
285
a1b74fe8 286@table @key
f9859310 287@item Ctrl-Alt-f
7544a042 288@kindex Ctrl-Alt-f
a1b74fe8 289Toggle full screen
a0a821a4 290
d6a65ba3
JK
291@item Ctrl-Alt-+
292@kindex Ctrl-Alt-+
293Enlarge the screen
294
295@item Ctrl-Alt--
296@kindex Ctrl-Alt--
297Shrink the screen
298
c4a735f9 299@item Ctrl-Alt-u
7544a042 300@kindex Ctrl-Alt-u
c4a735f9 301Restore the screen's un-scaled dimensions
302
f9859310 303@item Ctrl-Alt-n
7544a042 304@kindex Ctrl-Alt-n
a0a821a4
FB
305Switch to virtual console 'n'. Standard console mappings are:
306@table @emph
307@item 1
308Target system display
309@item 2
310Monitor
311@item 3
312Serial port
a1b74fe8
FB
313@end table
314
f9859310 315@item Ctrl-Alt
7544a042 316@kindex Ctrl-Alt
a0a821a4
FB
317Toggle mouse and keyboard grab.
318@end table
319
7544a042
SW
320@kindex Ctrl-Up
321@kindex Ctrl-Down
322@kindex Ctrl-PageUp
323@kindex Ctrl-PageDown
3e11db9a
FB
324In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
325@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
326
7544a042 327@kindex Ctrl-a h
a0a821a4
FB
328During emulation, if you are using the @option{-nographic} option, use
329@key{Ctrl-a h} to get terminal commands:
ec410fc9
FB
330
331@table @key
a1b74fe8 332@item Ctrl-a h
7544a042 333@kindex Ctrl-a h
d2c639d6 334@item Ctrl-a ?
7544a042 335@kindex Ctrl-a ?
ec410fc9 336Print this help
3b46e624 337@item Ctrl-a x
7544a042 338@kindex Ctrl-a x
366dfc52 339Exit emulator
3b46e624 340@item Ctrl-a s
7544a042 341@kindex Ctrl-a s
1f47a922 342Save disk data back to file (if -snapshot)
20d8a3ed 343@item Ctrl-a t
7544a042 344@kindex Ctrl-a t
d2c639d6 345Toggle console timestamps
a1b74fe8 346@item Ctrl-a b
7544a042 347@kindex Ctrl-a b
1f673135 348Send break (magic sysrq in Linux)
a1b74fe8 349@item Ctrl-a c
7544a042 350@kindex Ctrl-a c
1f673135 351Switch between console and monitor
a1b74fe8 352@item Ctrl-a Ctrl-a
7544a042 353@kindex Ctrl-a a
a1b74fe8 354Send Ctrl-a
ec410fc9 355@end table
0806e3f6
FB
356@c man end
357
358@ignore
359
1f673135
FB
360@c man begin SEEALSO
361The HTML documentation of QEMU for more precise information and Linux
362user mode emulator invocation.
363@c man end
364
365@c man begin AUTHOR
366Fabrice Bellard
367@c man end
368
369@end ignore
370
debc7065 371@node pcsys_monitor
1f673135 372@section QEMU Monitor
7544a042 373@cindex QEMU monitor
1f673135
FB
374
375The QEMU monitor is used to give complex commands to the QEMU
376emulator. You can use it to:
377
378@itemize @minus
379
380@item
e598752a 381Remove or insert removable media images
89dfe898 382(such as CD-ROM or floppies).
1f673135 383
5fafdf24 384@item
1f673135
FB
385Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
386from a disk file.
387
388@item Inspect the VM state without an external debugger.
389
390@end itemize
391
392@subsection Commands
393
394The following commands are available:
395
2313086a 396@include qemu-monitor.texi
0806e3f6 397
1f673135
FB
398@subsection Integer expressions
399
400The monitor understands integers expressions for every integer
401argument. You can use register names to get the value of specifics
402CPU registers by prefixing them with @emph{$}.
ec410fc9 403
1f47a922
FB
404@node disk_images
405@section Disk Images
406
acd935ef
FB
407Since version 0.6.1, QEMU supports many disk image formats, including
408growable disk images (their size increase as non empty sectors are
13a2e80f
FB
409written), compressed and encrypted disk images. Version 0.8.3 added
410the new qcow2 disk image format which is essential to support VM
411snapshots.
1f47a922 412
debc7065
FB
413@menu
414* disk_images_quickstart:: Quick start for disk image creation
415* disk_images_snapshot_mode:: Snapshot mode
13a2e80f 416* vm_snapshots:: VM snapshots
debc7065 417* qemu_img_invocation:: qemu-img Invocation
975b092b 418* qemu_nbd_invocation:: qemu-nbd Invocation
19cb3738 419* host_drives:: Using host drives
debc7065 420* disk_images_fat_images:: Virtual FAT disk images
75818250 421* disk_images_nbd:: NBD access
42af9c30 422* disk_images_sheepdog:: Sheepdog disk images
00984e39 423* disk_images_iscsi:: iSCSI LUNs
debc7065
FB
424@end menu
425
426@node disk_images_quickstart
acd935ef
FB
427@subsection Quick start for disk image creation
428
429You can create a disk image with the command:
1f47a922 430@example
acd935ef 431qemu-img create myimage.img mysize
1f47a922 432@end example
acd935ef
FB
433where @var{myimage.img} is the disk image filename and @var{mysize} is its
434size in kilobytes. You can add an @code{M} suffix to give the size in
435megabytes and a @code{G} suffix for gigabytes.
436
debc7065 437See @ref{qemu_img_invocation} for more information.
1f47a922 438
debc7065 439@node disk_images_snapshot_mode
1f47a922
FB
440@subsection Snapshot mode
441
442If you use the option @option{-snapshot}, all disk images are
443considered as read only. When sectors in written, they are written in
444a temporary file created in @file{/tmp}. You can however force the
acd935ef
FB
445write back to the raw disk images by using the @code{commit} monitor
446command (or @key{C-a s} in the serial console).
1f47a922 447
13a2e80f
FB
448@node vm_snapshots
449@subsection VM snapshots
450
451VM snapshots are snapshots of the complete virtual machine including
452CPU state, RAM, device state and the content of all the writable
453disks. In order to use VM snapshots, you must have at least one non
454removable and writable block device using the @code{qcow2} disk image
455format. Normally this device is the first virtual hard drive.
456
457Use the monitor command @code{savevm} to create a new VM snapshot or
458replace an existing one. A human readable name can be assigned to each
19d36792 459snapshot in addition to its numerical ID.
13a2e80f
FB
460
461Use @code{loadvm} to restore a VM snapshot and @code{delvm} to remove
462a VM snapshot. @code{info snapshots} lists the available snapshots
463with their associated information:
464
465@example
466(qemu) info snapshots
467Snapshot devices: hda
468Snapshot list (from hda):
469ID TAG VM SIZE DATE VM CLOCK
4701 start 41M 2006-08-06 12:38:02 00:00:14.954
4712 40M 2006-08-06 12:43:29 00:00:18.633
4723 msys 40M 2006-08-06 12:44:04 00:00:23.514
473@end example
474
475A VM snapshot is made of a VM state info (its size is shown in
476@code{info snapshots}) and a snapshot of every writable disk image.
477The VM state info is stored in the first @code{qcow2} non removable
478and writable block device. The disk image snapshots are stored in
479every disk image. The size of a snapshot in a disk image is difficult
480to evaluate and is not shown by @code{info snapshots} because the
481associated disk sectors are shared among all the snapshots to save
19d36792
FB
482disk space (otherwise each snapshot would need a full copy of all the
483disk images).
13a2e80f
FB
484
485When using the (unrelated) @code{-snapshot} option
486(@ref{disk_images_snapshot_mode}), you can always make VM snapshots,
487but they are deleted as soon as you exit QEMU.
488
489VM snapshots currently have the following known limitations:
490@itemize
5fafdf24 491@item
13a2e80f
FB
492They cannot cope with removable devices if they are removed or
493inserted after a snapshot is done.
5fafdf24 494@item
13a2e80f
FB
495A few device drivers still have incomplete snapshot support so their
496state is not saved or restored properly (in particular USB).
497@end itemize
498
acd935ef
FB
499@node qemu_img_invocation
500@subsection @code{qemu-img} Invocation
1f47a922 501
acd935ef 502@include qemu-img.texi
05efe46e 503
975b092b
TS
504@node qemu_nbd_invocation
505@subsection @code{qemu-nbd} Invocation
506
507@include qemu-nbd.texi
508
19cb3738
FB
509@node host_drives
510@subsection Using host drives
511
512In addition to disk image files, QEMU can directly access host
513devices. We describe here the usage for QEMU version >= 0.8.3.
514
515@subsubsection Linux
516
517On Linux, you can directly use the host device filename instead of a
4be456f1 518disk image filename provided you have enough privileges to access
19cb3738
FB
519it. For example, use @file{/dev/cdrom} to access to the CDROM or
520@file{/dev/fd0} for the floppy.
521
f542086d 522@table @code
19cb3738
FB
523@item CD
524You can specify a CDROM device even if no CDROM is loaded. QEMU has
525specific code to detect CDROM insertion or removal. CDROM ejection by
526the guest OS is supported. Currently only data CDs are supported.
527@item Floppy
528You can specify a floppy device even if no floppy is loaded. Floppy
529removal is currently not detected accurately (if you change floppy
530without doing floppy access while the floppy is not loaded, the guest
531OS will think that the same floppy is loaded).
532@item Hard disks
533Hard disks can be used. Normally you must specify the whole disk
534(@file{/dev/hdb} instead of @file{/dev/hdb1}) so that the guest OS can
535see it as a partitioned disk. WARNING: unless you know what you do, it
536is better to only make READ-ONLY accesses to the hard disk otherwise
537you may corrupt your host data (use the @option{-snapshot} command
538line option or modify the device permissions accordingly).
539@end table
540
541@subsubsection Windows
542
01781963
FB
543@table @code
544@item CD
4be456f1 545The preferred syntax is the drive letter (e.g. @file{d:}). The
01781963
FB
546alternate syntax @file{\\.\d:} is supported. @file{/dev/cdrom} is
547supported as an alias to the first CDROM drive.
19cb3738 548
e598752a 549Currently there is no specific code to handle removable media, so it
19cb3738
FB
550is better to use the @code{change} or @code{eject} monitor commands to
551change or eject media.
01781963 552@item Hard disks
89dfe898 553Hard disks can be used with the syntax: @file{\\.\PhysicalDrive@var{N}}
01781963
FB
554where @var{N} is the drive number (0 is the first hard disk).
555
556WARNING: unless you know what you do, it is better to only make
557READ-ONLY accesses to the hard disk otherwise you may corrupt your
558host data (use the @option{-snapshot} command line so that the
559modifications are written in a temporary file).
560@end table
561
19cb3738
FB
562
563@subsubsection Mac OS X
564
5fafdf24 565@file{/dev/cdrom} is an alias to the first CDROM.
19cb3738 566
e598752a 567Currently there is no specific code to handle removable media, so it
19cb3738
FB
568is better to use the @code{change} or @code{eject} monitor commands to
569change or eject media.
570
debc7065 571@node disk_images_fat_images
2c6cadd4
FB
572@subsection Virtual FAT disk images
573
574QEMU can automatically create a virtual FAT disk image from a
575directory tree. In order to use it, just type:
576
5fafdf24 577@example
2c6cadd4
FB
578qemu linux.img -hdb fat:/my_directory
579@end example
580
581Then you access access to all the files in the @file{/my_directory}
582directory without having to copy them in a disk image or to export
583them via SAMBA or NFS. The default access is @emph{read-only}.
584
585Floppies can be emulated with the @code{:floppy:} option:
586
5fafdf24 587@example
2c6cadd4
FB
588qemu linux.img -fda fat:floppy:/my_directory
589@end example
590
591A read/write support is available for testing (beta stage) with the
592@code{:rw:} option:
593
5fafdf24 594@example
2c6cadd4
FB
595qemu linux.img -fda fat:floppy:rw:/my_directory
596@end example
597
598What you should @emph{never} do:
599@itemize
600@item use non-ASCII filenames ;
601@item use "-snapshot" together with ":rw:" ;
85b2c688
FB
602@item expect it to work when loadvm'ing ;
603@item write to the FAT directory on the host system while accessing it with the guest system.
2c6cadd4
FB
604@end itemize
605
75818250
TS
606@node disk_images_nbd
607@subsection NBD access
608
609QEMU can access directly to block device exported using the Network Block Device
610protocol.
611
612@example
613qemu linux.img -hdb nbd:my_nbd_server.mydomain.org:1024
614@end example
615
616If the NBD server is located on the same host, you can use an unix socket instead
617of an inet socket:
618
619@example
620qemu linux.img -hdb nbd:unix:/tmp/my_socket
621@end example
622
623In this case, the block device must be exported using qemu-nbd:
624
625@example
626qemu-nbd --socket=/tmp/my_socket my_disk.qcow2
627@end example
628
629The use of qemu-nbd allows to share a disk between several guests:
630@example
631qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2
632@end example
633
634and then you can use it with two guests:
635@example
636qemu linux1.img -hdb nbd:unix:/tmp/my_socket
637qemu linux2.img -hdb nbd:unix:/tmp/my_socket
638@end example
639
1d45f8b5
LV
640If the nbd-server uses named exports (since NBD 2.9.18), you must use the
641"exportname" option:
642@example
643qemu -cdrom nbd:localhost:exportname=debian-500-ppc-netinst
644qemu -cdrom nbd:localhost:exportname=openSUSE-11.1-ppc-netinst
645@end example
646
42af9c30
MK
647@node disk_images_sheepdog
648@subsection Sheepdog disk images
649
650Sheepdog is a distributed storage system for QEMU. It provides highly
651available block level storage volumes that can be attached to
652QEMU-based virtual machines.
653
654You can create a Sheepdog disk image with the command:
655@example
656qemu-img create sheepdog:@var{image} @var{size}
657@end example
658where @var{image} is the Sheepdog image name and @var{size} is its
659size.
660
661To import the existing @var{filename} to Sheepdog, you can use a
662convert command.
663@example
664qemu-img convert @var{filename} sheepdog:@var{image}
665@end example
666
667You can boot from the Sheepdog disk image with the command:
668@example
669qemu sheepdog:@var{image}
670@end example
671
672You can also create a snapshot of the Sheepdog image like qcow2.
673@example
674qemu-img snapshot -c @var{tag} sheepdog:@var{image}
675@end example
676where @var{tag} is a tag name of the newly created snapshot.
677
678To boot from the Sheepdog snapshot, specify the tag name of the
679snapshot.
680@example
681qemu sheepdog:@var{image}:@var{tag}
682@end example
683
684You can create a cloned image from the existing snapshot.
685@example
686qemu-img create -b sheepdog:@var{base}:@var{tag} sheepdog:@var{image}
687@end example
688where @var{base} is a image name of the source snapshot and @var{tag}
689is its tag name.
690
691If the Sheepdog daemon doesn't run on the local host, you need to
692specify one of the Sheepdog servers to connect to.
693@example
694qemu-img create sheepdog:@var{hostname}:@var{port}:@var{image} @var{size}
695qemu sheepdog:@var{hostname}:@var{port}:@var{image}
696@end example
697
00984e39
RS
698@node disk_images_iscsi
699@subsection iSCSI LUNs
700
701iSCSI is a popular protocol used to access SCSI devices across a computer
702network.
703
704There are two different ways iSCSI devices can be used by QEMU.
705
706The first method is to mount the iSCSI LUN on the host, and make it appear as
707any other ordinary SCSI device on the host and then to access this device as a
708/dev/sd device from QEMU. How to do this differs between host OSes.
709
710The second method involves using the iSCSI initiator that is built into
711QEMU. This provides a mechanism that works the same way regardless of which
712host OS you are running QEMU on. This section will describe this second method
713of using iSCSI together with QEMU.
714
715In QEMU, iSCSI devices are described using special iSCSI URLs
716
717@example
718URL syntax:
719iscsi://[<username>[%<password>]@@]<host>[:<port>]/<target-iqn-name>/<lun>
720@end example
721
722Username and password are optional and only used if your target is set up
723using CHAP authentication for access control.
724Alternatively the username and password can also be set via environment
725variables to have these not show up in the process list
726
727@example
728export LIBISCSI_CHAP_USERNAME=<username>
729export LIBISCSI_CHAP_PASSWORD=<password>
730iscsi://<host>/<target-iqn-name>/<lun>
731@end example
732
733Howto set up a simple iSCSI target on loopback and accessing it via QEMU:
734@example
735This example shows how to set up an iSCSI target with one CDROM and one DISK
736using the Linux STGT software target. This target is available on Red Hat based
737systems as the package 'scsi-target-utils'.
738
739tgtd --iscsi portal=127.0.0.1:3260
740tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.qemu.test
741tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 \
742 -b /IMAGES/disk.img --device-type=disk
743tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 \
744 -b /IMAGES/cd.iso --device-type=cd
745tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL
746
747qemu-system-i386 -boot d -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
748 -cdrom iscsi://127.0.0.1/iqn.qemu.test/2
749@end example
750
751
752
debc7065 753@node pcsys_network
9d4fb82e
FB
754@section Network emulation
755
4be456f1 756QEMU can simulate several network cards (PCI or ISA cards on the PC
41d03949
FB
757target) and can connect them to an arbitrary number of Virtual Local
758Area Networks (VLANs). Host TAP devices can be connected to any QEMU
759VLAN. VLAN can be connected between separate instances of QEMU to
4be456f1 760simulate large networks. For simpler usage, a non privileged user mode
41d03949
FB
761network stack can replace the TAP device to have a basic network
762connection.
763
764@subsection VLANs
9d4fb82e 765
41d03949
FB
766QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
767connection between several network devices. These devices can be for
768example QEMU virtual Ethernet cards or virtual Host ethernet devices
769(TAP devices).
9d4fb82e 770
41d03949
FB
771@subsection Using TAP network interfaces
772
773This is the standard way to connect QEMU to a real network. QEMU adds
774a virtual network device on your host (called @code{tapN}), and you
775can then configure it as if it was a real ethernet card.
9d4fb82e 776
8f40c388
FB
777@subsubsection Linux host
778
9d4fb82e
FB
779As an example, you can download the @file{linux-test-xxx.tar.gz}
780archive and copy the script @file{qemu-ifup} in @file{/etc} and
781configure properly @code{sudo} so that the command @code{ifconfig}
782contained in @file{qemu-ifup} can be executed as root. You must verify
41d03949 783that your host kernel supports the TAP network interfaces: the
9d4fb82e
FB
784device @file{/dev/net/tun} must be present.
785
ee0f4751
FB
786See @ref{sec_invocation} to have examples of command lines using the
787TAP network interfaces.
9d4fb82e 788
8f40c388
FB
789@subsubsection Windows host
790
791There is a virtual ethernet driver for Windows 2000/XP systems, called
792TAP-Win32. But it is not included in standard QEMU for Windows,
793so you will need to get it separately. It is part of OpenVPN package,
794so download OpenVPN from : @url{http://openvpn.net/}.
795
9d4fb82e
FB
796@subsection Using the user mode network stack
797
41d03949
FB
798By using the option @option{-net user} (default configuration if no
799@option{-net} option is specified), QEMU uses a completely user mode
4be456f1 800network stack (you don't need root privilege to use the virtual
41d03949 801network). The virtual network configuration is the following:
9d4fb82e
FB
802
803@example
804
41d03949
FB
805 QEMU VLAN <------> Firewall/DHCP server <-----> Internet
806 | (10.0.2.2)
9d4fb82e 807 |
2518bd0d 808 ----> DNS server (10.0.2.3)
3b46e624 809 |
2518bd0d 810 ----> SMB server (10.0.2.4)
9d4fb82e
FB
811@end example
812
813The QEMU VM behaves as if it was behind a firewall which blocks all
814incoming connections. You can use a DHCP client to automatically
41d03949
FB
815configure the network in the QEMU VM. The DHCP server assign addresses
816to the hosts starting from 10.0.2.15.
9d4fb82e
FB
817
818In order to check that the user mode network is working, you can ping
819the address 10.0.2.2 and verify that you got an address in the range
82010.0.2.x from the QEMU virtual DHCP server.
821
b415a407 822Note that @code{ping} is not supported reliably to the internet as it
4be456f1 823would require root privileges. It means you can only ping the local
b415a407
FB
824router (10.0.2.2).
825
9bf05444
FB
826When using the built-in TFTP server, the router is also the TFTP
827server.
828
829When using the @option{-redir} option, TCP or UDP connections can be
830redirected from the host to the guest. It allows for example to
831redirect X11, telnet or SSH connections.
443f1376 832
41d03949
FB
833@subsection Connecting VLANs between QEMU instances
834
835Using the @option{-net socket} option, it is possible to make VLANs
836that span several QEMU instances. See @ref{sec_invocation} to have a
837basic example.
838
576fd0a1 839@node pcsys_other_devs
6cbf4c8c
CM
840@section Other Devices
841
842@subsection Inter-VM Shared Memory device
843
844With KVM enabled on a Linux host, a shared memory device is available. Guests
845map a POSIX shared memory region into the guest as a PCI device that enables
846zero-copy communication to the application level of the guests. The basic
847syntax is:
848
849@example
850qemu -device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
851@end example
852
853If desired, interrupts can be sent between guest VMs accessing the same shared
854memory region. Interrupt support requires using a shared memory server and
855using a chardev socket to connect to it. The code for the shared memory server
856is qemu.git/contrib/ivshmem-server. An example syntax when using the shared
857memory server is:
858
859@example
860qemu -device ivshmem,size=<size in format accepted by -m>[,chardev=<id>]
861 [,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
862qemu -chardev socket,path=<path>,id=<id>
863@end example
864
865When using the server, the guest will be assigned a VM ID (>=0) that allows guests
866using the same server to communicate via interrupts. Guests can read their
867VM ID from a device register (see example code). Since receiving the shared
868memory region from the server is asynchronous, there is a (small) chance the
869guest may boot before the shared memory is attached. To allow an application
870to ensure shared memory is attached, the VM ID register will return -1 (an
871invalid VM ID) until the memory is attached. Once the shared memory is
872attached, the VM ID will return the guest's valid VM ID. With these semantics,
873the guest application can check to ensure the shared memory is attached to the
874guest before proceeding.
875
876The @option{role} argument can be set to either master or peer and will affect
877how the shared memory is migrated. With @option{role=master}, the guest will
878copy the shared memory on migration to the destination host. With
879@option{role=peer}, the guest will not be able to migrate with the device attached.
880With the @option{peer} case, the device should be detached and then reattached
881after migration using the PCI hotplug support.
882
9d4fb82e
FB
883@node direct_linux_boot
884@section Direct Linux Boot
1f673135
FB
885
886This section explains how to launch a Linux kernel inside QEMU without
887having to make a full bootable image. It is very useful for fast Linux
ee0f4751 888kernel testing.
1f673135 889
ee0f4751 890The syntax is:
1f673135 891@example
ee0f4751 892qemu -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
1f673135
FB
893@end example
894
ee0f4751
FB
895Use @option{-kernel} to provide the Linux kernel image and
896@option{-append} to give the kernel command line arguments. The
897@option{-initrd} option can be used to provide an INITRD image.
1f673135 898
ee0f4751
FB
899When using the direct Linux boot, a disk image for the first hard disk
900@file{hda} is required because its boot sector is used to launch the
901Linux kernel.
1f673135 902
ee0f4751
FB
903If you do not need graphical output, you can disable it and redirect
904the virtual serial port and the QEMU monitor to the console with the
905@option{-nographic} option. The typical command line is:
1f673135 906@example
ee0f4751
FB
907qemu -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
908 -append "root=/dev/hda console=ttyS0" -nographic
1f673135
FB
909@end example
910
ee0f4751
FB
911Use @key{Ctrl-a c} to switch between the serial console and the
912monitor (@pxref{pcsys_keys}).
1f673135 913
debc7065 914@node pcsys_usb
b389dbfb
FB
915@section USB emulation
916
0aff66b5
PB
917QEMU emulates a PCI UHCI USB controller. You can virtually plug
918virtual USB devices or real host USB devices (experimental, works only
919on Linux hosts). Qemu will automatically create and connect virtual USB hubs
f542086d 920as necessary to connect multiple USB devices.
b389dbfb 921
0aff66b5
PB
922@menu
923* usb_devices::
924* host_usb_devices::
925@end menu
926@node usb_devices
927@subsection Connecting USB devices
b389dbfb 928
0aff66b5
PB
929USB devices can be connected with the @option{-usbdevice} commandline option
930or the @code{usb_add} monitor command. Available devices are:
b389dbfb 931
db380c06
AZ
932@table @code
933@item mouse
0aff66b5 934Virtual Mouse. This will override the PS/2 mouse emulation when activated.
db380c06 935@item tablet
c6d46c20 936Pointer device that uses absolute coordinates (like a touchscreen).
0aff66b5
PB
937This means qemu is able to report the mouse position without having
938to grab the mouse. Also overrides the PS/2 mouse emulation when activated.
db380c06 939@item disk:@var{file}
0aff66b5 940Mass storage device based on @var{file} (@pxref{disk_images})
db380c06 941@item host:@var{bus.addr}
0aff66b5
PB
942Pass through the host device identified by @var{bus.addr}
943(Linux only)
db380c06 944@item host:@var{vendor_id:product_id}
0aff66b5
PB
945Pass through the host device identified by @var{vendor_id:product_id}
946(Linux only)
db380c06 947@item wacom-tablet
f6d2a316
AZ
948Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet}
949above but it can be used with the tslib library because in addition to touch
950coordinates it reports touch pressure.
db380c06 951@item keyboard
47b2d338 952Standard USB keyboard. Will override the PS/2 keyboard (if present).
db380c06
AZ
953@item serial:[vendorid=@var{vendor_id}][,product_id=@var{product_id}]:@var{dev}
954Serial converter. This emulates an FTDI FT232BM chip connected to host character
955device @var{dev}. The available character devices are the same as for the
956@code{-serial} option. The @code{vendorid} and @code{productid} options can be
0d6753e5 957used to override the default 0403:6001. For instance,
db380c06
AZ
958@example
959usb_add serial:productid=FA00:tcp:192.168.0.2:4444
960@end example
961will connect to tcp port 4444 of ip 192.168.0.2, and plug that to the virtual
962serial converter, faking a Matrix Orbital LCD Display (USB ID 0403:FA00).
2e4d9fb1
AJ
963@item braille
964Braille device. This will use BrlAPI to display the braille output on a real
965or fake device.
9ad97e65
AZ
966@item net:@var{options}
967Network adapter that supports CDC ethernet and RNDIS protocols. @var{options}
968specifies NIC options as with @code{-net nic,}@var{options} (see description).
969For instance, user-mode networking can be used with
6c9f886c 970@example
9ad97e65 971qemu [...OPTIONS...] -net user,vlan=0 -usbdevice net:vlan=0
6c9f886c
AZ
972@end example
973Currently this cannot be used in machines that support PCI NICs.
2d564691
AZ
974@item bt[:@var{hci-type}]
975Bluetooth dongle whose type is specified in the same format as with
976the @option{-bt hci} option, @pxref{bt-hcis,,allowed HCI types}. If
977no type is given, the HCI logic corresponds to @code{-bt hci,vlan=0}.
978This USB device implements the USB Transport Layer of HCI. Example
979usage:
980@example
981qemu [...OPTIONS...] -usbdevice bt:hci,vlan=3 -bt device:keyboard,vlan=3
982@end example
0aff66b5 983@end table
b389dbfb 984
0aff66b5 985@node host_usb_devices
b389dbfb
FB
986@subsection Using host USB devices on a Linux host
987
988WARNING: this is an experimental feature. QEMU will slow down when
989using it. USB devices requiring real time streaming (i.e. USB Video
990Cameras) are not supported yet.
991
992@enumerate
5fafdf24 993@item If you use an early Linux 2.4 kernel, verify that no Linux driver
b389dbfb
FB
994is actually using the USB device. A simple way to do that is simply to
995disable the corresponding kernel module by renaming it from @file{mydriver.o}
996to @file{mydriver.o.disabled}.
997
998@item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
999@example
1000ls /proc/bus/usb
1001001 devices drivers
1002@end example
1003
1004@item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
1005@example
1006chown -R myuid /proc/bus/usb
1007@end example
1008
1009@item Launch QEMU and do in the monitor:
5fafdf24 1010@example
b389dbfb
FB
1011info usbhost
1012 Device 1.2, speed 480 Mb/s
1013 Class 00: USB device 1234:5678, USB DISK
1014@end example
1015You should see the list of the devices you can use (Never try to use
1016hubs, it won't work).
1017
1018@item Add the device in QEMU by using:
5fafdf24 1019@example
b389dbfb
FB
1020usb_add host:1234:5678
1021@end example
1022
1023Normally the guest OS should report that a new USB device is
1024plugged. You can use the option @option{-usbdevice} to do the same.
1025
1026@item Now you can try to use the host USB device in QEMU.
1027
1028@end enumerate
1029
1030When relaunching QEMU, you may have to unplug and plug again the USB
1031device to make it work again (this is a bug).
1032
f858dcae
TS
1033@node vnc_security
1034@section VNC security
1035
1036The VNC server capability provides access to the graphical console
1037of the guest VM across the network. This has a number of security
1038considerations depending on the deployment scenarios.
1039
1040@menu
1041* vnc_sec_none::
1042* vnc_sec_password::
1043* vnc_sec_certificate::
1044* vnc_sec_certificate_verify::
1045* vnc_sec_certificate_pw::
2f9606b3
AL
1046* vnc_sec_sasl::
1047* vnc_sec_certificate_sasl::
f858dcae 1048* vnc_generate_cert::
2f9606b3 1049* vnc_setup_sasl::
f858dcae
TS
1050@end menu
1051@node vnc_sec_none
1052@subsection Without passwords
1053
1054The simplest VNC server setup does not include any form of authentication.
1055For this setup it is recommended to restrict it to listen on a UNIX domain
1056socket only. For example
1057
1058@example
1059qemu [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
1060@end example
1061
1062This ensures that only users on local box with read/write access to that
1063path can access the VNC server. To securely access the VNC server from a
1064remote machine, a combination of netcat+ssh can be used to provide a secure
1065tunnel.
1066
1067@node vnc_sec_password
1068@subsection With passwords
1069
1070The VNC protocol has limited support for password based authentication. Since
1071the protocol limits passwords to 8 characters it should not be considered
1072to provide high security. The password can be fairly easily brute-forced by
1073a client making repeat connections. For this reason, a VNC server using password
1074authentication should be restricted to only listen on the loopback interface
34a3d239 1075or UNIX domain sockets. Password authentication is requested with the @code{password}
f858dcae
TS
1076option, and then once QEMU is running the password is set with the monitor. Until
1077the monitor is used to set the password all clients will be rejected.
1078
1079@example
1080qemu [...OPTIONS...] -vnc :1,password -monitor stdio
1081(qemu) change vnc password
1082Password: ********
1083(qemu)
1084@end example
1085
1086@node vnc_sec_certificate
1087@subsection With x509 certificates
1088
1089The QEMU VNC server also implements the VeNCrypt extension allowing use of
1090TLS for encryption of the session, and x509 certificates for authentication.
1091The use of x509 certificates is strongly recommended, because TLS on its
1092own is susceptible to man-in-the-middle attacks. Basic x509 certificate
1093support provides a secure session, but no authentication. This allows any
1094client to connect, and provides an encrypted session.
1095
1096@example
1097qemu [...OPTIONS...] -vnc :1,tls,x509=/etc/pki/qemu -monitor stdio
1098@end example
1099
1100In the above example @code{/etc/pki/qemu} should contain at least three files,
1101@code{ca-cert.pem}, @code{server-cert.pem} and @code{server-key.pem}. Unprivileged
1102users will want to use a private directory, for example @code{$HOME/.pki/qemu}.
1103NB the @code{server-key.pem} file should be protected with file mode 0600 to
1104only be readable by the user owning it.
1105
1106@node vnc_sec_certificate_verify
1107@subsection With x509 certificates and client verification
1108
1109Certificates can also provide a means to authenticate the client connecting.
1110The server will request that the client provide a certificate, which it will
1111then validate against the CA certificate. This is a good choice if deploying
1112in an environment with a private internal certificate authority.
1113
1114@example
1115qemu [...OPTIONS...] -vnc :1,tls,x509verify=/etc/pki/qemu -monitor stdio
1116@end example
1117
1118
1119@node vnc_sec_certificate_pw
1120@subsection With x509 certificates, client verification and passwords
1121
1122Finally, the previous method can be combined with VNC password authentication
1123to provide two layers of authentication for clients.
1124
1125@example
1126qemu [...OPTIONS...] -vnc :1,password,tls,x509verify=/etc/pki/qemu -monitor stdio
1127(qemu) change vnc password
1128Password: ********
1129(qemu)
1130@end example
1131
2f9606b3
AL
1132
1133@node vnc_sec_sasl
1134@subsection With SASL authentication
1135
1136The SASL authentication method is a VNC extension, that provides an
1137easily extendable, pluggable authentication method. This allows for
1138integration with a wide range of authentication mechanisms, such as
1139PAM, GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more.
1140The strength of the authentication depends on the exact mechanism
1141configured. If the chosen mechanism also provides a SSF layer, then
1142it will encrypt the datastream as well.
1143
1144Refer to the later docs on how to choose the exact SASL mechanism
1145used for authentication, but assuming use of one supporting SSF,
1146then QEMU can be launched with:
1147
1148@example
1149qemu [...OPTIONS...] -vnc :1,sasl -monitor stdio
1150@end example
1151
1152@node vnc_sec_certificate_sasl
1153@subsection With x509 certificates and SASL authentication
1154
1155If the desired SASL authentication mechanism does not supported
1156SSF layers, then it is strongly advised to run it in combination
1157with TLS and x509 certificates. This provides securely encrypted
1158data stream, avoiding risk of compromising of the security
1159credentials. This can be enabled, by combining the 'sasl' option
1160with the aforementioned TLS + x509 options:
1161
1162@example
1163qemu [...OPTIONS...] -vnc :1,tls,x509,sasl -monitor stdio
1164@end example
1165
1166
f858dcae
TS
1167@node vnc_generate_cert
1168@subsection Generating certificates for VNC
1169
1170The GNU TLS packages provides a command called @code{certtool} which can
1171be used to generate certificates and keys in PEM format. At a minimum it
40c5c6cd 1172is necessary to setup a certificate authority, and issue certificates to
f858dcae
TS
1173each server. If using certificates for authentication, then each client
1174will also need to be issued a certificate. The recommendation is for the
1175server to keep its certificates in either @code{/etc/pki/qemu} or for
1176unprivileged users in @code{$HOME/.pki/qemu}.
1177
1178@menu
1179* vnc_generate_ca::
1180* vnc_generate_server::
1181* vnc_generate_client::
1182@end menu
1183@node vnc_generate_ca
1184@subsubsection Setup the Certificate Authority
1185
1186This step only needs to be performed once per organization / organizational
1187unit. First the CA needs a private key. This key must be kept VERY secret
1188and secure. If this key is compromised the entire trust chain of the certificates
1189issued with it is lost.
1190
1191@example
1192# certtool --generate-privkey > ca-key.pem
1193@end example
1194
1195A CA needs to have a public certificate. For simplicity it can be a self-signed
1196certificate, or one issue by a commercial certificate issuing authority. To
1197generate a self-signed certificate requires one core piece of information, the
1198name of the organization.
1199
1200@example
1201# cat > ca.info <<EOF
1202cn = Name of your organization
1203ca
1204cert_signing_key
1205EOF
1206# certtool --generate-self-signed \
1207 --load-privkey ca-key.pem
1208 --template ca.info \
1209 --outfile ca-cert.pem
1210@end example
1211
1212The @code{ca-cert.pem} file should be copied to all servers and clients wishing to utilize
1213TLS support in the VNC server. The @code{ca-key.pem} must not be disclosed/copied at all.
1214
1215@node vnc_generate_server
1216@subsubsection Issuing server certificates
1217
1218Each server (or host) needs to be issued with a key and certificate. When connecting
1219the certificate is sent to the client which validates it against the CA certificate.
1220The core piece of information for a server certificate is the hostname. This should
1221be the fully qualified hostname that the client will connect with, since the client
1222will typically also verify the hostname in the certificate. On the host holding the
1223secure CA private key:
1224
1225@example
1226# cat > server.info <<EOF
1227organization = Name of your organization
1228cn = server.foo.example.com
1229tls_www_server
1230encryption_key
1231signing_key
1232EOF
1233# certtool --generate-privkey > server-key.pem
1234# certtool --generate-certificate \
1235 --load-ca-certificate ca-cert.pem \
1236 --load-ca-privkey ca-key.pem \
1237 --load-privkey server server-key.pem \
1238 --template server.info \
1239 --outfile server-cert.pem
1240@end example
1241
1242The @code{server-key.pem} and @code{server-cert.pem} files should now be securely copied
1243to the server for which they were generated. The @code{server-key.pem} is security
1244sensitive and should be kept protected with file mode 0600 to prevent disclosure.
1245
1246@node vnc_generate_client
1247@subsubsection Issuing client certificates
1248
1249If the QEMU VNC server is to use the @code{x509verify} option to validate client
1250certificates as its authentication mechanism, each client also needs to be issued
1251a certificate. The client certificate contains enough metadata to uniquely identify
1252the client, typically organization, state, city, building, etc. On the host holding
1253the secure CA private key:
1254
1255@example
1256# cat > client.info <<EOF
1257country = GB
1258state = London
1259locality = London
1260organiazation = Name of your organization
1261cn = client.foo.example.com
1262tls_www_client
1263encryption_key
1264signing_key
1265EOF
1266# certtool --generate-privkey > client-key.pem
1267# certtool --generate-certificate \
1268 --load-ca-certificate ca-cert.pem \
1269 --load-ca-privkey ca-key.pem \
1270 --load-privkey client-key.pem \
1271 --template client.info \
1272 --outfile client-cert.pem
1273@end example
1274
1275The @code{client-key.pem} and @code{client-cert.pem} files should now be securely
1276copied to the client for which they were generated.
1277
2f9606b3
AL
1278
1279@node vnc_setup_sasl
1280
1281@subsection Configuring SASL mechanisms
1282
1283The following documentation assumes use of the Cyrus SASL implementation on a
1284Linux host, but the principals should apply to any other SASL impl. When SASL
1285is enabled, the mechanism configuration will be loaded from system default
1286SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
1287unprivileged user, an environment variable SASL_CONF_PATH can be used
1288to make it search alternate locations for the service config.
1289
1290The default configuration might contain
1291
1292@example
1293mech_list: digest-md5
1294sasldb_path: /etc/qemu/passwd.db
1295@end example
1296
1297This says to use the 'Digest MD5' mechanism, which is similar to the HTTP
1298Digest-MD5 mechanism. The list of valid usernames & passwords is maintained
1299in the /etc/qemu/passwd.db file, and can be updated using the saslpasswd2
1300command. While this mechanism is easy to configure and use, it is not
1301considered secure by modern standards, so only suitable for developers /
1302ad-hoc testing.
1303
1304A more serious deployment might use Kerberos, which is done with the 'gssapi'
1305mechanism
1306
1307@example
1308mech_list: gssapi
1309keytab: /etc/qemu/krb5.tab
1310@end example
1311
1312For this to work the administrator of your KDC must generate a Kerberos
1313principal for the server, with a name of 'qemu/somehost.example.com@@EXAMPLE.COM'
1314replacing 'somehost.example.com' with the fully qualified host name of the
40c5c6cd 1315machine running QEMU, and 'EXAMPLE.COM' with the Kerberos Realm.
2f9606b3
AL
1316
1317Other configurations will be left as an exercise for the reader. It should
1318be noted that only Digest-MD5 and GSSAPI provides a SSF layer for data
1319encryption. For all other mechanisms, VNC should always be configured to
1320use TLS and x509 certificates to protect security credentials from snooping.
1321
0806e3f6 1322@node gdb_usage
da415d54
FB
1323@section GDB usage
1324
1325QEMU has a primitive support to work with gdb, so that you can do
0806e3f6 1326'Ctrl-C' while the virtual machine is running and inspect its state.
da415d54 1327
9d4520d0 1328In order to use gdb, launch qemu with the '-s' option. It will wait for a
da415d54
FB
1329gdb connection:
1330@example
debc7065
FB
1331> qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
1332 -append "root=/dev/hda"
da415d54
FB
1333Connected to host network interface: tun0
1334Waiting gdb connection on port 1234
1335@end example
1336
1337Then launch gdb on the 'vmlinux' executable:
1338@example
1339> gdb vmlinux
1340@end example
1341
1342In gdb, connect to QEMU:
1343@example
6c9bf893 1344(gdb) target remote localhost:1234
da415d54
FB
1345@end example
1346
1347Then you can use gdb normally. For example, type 'c' to launch the kernel:
1348@example
1349(gdb) c
1350@end example
1351
0806e3f6
FB
1352Here are some useful tips in order to use gdb on system code:
1353
1354@enumerate
1355@item
1356Use @code{info reg} to display all the CPU registers.
1357@item
1358Use @code{x/10i $eip} to display the code at the PC position.
1359@item
1360Use @code{set architecture i8086} to dump 16 bit code. Then use
294e8637 1361@code{x/10i $cs*16+$eip} to dump the code at the PC position.
0806e3f6
FB
1362@end enumerate
1363
60897d36
EI
1364Advanced debugging options:
1365
1366The default single stepping behavior is step with the IRQs and timer service routines off. It is set this way because when gdb executes a single step it expects to advance beyond the current instruction. With the IRQs and and timer service routines on, a single step might jump into the one of the interrupt or exception vectors instead of executing the current instruction. This means you may hit the same breakpoint a number of times before executing the instruction gdb wants to have executed. Because there are rare circumstances where you want to single step into an interrupt vector the behavior can be controlled from GDB. There are three commands you can query and set the single step behavior:
94d45e44 1367@table @code
60897d36
EI
1368@item maintenance packet qqemu.sstepbits
1369
1370This will display the MASK bits used to control the single stepping IE:
1371@example
1372(gdb) maintenance packet qqemu.sstepbits
1373sending: "qqemu.sstepbits"
1374received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
1375@end example
1376@item maintenance packet qqemu.sstep
1377
1378This will display the current value of the mask used when single stepping IE:
1379@example
1380(gdb) maintenance packet qqemu.sstep
1381sending: "qqemu.sstep"
1382received: "0x7"
1383@end example
1384@item maintenance packet Qqemu.sstep=HEX_VALUE
1385
1386This will change the single step mask, so if wanted to enable IRQs on the single step, but not timers, you would use:
1387@example
1388(gdb) maintenance packet Qqemu.sstep=0x5
1389sending: "qemu.sstep=0x5"
1390received: "OK"
1391@end example
94d45e44 1392@end table
60897d36 1393
debc7065 1394@node pcsys_os_specific
1a084f3d
FB
1395@section Target OS specific information
1396
1397@subsection Linux
1398
15a34c63
FB
1399To have access to SVGA graphic modes under X11, use the @code{vesa} or
1400the @code{cirrus} X11 driver. For optimal performances, use 16 bit
1401color depth in the guest and the host OS.
1a084f3d 1402
e3371e62
FB
1403When using a 2.6 guest Linux kernel, you should add the option
1404@code{clock=pit} on the kernel command line because the 2.6 Linux
1405kernels make very strict real time clock checks by default that QEMU
1406cannot simulate exactly.
1407
7c3fc84d
FB
1408When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
1409not activated because QEMU is slower with this patch. The QEMU
1410Accelerator Module is also much slower in this case. Earlier Fedora
4be456f1 1411Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporate this
7c3fc84d
FB
1412patch by default. Newer kernels don't have it.
1413
1a084f3d
FB
1414@subsection Windows
1415
1416If you have a slow host, using Windows 95 is better as it gives the
1417best speed. Windows 2000 is also a good choice.
1418
e3371e62
FB
1419@subsubsection SVGA graphic modes support
1420
1421QEMU emulates a Cirrus Logic GD5446 Video
15a34c63
FB
1422card. All Windows versions starting from Windows 95 should recognize
1423and use this graphic card. For optimal performances, use 16 bit color
1424depth in the guest and the host OS.
1a084f3d 1425
3cb0853a
FB
1426If you are using Windows XP as guest OS and if you want to use high
1427resolution modes which the Cirrus Logic BIOS does not support (i.e. >=
14281280x1024x16), then you should use the VESA VBE virtual graphic card
1429(option @option{-std-vga}).
1430
e3371e62
FB
1431@subsubsection CPU usage reduction
1432
1433Windows 9x does not correctly use the CPU HLT
15a34c63
FB
1434instruction. The result is that it takes host CPU cycles even when
1435idle. You can install the utility from
1436@url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this
1437problem. Note that no such tool is needed for NT, 2000 or XP.
1a084f3d 1438
9d0a8e6f 1439@subsubsection Windows 2000 disk full problem
e3371e62 1440
9d0a8e6f
FB
1441Windows 2000 has a bug which gives a disk full problem during its
1442installation. When installing it, use the @option{-win2k-hack} QEMU
1443option to enable a specific workaround. After Windows 2000 is
1444installed, you no longer need this option (this option slows down the
1445IDE transfers).
e3371e62 1446
6cc721cf
FB
1447@subsubsection Windows 2000 shutdown
1448
1449Windows 2000 cannot automatically shutdown in QEMU although Windows 98
1450can. It comes from the fact that Windows 2000 does not automatically
1451use the APM driver provided by the BIOS.
1452
1453In order to correct that, do the following (thanks to Struan
1454Bartlett): go to the Control Panel => Add/Remove Hardware & Next =>
1455Add/Troubleshoot a device => Add a new device & Next => No, select the
1456hardware from a list & Next => NT Apm/Legacy Support & Next => Next
1457(again) a few times. Now the driver is installed and Windows 2000 now
5fafdf24 1458correctly instructs QEMU to shutdown at the appropriate moment.
6cc721cf
FB
1459
1460@subsubsection Share a directory between Unix and Windows
1461
1462See @ref{sec_invocation} about the help of the option @option{-smb}.
1463
2192c332 1464@subsubsection Windows XP security problem
e3371e62
FB
1465
1466Some releases of Windows XP install correctly but give a security
1467error when booting:
1468@example
1469A problem is preventing Windows from accurately checking the
1470license for this computer. Error code: 0x800703e6.
1471@end example
e3371e62 1472
2192c332
FB
1473The workaround is to install a service pack for XP after a boot in safe
1474mode. Then reboot, and the problem should go away. Since there is no
1475network while in safe mode, its recommended to download the full
1476installation of SP1 or SP2 and transfer that via an ISO or using the
1477vvfat block device ("-hdb fat:directory_which_holds_the_SP").
e3371e62 1478
a0a821a4
FB
1479@subsection MS-DOS and FreeDOS
1480
1481@subsubsection CPU usage reduction
1482
1483DOS does not correctly use the CPU HLT instruction. The result is that
1484it takes host CPU cycles even when idle. You can install the utility
1485from @url{http://www.vmware.com/software/dosidle210.zip} to solve this
1486problem.
1487
debc7065 1488@node QEMU System emulator for non PC targets
3f9f3aa1
FB
1489@chapter QEMU System emulator for non PC targets
1490
1491QEMU is a generic emulator and it emulates many non PC
1492machines. Most of the options are similar to the PC emulator. The
4be456f1 1493differences are mentioned in the following sections.
3f9f3aa1 1494
debc7065 1495@menu
7544a042 1496* PowerPC System emulator::
24d4de45
TS
1497* Sparc32 System emulator::
1498* Sparc64 System emulator::
1499* MIPS System emulator::
1500* ARM System emulator::
1501* ColdFire System emulator::
7544a042
SW
1502* Cris System emulator::
1503* Microblaze System emulator::
1504* SH4 System emulator::
3aeaea65 1505* Xtensa System emulator::
debc7065
FB
1506@end menu
1507
7544a042
SW
1508@node PowerPC System emulator
1509@section PowerPC System emulator
1510@cindex system emulation (PowerPC)
1a084f3d 1511
15a34c63
FB
1512Use the executable @file{qemu-system-ppc} to simulate a complete PREP
1513or PowerMac PowerPC system.
1a084f3d 1514
b671f9ed 1515QEMU emulates the following PowerMac peripherals:
1a084f3d 1516
15a34c63 1517@itemize @minus
5fafdf24 1518@item
006f3a48 1519UniNorth or Grackle PCI Bridge
15a34c63
FB
1520@item
1521PCI VGA compatible card with VESA Bochs Extensions
5fafdf24 1522@item
15a34c63 15232 PMAC IDE interfaces with hard disk and CD-ROM support
5fafdf24 1524@item
15a34c63
FB
1525NE2000 PCI adapters
1526@item
1527Non Volatile RAM
1528@item
1529VIA-CUDA with ADB keyboard and mouse.
1a084f3d
FB
1530@end itemize
1531
b671f9ed 1532QEMU emulates the following PREP peripherals:
52c00a5f
FB
1533
1534@itemize @minus
5fafdf24 1535@item
15a34c63
FB
1536PCI Bridge
1537@item
1538PCI VGA compatible card with VESA Bochs Extensions
5fafdf24 1539@item
52c00a5f
FB
15402 IDE interfaces with hard disk and CD-ROM support
1541@item
1542Floppy disk
5fafdf24 1543@item
15a34c63 1544NE2000 network adapters
52c00a5f
FB
1545@item
1546Serial port
1547@item
1548PREP Non Volatile RAM
15a34c63
FB
1549@item
1550PC compatible keyboard and mouse.
52c00a5f
FB
1551@end itemize
1552
15a34c63 1553QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
3f9f3aa1 1554@url{http://perso.magic.fr/l_indien/OpenHackWare/index.htm}.
52c00a5f 1555
992e5acd 1556Since version 0.9.1, QEMU uses OpenBIOS @url{http://www.openbios.org/}
006f3a48
BS
1557for the g3beige and mac99 PowerMac machines. OpenBIOS is a free (GPL
1558v2) portable firmware implementation. The goal is to implement a 100%
1559IEEE 1275-1994 (referred to as Open Firmware) compliant firmware.
992e5acd 1560
15a34c63
FB
1561@c man begin OPTIONS
1562
1563The following options are specific to the PowerPC emulation:
1564
1565@table @option
1566
4e257e5e 1567@item -g @var{W}x@var{H}[x@var{DEPTH}]
15a34c63
FB
1568
1569Set the initial VGA graphic mode. The default is 800x600x15.
1570
4e257e5e 1571@item -prom-env @var{string}
95efd11c
BS
1572
1573Set OpenBIOS variables in NVRAM, for example:
1574
1575@example
1576qemu-system-ppc -prom-env 'auto-boot?=false' \
1577 -prom-env 'boot-device=hd:2,\yaboot' \
1578 -prom-env 'boot-args=conf=hd:2,\yaboot.conf'
1579@end example
1580
1581These variables are not used by Open Hack'Ware.
1582
15a34c63
FB
1583@end table
1584
5fafdf24 1585@c man end
15a34c63
FB
1586
1587
52c00a5f 1588More information is available at
3f9f3aa1 1589@url{http://perso.magic.fr/l_indien/qemu-ppc/}.
52c00a5f 1590
24d4de45
TS
1591@node Sparc32 System emulator
1592@section Sparc32 System emulator
7544a042 1593@cindex system emulation (Sparc32)
e80cfcfc 1594
34a3d239
BS
1595Use the executable @file{qemu-system-sparc} to simulate the following
1596Sun4m architecture machines:
1597@itemize @minus
1598@item
1599SPARCstation 4
1600@item
1601SPARCstation 5
1602@item
1603SPARCstation 10
1604@item
1605SPARCstation 20
1606@item
1607SPARCserver 600MP
1608@item
1609SPARCstation LX
1610@item
1611SPARCstation Voyager
1612@item
1613SPARCclassic
1614@item
1615SPARCbook
1616@end itemize
1617
1618The emulation is somewhat complete. SMP up to 16 CPUs is supported,
1619but Linux limits the number of usable CPUs to 4.
e80cfcfc 1620
34a3d239
BS
1621It's also possible to simulate a SPARCstation 2 (sun4c architecture),
1622SPARCserver 1000, or SPARCcenter 2000 (sun4d architecture), but these
1623emulators are not usable yet.
1624
1625QEMU emulates the following sun4m/sun4c/sun4d peripherals:
e80cfcfc
FB
1626
1627@itemize @minus
3475187d 1628@item
7d85892b 1629IOMMU or IO-UNITs
e80cfcfc
FB
1630@item
1631TCX Frame buffer
5fafdf24 1632@item
e80cfcfc
FB
1633Lance (Am7990) Ethernet
1634@item
34a3d239 1635Non Volatile RAM M48T02/M48T08
e80cfcfc 1636@item
3475187d
FB
1637Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
1638and power/reset logic
1639@item
1640ESP SCSI controller with hard disk and CD-ROM support
1641@item
6a3b9cc9 1642Floppy drive (not on SS-600MP)
a2502b58
BS
1643@item
1644CS4231 sound device (only on SS-5, not working yet)
e80cfcfc
FB
1645@end itemize
1646
6a3b9cc9
BS
1647The number of peripherals is fixed in the architecture. Maximum
1648memory size depends on the machine type, for SS-5 it is 256MB and for
7d85892b 1649others 2047MB.
3475187d 1650
30a604f3 1651Since version 0.8.2, QEMU uses OpenBIOS
0986ac3b
FB
1652@url{http://www.openbios.org/}. OpenBIOS is a free (GPL v2) portable
1653firmware implementation. The goal is to implement a 100% IEEE
16541275-1994 (referred to as Open Firmware) compliant firmware.
3475187d
FB
1655
1656A sample Linux 2.6 series kernel and ram disk image are available on
34a3d239
BS
1657the QEMU web site. There are still issues with NetBSD and OpenBSD, but
1658some kernel versions work. Please note that currently Solaris kernels
1659don't work probably due to interface issues between OpenBIOS and
1660Solaris.
3475187d
FB
1661
1662@c man begin OPTIONS
1663
a2502b58 1664The following options are specific to the Sparc32 emulation:
3475187d
FB
1665
1666@table @option
1667
4e257e5e 1668@item -g @var{W}x@var{H}x[x@var{DEPTH}]
3475187d 1669
a2502b58
BS
1670Set the initial TCX graphic mode. The default is 1024x768x8, currently
1671the only other possible mode is 1024x768x24.
3475187d 1672
4e257e5e 1673@item -prom-env @var{string}
66508601
BS
1674
1675Set OpenBIOS variables in NVRAM, for example:
1676
1677@example
1678qemu-system-sparc -prom-env 'auto-boot?=false' \
1679 -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
1680@end example
1681
609c1dac 1682@item -M [SS-4|SS-5|SS-10|SS-20|SS-600MP|LX|Voyager|SPARCClassic] [|SPARCbook|SS-2|SS-1000|SS-2000]
a2502b58
BS
1683
1684Set the emulated machine type. Default is SS-5.
1685
3475187d
FB
1686@end table
1687
5fafdf24 1688@c man end
3475187d 1689
24d4de45
TS
1690@node Sparc64 System emulator
1691@section Sparc64 System emulator
7544a042 1692@cindex system emulation (Sparc64)
e80cfcfc 1693
34a3d239
BS
1694Use the executable @file{qemu-system-sparc64} to simulate a Sun4u
1695(UltraSPARC PC-like machine), Sun4v (T1 PC-like machine), or generic
1696Niagara (T1) machine. The emulator is not usable for anything yet, but
1697it can launch some kernels.
b756921a 1698
c7ba218d 1699QEMU emulates the following peripherals:
83469015
FB
1700
1701@itemize @minus
1702@item
5fafdf24 1703UltraSparc IIi APB PCI Bridge
83469015
FB
1704@item
1705PCI VGA compatible card with VESA Bochs Extensions
1706@item
34a3d239
BS
1707PS/2 mouse and keyboard
1708@item
83469015
FB
1709Non Volatile RAM M48T59
1710@item
1711PC-compatible serial ports
c7ba218d
BS
1712@item
17132 PCI IDE interfaces with hard disk and CD-ROM support
34a3d239
BS
1714@item
1715Floppy disk
83469015
FB
1716@end itemize
1717
c7ba218d
BS
1718@c man begin OPTIONS
1719
1720The following options are specific to the Sparc64 emulation:
1721
1722@table @option
1723
4e257e5e 1724@item -prom-env @var{string}
34a3d239
BS
1725
1726Set OpenBIOS variables in NVRAM, for example:
1727
1728@example
1729qemu-system-sparc64 -prom-env 'auto-boot?=false'
1730@end example
1731
1732@item -M [sun4u|sun4v|Niagara]
c7ba218d
BS
1733
1734Set the emulated machine type. The default is sun4u.
1735
1736@end table
1737
1738@c man end
1739
24d4de45
TS
1740@node MIPS System emulator
1741@section MIPS System emulator
7544a042 1742@cindex system emulation (MIPS)
9d0a8e6f 1743
d9aedc32
TS
1744Four executables cover simulation of 32 and 64-bit MIPS systems in
1745both endian options, @file{qemu-system-mips}, @file{qemu-system-mipsel}
1746@file{qemu-system-mips64} and @file{qemu-system-mips64el}.
88cb0a02 1747Five different machine types are emulated:
24d4de45
TS
1748
1749@itemize @minus
1750@item
1751A generic ISA PC-like machine "mips"
1752@item
1753The MIPS Malta prototype board "malta"
1754@item
d9aedc32 1755An ACER Pica "pica61". This machine needs the 64-bit emulator.
6bf5b4e8 1756@item
f0fc6f8f 1757MIPS emulator pseudo board "mipssim"
88cb0a02
AJ
1758@item
1759A MIPS Magnum R4000 machine "magnum". This machine needs the 64-bit emulator.
24d4de45
TS
1760@end itemize
1761
1762The generic emulation is supported by Debian 'Etch' and is able to
1763install Debian into a virtual disk image. The following devices are
1764emulated:
3f9f3aa1
FB
1765
1766@itemize @minus
5fafdf24 1767@item
6bf5b4e8 1768A range of MIPS CPUs, default is the 24Kf
3f9f3aa1
FB
1769@item
1770PC style serial port
1771@item
24d4de45
TS
1772PC style IDE disk
1773@item
3f9f3aa1
FB
1774NE2000 network card
1775@end itemize
1776
24d4de45
TS
1777The Malta emulation supports the following devices:
1778
1779@itemize @minus
1780@item
0b64d008 1781Core board with MIPS 24Kf CPU and Galileo system controller
24d4de45
TS
1782@item
1783PIIX4 PCI/USB/SMbus controller
1784@item
1785The Multi-I/O chip's serial device
1786@item
3a2eeac0 1787PCI network cards (PCnet32 and others)
24d4de45
TS
1788@item
1789Malta FPGA serial device
1790@item
1f605a76 1791Cirrus (default) or any other PCI VGA graphics card
24d4de45
TS
1792@end itemize
1793
1794The ACER Pica emulation supports:
1795
1796@itemize @minus
1797@item
1798MIPS R4000 CPU
1799@item
1800PC-style IRQ and DMA controllers
1801@item
1802PC Keyboard
1803@item
1804IDE controller
1805@end itemize
3f9f3aa1 1806
b5e4946f 1807The mipssim pseudo board emulation provides an environment similar
f0fc6f8f
TS
1808to what the proprietary MIPS emulator uses for running Linux.
1809It supports:
6bf5b4e8
TS
1810
1811@itemize @minus
1812@item
1813A range of MIPS CPUs, default is the 24Kf
1814@item
1815PC style serial port
1816@item
1817MIPSnet network emulation
1818@end itemize
1819
88cb0a02
AJ
1820The MIPS Magnum R4000 emulation supports:
1821
1822@itemize @minus
1823@item
1824MIPS R4000 CPU
1825@item
1826PC-style IRQ controller
1827@item
1828PC Keyboard
1829@item
1830SCSI controller
1831@item
1832G364 framebuffer
1833@end itemize
1834
1835
24d4de45
TS
1836@node ARM System emulator
1837@section ARM System emulator
7544a042 1838@cindex system emulation (ARM)
3f9f3aa1
FB
1839
1840Use the executable @file{qemu-system-arm} to simulate a ARM
1841machine. The ARM Integrator/CP board is emulated with the following
1842devices:
1843
1844@itemize @minus
1845@item
9ee6e8bb 1846ARM926E, ARM1026E, ARM946E, ARM1136 or Cortex-A8 CPU
3f9f3aa1
FB
1847@item
1848Two PL011 UARTs
5fafdf24 1849@item
3f9f3aa1 1850SMC 91c111 Ethernet adapter
00a9bf19
PB
1851@item
1852PL110 LCD controller
1853@item
1854PL050 KMI with PS/2 keyboard and mouse.
a1bb27b1
PB
1855@item
1856PL181 MultiMedia Card Interface with SD card.
00a9bf19
PB
1857@end itemize
1858
1859The ARM Versatile baseboard is emulated with the following devices:
1860
1861@itemize @minus
1862@item
9ee6e8bb 1863ARM926E, ARM1136 or Cortex-A8 CPU
00a9bf19
PB
1864@item
1865PL190 Vectored Interrupt Controller
1866@item
1867Four PL011 UARTs
5fafdf24 1868@item
00a9bf19
PB
1869SMC 91c111 Ethernet adapter
1870@item
1871PL110 LCD controller
1872@item
1873PL050 KMI with PS/2 keyboard and mouse.
1874@item
1875PCI host bridge. Note the emulated PCI bridge only provides access to
1876PCI memory space. It does not provide access to PCI IO space.
4be456f1
TS
1877This means some devices (eg. ne2k_pci NIC) are not usable, and others
1878(eg. rtl8139 NIC) are only usable when the guest drivers use the memory
00a9bf19 1879mapped control registers.
e6de1bad
PB
1880@item
1881PCI OHCI USB controller.
1882@item
1883LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices.
a1bb27b1
PB
1884@item
1885PL181 MultiMedia Card Interface with SD card.
3f9f3aa1
FB
1886@end itemize
1887
21a88941
PB
1888Several variants of the ARM RealView baseboard are emulated,
1889including the EB, PB-A8 and PBX-A9. Due to interactions with the
1890bootloader, only certain Linux kernel configurations work out
1891of the box on these boards.
1892
1893Kernels for the PB-A8 board should have CONFIG_REALVIEW_HIGH_PHYS_OFFSET
1894enabled in the kernel, and expect 512M RAM. Kernels for The PBX-A9 board
1895should have CONFIG_SPARSEMEM enabled, CONFIG_REALVIEW_HIGH_PHYS_OFFSET
1896disabled and expect 1024M RAM.
1897
40c5c6cd 1898The following devices are emulated:
d7739d75
PB
1899
1900@itemize @minus
1901@item
f7c70325 1902ARM926E, ARM1136, ARM11MPCore, Cortex-A8 or Cortex-A9 MPCore CPU
d7739d75
PB
1903@item
1904ARM AMBA Generic/Distributed Interrupt Controller
1905@item
1906Four PL011 UARTs
5fafdf24 1907@item
0ef849d7 1908SMC 91c111 or SMSC LAN9118 Ethernet adapter
d7739d75
PB
1909@item
1910PL110 LCD controller
1911@item
1912PL050 KMI with PS/2 keyboard and mouse
1913@item
1914PCI host bridge
1915@item
1916PCI OHCI USB controller
1917@item
1918LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices
a1bb27b1
PB
1919@item
1920PL181 MultiMedia Card Interface with SD card.
d7739d75
PB
1921@end itemize
1922
b00052e4
AZ
1923The XScale-based clamshell PDA models ("Spitz", "Akita", "Borzoi"
1924and "Terrier") emulation includes the following peripherals:
1925
1926@itemize @minus
1927@item
1928Intel PXA270 System-on-chip (ARM V5TE core)
1929@item
1930NAND Flash memory
1931@item
1932IBM/Hitachi DSCM microdrive in a PXA PCMCIA slot - not in "Akita"
1933@item
1934On-chip OHCI USB controller
1935@item
1936On-chip LCD controller
1937@item
1938On-chip Real Time Clock
1939@item
1940TI ADS7846 touchscreen controller on SSP bus
1941@item
1942Maxim MAX1111 analog-digital converter on I@math{^2}C bus
1943@item
1944GPIO-connected keyboard controller and LEDs
1945@item
549444e1 1946Secure Digital card connected to PXA MMC/SD host
b00052e4
AZ
1947@item
1948Three on-chip UARTs
1949@item
1950WM8750 audio CODEC on I@math{^2}C and I@math{^2}S busses
1951@end itemize
1952
02645926
AZ
1953The Palm Tungsten|E PDA (codename "Cheetah") emulation includes the
1954following elements:
1955
1956@itemize @minus
1957@item
1958Texas Instruments OMAP310 System-on-chip (ARM 925T core)
1959@item
1960ROM and RAM memories (ROM firmware image can be loaded with -option-rom)
1961@item
1962On-chip LCD controller
1963@item
1964On-chip Real Time Clock
1965@item
1966TI TSC2102i touchscreen controller / analog-digital converter / Audio
1967CODEC, connected through MicroWire and I@math{^2}S busses
1968@item
1969GPIO-connected matrix keypad
1970@item
1971Secure Digital card connected to OMAP MMC/SD host
1972@item
1973Three on-chip UARTs
1974@end itemize
1975
c30bb264
AZ
1976Nokia N800 and N810 internet tablets (known also as RX-34 and RX-44 / 48)
1977emulation supports the following elements:
1978
1979@itemize @minus
1980@item
1981Texas Instruments OMAP2420 System-on-chip (ARM 1136 core)
1982@item
1983RAM and non-volatile OneNAND Flash memories
1984@item
1985Display connected to EPSON remote framebuffer chip and OMAP on-chip
1986display controller and a LS041y3 MIPI DBI-C controller
1987@item
1988TI TSC2301 (in N800) and TI TSC2005 (in N810) touchscreen controllers
1989driven through SPI bus
1990@item
1991National Semiconductor LM8323-controlled qwerty keyboard driven
1992through I@math{^2}C bus
1993@item
1994Secure Digital card connected to OMAP MMC/SD host
1995@item
1996Three OMAP on-chip UARTs and on-chip STI debugging console
1997@item
40c5c6cd 1998A Bluetooth(R) transceiver and HCI connected to an UART
2d564691 1999@item
c30bb264
AZ
2000Mentor Graphics "Inventra" dual-role USB controller embedded in a TI
2001TUSB6010 chip - only USB host mode is supported
2002@item
2003TI TMP105 temperature sensor driven through I@math{^2}C bus
2004@item
2005TI TWL92230C power management companion with an RTC on I@math{^2}C bus
2006@item
2007Nokia RETU and TAHVO multi-purpose chips with an RTC, connected
2008through CBUS
2009@end itemize
2010
9ee6e8bb
PB
2011The Luminary Micro Stellaris LM3S811EVB emulation includes the following
2012devices:
2013
2014@itemize @minus
2015@item
2016Cortex-M3 CPU core.
2017@item
201864k Flash and 8k SRAM.
2019@item
2020Timers, UARTs, ADC and I@math{^2}C interface.
2021@item
2022OSRAM Pictiva 96x16 OLED with SSD0303 controller on I@math{^2}C bus.
2023@end itemize
2024
2025The Luminary Micro Stellaris LM3S6965EVB emulation includes the following
2026devices:
2027
2028@itemize @minus
2029@item
2030Cortex-M3 CPU core.
2031@item
2032256k Flash and 64k SRAM.
2033@item
2034Timers, UARTs, ADC, I@math{^2}C and SSI interfaces.
2035@item
2036OSRAM Pictiva 128x64 OLED with SSD0323 controller connected via SSI.
2037@end itemize
2038
57cd6e97
AZ
2039The Freecom MusicPal internet radio emulation includes the following
2040elements:
2041
2042@itemize @minus
2043@item
2044Marvell MV88W8618 ARM core.
2045@item
204632 MB RAM, 256 KB SRAM, 8 MB flash.
2047@item
2048Up to 2 16550 UARTs
2049@item
2050MV88W8xx8 Ethernet controller
2051@item
2052MV88W8618 audio controller, WM8750 CODEC and mixer
2053@item
e080e785 2054128×64 display with brightness control
57cd6e97
AZ
2055@item
20562 buttons, 2 navigation wheels with button function
2057@end itemize
2058
997641a8 2059The Siemens SX1 models v1 and v2 (default) basic emulation.
40c5c6cd 2060The emulation includes the following elements:
997641a8
AZ
2061
2062@itemize @minus
2063@item
2064Texas Instruments OMAP310 System-on-chip (ARM 925T core)
2065@item
2066ROM and RAM memories (ROM firmware image can be loaded with -pflash)
2067V1
20681 Flash of 16MB and 1 Flash of 8MB
2069V2
20701 Flash of 32MB
2071@item
2072On-chip LCD controller
2073@item
2074On-chip Real Time Clock
2075@item
2076Secure Digital card connected to OMAP MMC/SD host
2077@item
2078Three on-chip UARTs
2079@end itemize
2080
3f9f3aa1
FB
2081A Linux 2.6 test image is available on the QEMU web site. More
2082information is available in the QEMU mailing-list archive.
9d0a8e6f 2083
d2c639d6
BS
2084@c man begin OPTIONS
2085
2086The following options are specific to the ARM emulation:
2087
2088@table @option
2089
2090@item -semihosting
2091Enable semihosting syscall emulation.
2092
2093On ARM this implements the "Angel" interface.
2094
2095Note that this allows guest direct access to the host filesystem,
2096so should only be used with trusted guest OS.
2097
2098@end table
2099
24d4de45
TS
2100@node ColdFire System emulator
2101@section ColdFire System emulator
7544a042
SW
2102@cindex system emulation (ColdFire)
2103@cindex system emulation (M68K)
209a4e69
PB
2104
2105Use the executable @file{qemu-system-m68k} to simulate a ColdFire machine.
2106The emulator is able to boot a uClinux kernel.
707e011b
PB
2107
2108The M5208EVB emulation includes the following devices:
2109
2110@itemize @minus
5fafdf24 2111@item
707e011b
PB
2112MCF5208 ColdFire V2 Microprocessor (ISA A+ with EMAC).
2113@item
2114Three Two on-chip UARTs.
2115@item
2116Fast Ethernet Controller (FEC)
2117@end itemize
2118
2119The AN5206 emulation includes the following devices:
209a4e69
PB
2120
2121@itemize @minus
5fafdf24 2122@item
209a4e69
PB
2123MCF5206 ColdFire V2 Microprocessor.
2124@item
2125Two on-chip UARTs.
2126@end itemize
2127
d2c639d6
BS
2128@c man begin OPTIONS
2129
7544a042 2130The following options are specific to the ColdFire emulation:
d2c639d6
BS
2131
2132@table @option
2133
2134@item -semihosting
2135Enable semihosting syscall emulation.
2136
2137On M68K this implements the "ColdFire GDB" interface used by libgloss.
2138
2139Note that this allows guest direct access to the host filesystem,
2140so should only be used with trusted guest OS.
2141
2142@end table
2143
7544a042
SW
2144@node Cris System emulator
2145@section Cris System emulator
2146@cindex system emulation (Cris)
2147
2148TODO
2149
2150@node Microblaze System emulator
2151@section Microblaze System emulator
2152@cindex system emulation (Microblaze)
2153
2154TODO
2155
2156@node SH4 System emulator
2157@section SH4 System emulator
2158@cindex system emulation (SH4)
2159
2160TODO
2161
3aeaea65
MF
2162@node Xtensa System emulator
2163@section Xtensa System emulator
2164@cindex system emulation (Xtensa)
2165
2166Two executables cover simulation of both Xtensa endian options,
2167@file{qemu-system-xtensa} and @file{qemu-system-xtensaeb}.
2168Two different machine types are emulated:
2169
2170@itemize @minus
2171@item
2172Xtensa emulator pseudo board "sim"
2173@item
2174Avnet LX60/LX110/LX200 board
2175@end itemize
2176
b5e4946f 2177The sim pseudo board emulation provides an environment similar
3aeaea65
MF
2178to one provided by the proprietary Tensilica ISS.
2179It supports:
2180
2181@itemize @minus
2182@item
2183A range of Xtensa CPUs, default is the DC232B
2184@item
2185Console and filesystem access via semihosting calls
2186@end itemize
2187
2188The Avnet LX60/LX110/LX200 emulation supports:
2189
2190@itemize @minus
2191@item
2192A range of Xtensa CPUs, default is the DC232B
2193@item
219416550 UART
2195@item
2196OpenCores 10/100 Mbps Ethernet MAC
2197@end itemize
2198
2199@c man begin OPTIONS
2200
2201The following options are specific to the Xtensa emulation:
2202
2203@table @option
2204
2205@item -semihosting
2206Enable semihosting syscall emulation.
2207
2208Xtensa semihosting provides basic file IO calls, such as open/read/write/seek/select.
2209Tensilica baremetal libc for ISS and linux platform "sim" use this interface.
2210
2211Note that this allows guest direct access to the host filesystem,
2212so should only be used with trusted guest OS.
2213
2214@end table
5fafdf24
TS
2215@node QEMU User space emulator
2216@chapter QEMU User space emulator
83195237
FB
2217
2218@menu
2219* Supported Operating Systems ::
2220* Linux User space emulator::
2221* Mac OS X/Darwin User space emulator ::
84778508 2222* BSD User space emulator ::
83195237
FB
2223@end menu
2224
2225@node Supported Operating Systems
2226@section Supported Operating Systems
2227
2228The following OS are supported in user space emulation:
2229
2230@itemize @minus
2231@item
4be456f1 2232Linux (referred as qemu-linux-user)
83195237 2233@item
4be456f1 2234Mac OS X/Darwin (referred as qemu-darwin-user)
84778508
BS
2235@item
2236BSD (referred as qemu-bsd-user)
83195237
FB
2237@end itemize
2238
2239@node Linux User space emulator
2240@section Linux User space emulator
386405f7 2241
debc7065
FB
2242@menu
2243* Quick Start::
2244* Wine launch::
2245* Command line options::
79737e4a 2246* Other binaries::
debc7065
FB
2247@end menu
2248
2249@node Quick Start
83195237 2250@subsection Quick Start
df0f11a0 2251
1f673135 2252In order to launch a Linux process, QEMU needs the process executable
5fafdf24 2253itself and all the target (x86) dynamic libraries used by it.
386405f7 2254
1f673135 2255@itemize
386405f7 2256
1f673135
FB
2257@item On x86, you can just try to launch any process by using the native
2258libraries:
386405f7 2259
5fafdf24 2260@example
1f673135
FB
2261qemu-i386 -L / /bin/ls
2262@end example
386405f7 2263
1f673135
FB
2264@code{-L /} tells that the x86 dynamic linker must be searched with a
2265@file{/} prefix.
386405f7 2266
dbcf5e82
TS
2267@item Since QEMU is also a linux process, you can launch qemu with
2268qemu (NOTE: you can only do that if you compiled QEMU from the sources):
386405f7 2269
5fafdf24 2270@example
1f673135
FB
2271qemu-i386 -L / qemu-i386 -L / /bin/ls
2272@end example
386405f7 2273
1f673135
FB
2274@item On non x86 CPUs, you need first to download at least an x86 glibc
2275(@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that
2276@code{LD_LIBRARY_PATH} is not set:
df0f11a0 2277
1f673135 2278@example
5fafdf24 2279unset LD_LIBRARY_PATH
1f673135 2280@end example
1eb87257 2281
1f673135 2282Then you can launch the precompiled @file{ls} x86 executable:
1eb87257 2283
1f673135
FB
2284@example
2285qemu-i386 tests/i386/ls
2286@end example
4c3b5a48 2287You can look at @file{scripts/qemu-binfmt-conf.sh} so that
1f673135
FB
2288QEMU is automatically launched by the Linux kernel when you try to
2289launch x86 executables. It requires the @code{binfmt_misc} module in the
2290Linux kernel.
1eb87257 2291
1f673135
FB
2292@item The x86 version of QEMU is also included. You can try weird things such as:
2293@example
debc7065
FB
2294qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 \
2295 /usr/local/qemu-i386/bin/ls-i386
1f673135 2296@end example
1eb20527 2297
1f673135 2298@end itemize
1eb20527 2299
debc7065 2300@node Wine launch
83195237 2301@subsection Wine launch
1eb20527 2302
1f673135 2303@itemize
386405f7 2304
1f673135
FB
2305@item Ensure that you have a working QEMU with the x86 glibc
2306distribution (see previous section). In order to verify it, you must be
2307able to do:
386405f7 2308
1f673135
FB
2309@example
2310qemu-i386 /usr/local/qemu-i386/bin/ls-i386
2311@end example
386405f7 2312
1f673135 2313@item Download the binary x86 Wine install
5fafdf24 2314(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page).
386405f7 2315
1f673135 2316@item Configure Wine on your account. Look at the provided script
debc7065 2317@file{/usr/local/qemu-i386/@/bin/wine-conf.sh}. Your previous
1f673135 2318@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
386405f7 2319
1f673135 2320@item Then you can try the example @file{putty.exe}:
386405f7 2321
1f673135 2322@example
debc7065
FB
2323qemu-i386 /usr/local/qemu-i386/wine/bin/wine \
2324 /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
1f673135 2325@end example
386405f7 2326
1f673135 2327@end itemize
fd429f2f 2328
debc7065 2329@node Command line options
83195237 2330@subsection Command line options
1eb20527 2331
1f673135 2332@example
68a1c816 2333usage: qemu-i386 [-h] [-d] [-L path] [-s size] [-cpu model] [-g port] [-B offset] [-R size] program [arguments...]
1f673135 2334@end example
1eb20527 2335
1f673135
FB
2336@table @option
2337@item -h
2338Print the help
3b46e624 2339@item -L path
1f673135
FB
2340Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
2341@item -s size
2342Set the x86 stack size in bytes (default=524288)
34a3d239
BS
2343@item -cpu model
2344Select CPU model (-cpu ? for list and additional feature selection)
f66724c9
SW
2345@item -ignore-environment
2346Start with an empty environment. Without this option,
40c5c6cd 2347the initial environment is a copy of the caller's environment.
f66724c9
SW
2348@item -E @var{var}=@var{value}
2349Set environment @var{var} to @var{value}.
2350@item -U @var{var}
2351Remove @var{var} from the environment.
379f6698
PB
2352@item -B offset
2353Offset guest address by the specified number of bytes. This is useful when
1f5c3f8c
SW
2354the address region required by guest applications is reserved on the host.
2355This option is currently only supported on some hosts.
68a1c816
PB
2356@item -R size
2357Pre-allocate a guest virtual address space of the given size (in bytes).
0d6753e5 2358"G", "M", and "k" suffixes may be used when specifying the size.
386405f7
FB
2359@end table
2360
1f673135 2361Debug options:
386405f7 2362
1f673135
FB
2363@table @option
2364@item -d
2365Activate log (logfile=/tmp/qemu.log)
2366@item -p pagesize
2367Act as if the host page size was 'pagesize' bytes
34a3d239
BS
2368@item -g port
2369Wait gdb connection to port
1b530a6d
AJ
2370@item -singlestep
2371Run the emulation in single step mode.
1f673135 2372@end table
386405f7 2373
b01bcae6
AZ
2374Environment variables:
2375
2376@table @env
2377@item QEMU_STRACE
2378Print system calls and arguments similar to the 'strace' program
2379(NOTE: the actual 'strace' program will not work because the user
2380space emulator hasn't implemented ptrace). At the moment this is
2381incomplete. All system calls that don't have a specific argument
2382format are printed with information for six arguments. Many
2383flag-style arguments don't have decoders and will show up as numbers.
5cfdf930 2384@end table
b01bcae6 2385
79737e4a 2386@node Other binaries
83195237 2387@subsection Other binaries
79737e4a 2388
7544a042
SW
2389@cindex user mode (Alpha)
2390@command{qemu-alpha} TODO.
2391
2392@cindex user mode (ARM)
2393@command{qemu-armeb} TODO.
2394
2395@cindex user mode (ARM)
79737e4a
PB
2396@command{qemu-arm} is also capable of running ARM "Angel" semihosted ELF
2397binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
2398configurations), and arm-uclinux bFLT format binaries.
2399
7544a042
SW
2400@cindex user mode (ColdFire)
2401@cindex user mode (M68K)
e6e5906b
PB
2402@command{qemu-m68k} is capable of running semihosted binaries using the BDM
2403(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
2404coldfire uClinux bFLT format binaries.
2405
79737e4a
PB
2406The binary format is detected automatically.
2407
7544a042
SW
2408@cindex user mode (Cris)
2409@command{qemu-cris} TODO.
2410
2411@cindex user mode (i386)
2412@command{qemu-i386} TODO.
2413@command{qemu-x86_64} TODO.
2414
2415@cindex user mode (Microblaze)
2416@command{qemu-microblaze} TODO.
2417
2418@cindex user mode (MIPS)
2419@command{qemu-mips} TODO.
2420@command{qemu-mipsel} TODO.
2421
2422@cindex user mode (PowerPC)
2423@command{qemu-ppc64abi32} TODO.
2424@command{qemu-ppc64} TODO.
2425@command{qemu-ppc} TODO.
2426
2427@cindex user mode (SH4)
2428@command{qemu-sh4eb} TODO.
2429@command{qemu-sh4} TODO.
2430
2431@cindex user mode (SPARC)
34a3d239
BS
2432@command{qemu-sparc} can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).
2433
a785e42e
BS
2434@command{qemu-sparc32plus} can execute Sparc32 and SPARC32PLUS binaries
2435(Sparc64 CPU, 32 bit ABI).
2436
2437@command{qemu-sparc64} can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
2438SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).
2439
83195237
FB
2440@node Mac OS X/Darwin User space emulator
2441@section Mac OS X/Darwin User space emulator
2442
2443@menu
2444* Mac OS X/Darwin Status::
2445* Mac OS X/Darwin Quick Start::
2446* Mac OS X/Darwin Command line options::
2447@end menu
2448
2449@node Mac OS X/Darwin Status
2450@subsection Mac OS X/Darwin Status
2451
2452@itemize @minus
2453@item
2454target x86 on x86: Most apps (Cocoa and Carbon too) works. [1]
2455@item
2456target PowerPC on x86: Not working as the ppc commpage can't be mapped (yet!)
2457@item
dbcf5e82 2458target PowerPC on PowerPC: Most apps (Cocoa and Carbon too) works. [1]
83195237
FB
2459@item
2460target x86 on PowerPC: most utilities work. Cocoa and Carbon apps are not yet supported.
2461@end itemize
2462
2463[1] If you're host commpage can be executed by qemu.
2464
2465@node Mac OS X/Darwin Quick Start
2466@subsection Quick Start
2467
2468In order to launch a Mac OS X/Darwin process, QEMU needs the process executable
2469itself and all the target dynamic libraries used by it. If you don't have the FAT
2470libraries (you're running Mac OS X/ppc) you'll need to obtain it from a Mac OS X
2471CD or compile them by hand.
2472
2473@itemize
2474
2475@item On x86, you can just try to launch any process by using the native
2476libraries:
2477
5fafdf24 2478@example
dbcf5e82 2479qemu-i386 /bin/ls
83195237
FB
2480@end example
2481
2482or to run the ppc version of the executable:
2483
5fafdf24 2484@example
dbcf5e82 2485qemu-ppc /bin/ls
83195237
FB
2486@end example
2487
2488@item On ppc, you'll have to tell qemu where your x86 libraries (and dynamic linker)
2489are installed:
2490
5fafdf24 2491@example
dbcf5e82 2492qemu-i386 -L /opt/x86_root/ /bin/ls
83195237
FB
2493@end example
2494
2495@code{-L /opt/x86_root/} tells that the dynamic linker (dyld) path is in
2496@file{/opt/x86_root/usr/bin/dyld}.
2497
2498@end itemize
2499
2500@node Mac OS X/Darwin Command line options
2501@subsection Command line options
2502
2503@example
dbcf5e82 2504usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
83195237
FB
2505@end example
2506
2507@table @option
2508@item -h
2509Print the help
3b46e624 2510@item -L path
83195237
FB
2511Set the library root path (default=/)
2512@item -s size
2513Set the stack size in bytes (default=524288)
2514@end table
2515
2516Debug options:
2517
2518@table @option
2519@item -d
2520Activate log (logfile=/tmp/qemu.log)
2521@item -p pagesize
2522Act as if the host page size was 'pagesize' bytes
1b530a6d
AJ
2523@item -singlestep
2524Run the emulation in single step mode.
83195237
FB
2525@end table
2526
84778508
BS
2527@node BSD User space emulator
2528@section BSD User space emulator
2529
2530@menu
2531* BSD Status::
2532* BSD Quick Start::
2533* BSD Command line options::
2534@end menu
2535
2536@node BSD Status
2537@subsection BSD Status
2538
2539@itemize @minus
2540@item
2541target Sparc64 on Sparc64: Some trivial programs work.
2542@end itemize
2543
2544@node BSD Quick Start
2545@subsection Quick Start
2546
2547In order to launch a BSD process, QEMU needs the process executable
2548itself and all the target dynamic libraries used by it.
2549
2550@itemize
2551
2552@item On Sparc64, you can just try to launch any process by using the native
2553libraries:
2554
2555@example
2556qemu-sparc64 /bin/ls
2557@end example
2558
2559@end itemize
2560
2561@node BSD Command line options
2562@subsection Command line options
2563
2564@example
2565usage: qemu-sparc64 [-h] [-d] [-L path] [-s size] [-bsd type] program [arguments...]
2566@end example
2567
2568@table @option
2569@item -h
2570Print the help
2571@item -L path
2572Set the library root path (default=/)
2573@item -s size
2574Set the stack size in bytes (default=524288)
f66724c9
SW
2575@item -ignore-environment
2576Start with an empty environment. Without this option,
40c5c6cd 2577the initial environment is a copy of the caller's environment.
f66724c9
SW
2578@item -E @var{var}=@var{value}
2579Set environment @var{var} to @var{value}.
2580@item -U @var{var}
2581Remove @var{var} from the environment.
84778508
BS
2582@item -bsd type
2583Set the type of the emulated BSD Operating system. Valid values are
2584FreeBSD, NetBSD and OpenBSD (default).
2585@end table
2586
2587Debug options:
2588
2589@table @option
2590@item -d
2591Activate log (logfile=/tmp/qemu.log)
2592@item -p pagesize
2593Act as if the host page size was 'pagesize' bytes
1b530a6d
AJ
2594@item -singlestep
2595Run the emulation in single step mode.
84778508
BS
2596@end table
2597
15a34c63
FB
2598@node compilation
2599@chapter Compilation from the sources
2600
debc7065
FB
2601@menu
2602* Linux/Unix::
2603* Windows::
2604* Cross compilation for Windows with Linux::
2605* Mac OS X::
47eacb4f 2606* Make targets::
debc7065
FB
2607@end menu
2608
2609@node Linux/Unix
7c3fc84d
FB
2610@section Linux/Unix
2611
2612@subsection Compilation
2613
2614First you must decompress the sources:
2615@example
2616cd /tmp
2617tar zxvf qemu-x.y.z.tar.gz
2618cd qemu-x.y.z
2619@end example
2620
2621Then you configure QEMU and build it (usually no options are needed):
2622@example
2623./configure
2624make
2625@end example
2626
2627Then type as root user:
2628@example
2629make install
2630@end example
2631to install QEMU in @file{/usr/local}.
2632
debc7065 2633@node Windows
15a34c63
FB
2634@section Windows
2635
2636@itemize
2637@item Install the current versions of MSYS and MinGW from
2638@url{http://www.mingw.org/}. You can find detailed installation
2639instructions in the download section and the FAQ.
2640
5fafdf24 2641@item Download
15a34c63 2642the MinGW development library of SDL 1.2.x
debc7065 2643(@file{SDL-devel-1.2.x-@/mingw32.tar.gz}) from
d0a96f3d
ST
2644@url{http://www.libsdl.org}. Unpack it in a temporary place and
2645edit the @file{sdl-config} script so that it gives the
15a34c63
FB
2646correct SDL directory when invoked.
2647
d0a96f3d
ST
2648@item Install the MinGW version of zlib and make sure
2649@file{zlib.h} and @file{libz.dll.a} are in
40c5c6cd 2650MinGW's default header and linker search paths.
d0a96f3d 2651
15a34c63 2652@item Extract the current version of QEMU.
5fafdf24 2653
15a34c63
FB
2654@item Start the MSYS shell (file @file{msys.bat}).
2655
5fafdf24 2656@item Change to the QEMU directory. Launch @file{./configure} and
15a34c63
FB
2657@file{make}. If you have problems using SDL, verify that
2658@file{sdl-config} can be launched from the MSYS command line.
2659
5fafdf24 2660@item You can install QEMU in @file{Program Files/Qemu} by typing
15a34c63
FB
2661@file{make install}. Don't forget to copy @file{SDL.dll} in
2662@file{Program Files/Qemu}.
2663
2664@end itemize
2665
debc7065 2666@node Cross compilation for Windows with Linux
15a34c63
FB
2667@section Cross compilation for Windows with Linux
2668
2669@itemize
2670@item
2671Install the MinGW cross compilation tools available at
2672@url{http://www.mingw.org/}.
2673
d0a96f3d
ST
2674@item Download
2675the MinGW development library of SDL 1.2.x
2676(@file{SDL-devel-1.2.x-@/mingw32.tar.gz}) from
2677@url{http://www.libsdl.org}. Unpack it in a temporary place and
2678edit the @file{sdl-config} script so that it gives the
2679correct SDL directory when invoked. Set up the @code{PATH} environment
2680variable so that @file{sdl-config} can be launched by
15a34c63
FB
2681the QEMU configuration script.
2682
d0a96f3d
ST
2683@item Install the MinGW version of zlib and make sure
2684@file{zlib.h} and @file{libz.dll.a} are in
40c5c6cd 2685MinGW's default header and linker search paths.
d0a96f3d 2686
5fafdf24 2687@item
15a34c63
FB
2688Configure QEMU for Windows cross compilation:
2689@example
d0a96f3d
ST
2690PATH=/usr/i686-pc-mingw32/sys-root/mingw/bin:$PATH ./configure --cross-prefix='i686-pc-mingw32-'
2691@end example
2692The example assumes @file{sdl-config} is installed under @file{/usr/i686-pc-mingw32/sys-root/mingw/bin} and
2693MinGW cross compilation tools have names like @file{i686-pc-mingw32-gcc} and @file{i686-pc-mingw32-strip}.
40c5c6cd 2694We set the @code{PATH} environment variable to ensure the MinGW version of @file{sdl-config} is used and
d0a96f3d
ST
2695use --cross-prefix to specify the name of the cross compiler.
2696You can also use --prefix to set the Win32 install path which defaults to @file{c:/Program Files/Qemu}.
2697
2698Under Fedora Linux, you can run:
2699@example
2700yum -y install mingw32-gcc mingw32-SDL mingw32-zlib
15a34c63 2701@end example
d0a96f3d 2702to get a suitable cross compilation environment.
15a34c63 2703
5fafdf24 2704@item You can install QEMU in the installation directory by typing
d0a96f3d 2705@code{make install}. Don't forget to copy @file{SDL.dll} and @file{zlib1.dll} into the
5fafdf24 2706installation directory.
15a34c63
FB
2707
2708@end itemize
2709
d0a96f3d 2710Wine can be used to launch the resulting qemu.exe compiled for Win32.
15a34c63 2711
debc7065 2712@node Mac OS X
15a34c63
FB
2713@section Mac OS X
2714
2715The Mac OS X patches are not fully merged in QEMU, so you should look
2716at the QEMU mailing list archive to have all the necessary
2717information.
2718
47eacb4f
SW
2719@node Make targets
2720@section Make targets
2721
2722@table @code
2723
2724@item make
2725@item make all
2726Make everything which is typically needed.
2727
2728@item install
2729TODO
2730
2731@item install-doc
2732TODO
2733
2734@item make clean
2735Remove most files which were built during make.
2736
2737@item make distclean
2738Remove everything which was built during make.
2739
2740@item make dvi
2741@item make html
2742@item make info
2743@item make pdf
2744Create documentation in dvi, html, info or pdf format.
2745
2746@item make cscope
2747TODO
2748
2749@item make defconfig
2750(Re-)create some build configuration files.
2751User made changes will be overwritten.
2752
2753@item tar
2754@item tarbin
2755TODO
2756
2757@end table
2758
7544a042
SW
2759@node License
2760@appendix License
2761
2762QEMU is a trademark of Fabrice Bellard.
2763
2764QEMU is released under the GNU General Public License (TODO: add link).
2765Parts of QEMU have specific licenses, see file LICENSE.
2766
2767TODO (refer to file LICENSE, include it, include the GPL?)
2768
debc7065 2769@node Index
7544a042
SW
2770@appendix Index
2771@menu
2772* Concept Index::
2773* Function Index::
2774* Keystroke Index::
2775* Program Index::
2776* Data Type Index::
2777* Variable Index::
2778@end menu
2779
2780@node Concept Index
2781@section Concept Index
2782This is the main index. Should we combine all keywords in one index? TODO
debc7065
FB
2783@printindex cp
2784
7544a042
SW
2785@node Function Index
2786@section Function Index
2787This index could be used for command line options and monitor functions.
2788@printindex fn
2789
2790@node Keystroke Index
2791@section Keystroke Index
2792
2793This is a list of all keystrokes which have a special function
2794in system emulation.
2795
2796@printindex ky
2797
2798@node Program Index
2799@section Program Index
2800@printindex pg
2801
2802@node Data Type Index
2803@section Data Type Index
2804
2805This index could be used for qdev device names and options.
2806
2807@printindex tp
2808
2809@node Variable Index
2810@section Variable Index
2811@printindex vr
2812
debc7065 2813@bye