" dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n"
" suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
" nvdimm=on|off controls NVDIMM support (default=off)\n"
- " enforce-config-section=on|off enforce configuration section migration (default=off)\n"
" memory-encryption=@var{} memory encryption object to use (default=none)\n"
" hmat=on|off controls ACPI HMAT support (default=off)\n",
QEMU_ARCH_ALL)
``nvdimm=on|off``
Enables or disables NVDIMM support. The default is off.
- ``enforce-config-section=on|off``
- If ``enforce-config-section`` is set to on, force migration code
- to send configuration section even if the machine-type sets the
- ``migration.send-configuration`` property to off. NOTE: this
- parameter is deprecated. Please use ``-global``
- ``migration.send-configuration``\ =on\|off instead.
-
``memory-encryption=``
Memory encryption object to use. The default is none.
.. parsed-literal::
- |qemu_system| \
- -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \
- -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \
+ |qemu_system| \\
+ -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
+ -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
-drive file=/dev/fdset/2,index=0,media=disk
ERST
Some drivers are:
-``-device ipmi-bmc-sim,id=id[,slave_addr=val][,sdrfile=file][,furareasize=val][,furdatafile=file][,guid=uuid]``
+``-device ipmi-bmc-sim,id=id[,prop[=value][,...]]``
Add an IPMI BMC. This is a simulation of a hardware management
interface processor that normally sits on a system. It provides a
watchdog and the ability to reset and power control the system. You
``-device isa-ipmi-bt,bmc=id[,ioport=val][,irq=val]``
Like the KCS interface, but defines a BT interface. The default port
is 0xe4 and the default interrupt is 5.
+
+``-device pci-ipmi-kcs,bmc=id``
+ Add a KCS IPMI interafce on the PCI bus.
+
+ ``bmc=id``
+ The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above.
+
+``-device pci-ipmi-bt,bmc=id``
+ Like the KCS interface, but defines a BT interface on the PCI bus.
ERST
DEF("name", HAS_ARG, QEMU_OPTION_name,
``-fda file``
\
``-fdb file``
- Use file as floppy disk 0/1 image (see
- :ref:`disk_005fimages`).
+ Use file as floppy disk 0/1 image (see the :ref:`disk images` chapter in
+ the System Emulation Users Guide).
ERST
DEF("hda", HAS_ARG, QEMU_OPTION_hda,
``-hdc file``
\
``-hdd file``
- Use file as hard disk 0, 1, 2 or 3 image (see
- :ref:`disk_005fimages`).
+ Use file as hard disk 0, 1, 2 or 3 image (see the :ref:`disk images`
+ chapter in the System Emulation Users Guide).
ERST
DEF("cdrom", HAS_ARG, QEMU_OPTION_cdrom,
The path to the image file in the local filesystem
``aio``
- Specifies the AIO backend (threads/native, default: threads)
+ Specifies the AIO backend (threads/native/io_uring,
+ default: threads)
``locking``
Specifies whether the image file is protected with Linux OFD
"-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n"
" [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]\n"
" [,snapshot=on|off][,rerror=ignore|stop|report]\n"
- " [,werror=ignore|stop|report|enospc][,id=name][,aio=threads|native]\n"
+ " [,werror=ignore|stop|report|enospc][,id=name]\n"
+ " [,aio=threads|native|io_uring]\n"
" [,readonly=on|off][,copy-on-read=on|off]\n"
" [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n"
" [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]]\n"
In addition, it knows the following options:
``file=file``
- This option defines which disk image (see
- :ref:`disk_005fimages`) to use with this drive. If
- the filename contains comma, you must double it (for instance,
+ This option defines which disk image (see the :ref:`disk images`
+ chapter in the System Emulation Users Guide) to use with this drive.
+ If the filename contains comma, you must double it (for instance,
"file=my,,file" to use file "my,file").
Special files such as iSCSI devices can be specified using
The default mode is ``cache=writeback``.
``aio=aio``
- aio is "threads", or "native" and selects between pthread based
- disk I/O and native Linux AIO.
+ aio is "threads", "native", or "io_uring" and selects between pthread
+ based disk I/O, native Linux AIO, or Linux io_uring API.
``format=format``
Specify which disk format will be used rather than detecting the
.. parsed-literal::
- |qemu_system| \
- -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \
- -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \
+ |qemu_system| \\
+ -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
+ -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
-drive file=/dev/fdset/2,index=0,media=disk
You can connect a CDROM to the slave of ide0:
``-snapshot``
Write to temporary files instead of disk image files. In this case,
the raw disk image you use is not written back. You can however
- force the write back by pressing C-a s (see
- :ref:`disk_005fimages`).
+ force the write back by pressing C-a s (see the :ref:`disk images`
+ chapter in the System Emulation Users Guide).
ERST
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
"-fsdev local,id=id,path=path,security_model=mapped-xattr|mapped-file|passthrough|none\n"
- " [,writeout=immediate][,readonly][,fmode=fmode][,dmode=dmode]\n"
+ " [,writeout=immediate][,readonly=on][,fmode=fmode][,dmode=dmode]\n"
" [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n"
" [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n"
" [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n"
" [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm]]]\n"
" [[,throttling.iops-size=is]]\n"
- "-fsdev proxy,id=id,socket=socket[,writeout=immediate][,readonly]\n"
- "-fsdev proxy,id=id,sock_fd=sock_fd[,writeout=immediate][,readonly]\n"
+ "-fsdev proxy,id=id,socket=socket[,writeout=immediate][,readonly=on]\n"
+ "-fsdev proxy,id=id,sock_fd=sock_fd[,writeout=immediate][,readonly=on]\n"
"-fsdev synth,id=id\n",
QEMU_ARCH_ALL)
SRST
-``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly][,fmode=fmode][,dmode=dmode] [,throttling.option=value[,throttling.option=value[,...]]]``
+``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly=on][,fmode=fmode][,dmode=dmode] [,throttling.option=value[,throttling.option=value[,...]]]``
\
-``-fsdev proxy,id=id,socket=socket[,writeout=writeout][,readonly]``
+``-fsdev proxy,id=id,socket=socket[,writeout=writeout][,readonly=on]``
\
-``-fsdev proxy,id=id,sock_fd=sock_fd[,writeout=writeout][,readonly]``
+``-fsdev proxy,id=id,sock_fd=sock_fd[,writeout=writeout][,readonly=on]``
\
-``-fsdev synth,id=id[,readonly]``
+``-fsdev synth,id=id[,readonly=on]``
Define a new file system device. Valid options are:
``local``
guest only when the data has been reported as written by the
storage subsystem.
- ``readonly``
+ ``readonly=on``
Enables exporting 9p share as a readonly mount for guests. By
default read-write access is given.
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
"-virtfs local,path=path,mount_tag=tag,security_model=mapped-xattr|mapped-file|passthrough|none\n"
- " [,id=id][,writeout=immediate][,readonly][,fmode=fmode][,dmode=dmode][,multidevs=remap|forbid|warn]\n"
- "-virtfs proxy,mount_tag=tag,socket=socket[,id=id][,writeout=immediate][,readonly]\n"
- "-virtfs proxy,mount_tag=tag,sock_fd=sock_fd[,id=id][,writeout=immediate][,readonly]\n"
- "-virtfs synth,mount_tag=tag[,id=id][,readonly]\n",
+ " [,id=id][,writeout=immediate][,readonly=on][,fmode=fmode][,dmode=dmode][,multidevs=remap|forbid|warn]\n"
+ "-virtfs proxy,mount_tag=tag,socket=socket[,id=id][,writeout=immediate][,readonly=on]\n"
+ "-virtfs proxy,mount_tag=tag,sock_fd=sock_fd[,id=id][,writeout=immediate][,readonly=on]\n"
+ "-virtfs synth,mount_tag=tag[,id=id][,readonly=on]\n",
QEMU_ARCH_ALL)
SRST
-``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,readonly] [,fmode=fmode][,dmode=dmode][,multidevs=multidevs]``
+``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,readonly=on] [,fmode=fmode][,dmode=dmode][,multidevs=multidevs]``
\
-``-virtfs proxy,socket=socket,mount_tag=mount_tag [,writeout=writeout][,readonly]``
+``-virtfs proxy,socket=socket,mount_tag=mount_tag [,writeout=writeout][,readonly=on]``
\
-``-virtfs proxy,sock_fd=sock_fd,mount_tag=mount_tag [,writeout=writeout][,readonly]``
+``-virtfs proxy,sock_fd=sock_fd,mount_tag=mount_tag [,writeout=writeout][,readonly=on]``
\
``-virtfs synth,mount_tag=mount_tag``
Define a new virtual filesystem device and expose it to the guest using
guest only when the data has been reported as written by the
storage subsystem.
- ``readonly``
+ ``readonly=on``
Enables exporting 9p share as a readonly mount for guests. By
default read-write access is given.
SRST
``-usbdevice devname``
Add the USB device devname. Note that this option is deprecated,
- please use ``-device usb-...`` instead. See
- :ref:`usb_005fdevices`.
+ please use ``-device usb-...`` instead. See the chapter about
+ :ref:`Connecting USB devices` in the System Emulation Users Guide.
``mouse``
Virtual Mouse. This will override the PS/2 mouse emulation when
connections.
The password must be set separately using the ``set_password``
- command in the :ref:`pcsys_005fmonitor`. The
+ command in the :ref:`QEMU monitor`. The
syntax to change your password is:
``set_password <protocol> <password>`` where <protocol> could be
either "vnc" or "spice".
and 'x509' settings to enable use of SSL and server
certificates. This ensures a data encryption preventing
compromise of authentication credentials. See the
- :ref:`vnc_005fsecurity` section for details on
- using SASL authentication.
+ :ref:`VNC security` section in the System Emulation Users Guide
+ for details on using SASL authentication.
``sasl-authz=ID``
Provides the ID of the QAuthZ authorization object against which
" [,sku=str]\n"
" specify SMBIOS type 3 fields\n"
"-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n"
- " [,asset=str][,part=str]\n"
+ " [,asset=str][,part=str][,max-speed=%d][,current-speed=%d]\n"
" specify SMBIOS type 4 fields\n"
+ "-smbios type=11[,value=str][,path=filename]\n"
+ " specify SMBIOS type 11 fields\n"
"-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n"
" [,asset=str][,part=str][,speed=%d]\n"
" specify SMBIOS type 17 fields\n",
``-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str]``
Specify SMBIOS type 4 fields
+``-smbios type=11[,value=str][,path=filename]``
+ Specify SMBIOS type 11 fields
+
+ This argument can be repeated multiple times, and values are added in the order they are parsed.
+ Applications intending to use OEM strings data are encouraged to use their application name as
+ a prefix for the value string. This facilitates passing information for multiple applications
+ concurrently.
+
+ The ``value=str`` syntax provides the string data inline, while the ``path=filename`` syntax
+ loads data from a file on disk. Note that the file is not permitted to contain any NUL bytes.
+
+ Both the ``value`` and ``path`` options can be repeated multiple times and will be added to
+ the SMBIOS table in the order in which they appear.
+
+ Note that on the x86 architecture, the total size of all SMBIOS tables is limited to 65535
+ bytes. Thus the OEM strings data is not suitable for passing large amounts of data into the
+ guest. Instead it should be used as a indicator to inform the guest where to locate the real
+ data set, for example, by specifying the serial ID of a block device.
+
+ An example passing three strings is
+
+ .. parsed-literal::
+
+ -smbios type=11,value=cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/,\\
+ value=anaconda:method=http://dl.fedoraproject.org/pub/fedora/linux/releases/25/x86_64/os,\\
+ path=/some/file/with/oemstringsdata.txt
+
+ In the guest OS this is visible with the ``dmidecode`` command
+
+ .. parsed-literal::
+
+ $ dmidecode -t 11
+ Handle 0x0E00, DMI type 11, 5 bytes
+ OEM Strings
+ String 1: cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/
+ String 2: anaconda:method=http://dl.fedoraproject.org/pub/fedora/linux/releases/25/x86_64/os
+ String 3: myapp:some extra data
+
+
``-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,speed=%d]``
Specify SMBIOS type 17 fields
ERST
.. parsed-literal::
- |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \
+ |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \\
-netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0
``smb=dir[,smbserver=addr]``
disable script execution.
If running QEMU as an unprivileged user, use the network helper
- helper to configure the TAP interface and attach it to the bridge.
+ to configure the TAP interface and attach it to the bridge.
The default network helper executable is
``/path/to/qemu-bridge-helper`` and the default bridge device is
``br0``.
#launch a QEMU instance with two NICs, each one connected
#to a TAP device
- |qemu_system| linux.img \
- -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \
+ |qemu_system| linux.img \\
+ -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \\
-netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1
.. parsed-literal::
#launch a QEMU instance with the default network helper to
#connect a TAP device to bridge br0
- |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \
+ |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
-netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper"
``-netdev bridge,id=id[,br=bridge][,helper=helper]``
.. parsed-literal::
# launch a first QEMU instance
- |qemu_system| linux.img \
- -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
-netdev socket,id=n1,listen=:1234
# connect the network of this instance to the network of the first instance
- |qemu_system| linux.img \
- -device e1000,netdev=n2,mac=52:54:00:12:34:57 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
-netdev socket,id=n2,connect=127.0.0.1:1234
``-netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]]``
.. parsed-literal::
# launch one QEMU instance
- |qemu_system| linux.img \
- -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
-netdev socket,id=n1,mcast=230.0.0.1:1234
# launch another QEMU instance on same "bus"
- |qemu_system| linux.img \
- -device e1000,netdev=n2,mac=52:54:00:12:34:57 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
-netdev socket,id=n2,mcast=230.0.0.1:1234
# launch yet another QEMU instance on same "bus"
- |qemu_system| linux.img \
- -device e1000,netdev=n3,mac=52:54:00:12:34:58 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n3,mac=52:54:00:12:34:58 \\
-netdev socket,id=n3,mcast=230.0.0.1:1234
Example (User Mode Linux compat.):
.. parsed-literal::
# launch QEMU instance (note mcast address selected is UML's default)
- |qemu_system| linux.img \
- -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
-netdev socket,id=n1,mcast=239.192.168.1:1102
# launch UML
/path/to/linux ubd0=/path/to/root_fs eth0=mcast
.. parsed-literal::
- |qemu_system| linux.img \
- -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
+ |qemu_system| linux.img \\
+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
-netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4
``-netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset]``
# Setup tunnel on linux host using raw ip as encapsulation
# on 1.2.3.4
- ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \
+ ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \\
encap udp udp_sport 16384 udp_dport 16384
- ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \
+ ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \\
0xFFFFFFFF peer_session_id 0xFFFFFFFF
ifconfig vmtunnel0 mtu 1500
ifconfig vmtunnel0 up
# on 4.3.2.1
# launch QEMU instance - if your network has reorder or is very lossy add ,pincounter
- |qemu_system| linux.img -device e1000,netdev=n1 \
+ |qemu_system| linux.img -device e1000,netdev=n1 \\
-netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter
``-netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]``
-serial chardev:char1
When you're using a multiplexed character device, some escape
- sequences are interpreted in the input. See :ref:`mux_005fkeys`.
+ sequences are interpreted in the input. See the chapter about
+ :ref:`keys in the character backend multiplexer` in the
+ System Emulation Users Guide for more details.
Note that some other command line options may implicitly create
multiplexed character backends; for instance ``-serial mon:stdio``
QEMU_ARCH_ALL)
SRST
``-gdb dev``
- Accept a gdb connection on device dev (see
- :ref:`gdb_005fusage`). Note that this option does not pause QEMU
+ Accept a gdb connection on device dev (see the :ref:`GDB usage` chapter
+ in the System Emulation Users Guide). Note that this option does not pause QEMU
execution -- if you want QEMU to not start the guest until you
connect with gdb and issue a ``continue`` command, you will need to
also pass the ``-S`` option to QEMU.
SRST
``-s``
Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234
- (see :ref:`gdb_005fusage`).
+ (see the :ref:`GDB usage` chapter in the System Emulation Users Guide).
ERST
DEF("d", HAS_ARG, QEMU_OPTION_d, \
Enable FIPS 140-2 compliance mode.
ERST
-HXCOMM Deprecated by -accel tcg
-DEF("no-kvm", 0, QEMU_OPTION_no_kvm, "", QEMU_ARCH_I386)
-
DEF("msg", HAS_ARG, QEMU_OPTION_msg,
"-msg [timestamp[=on|off]][,guest-name=[on|off]]\n"
" control error message format\n"
.. parsed-literal::
- # |qemu_system| \
- -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \
+ # |qemu_system| \\
+ -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \\
-fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0
``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=<id>][,insert=behind|before]``
stored. The file format is libpcap, so it can be analyzed with
tools such as tcpdump or Wireshark.
- ``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread=id[,vnet_hdr_support][,notify_dev=id][,compare_timeout=@var{ms}][,expired_scan_cycle=@var{ms}``
- Colo-compare gets packet from primary\_inchardevid and
- secondary\_inchardevid, than compare primary packet with
- secondary packet. If the packets are same, we will output
- primary packet to outdevchardevid, else we will notify
- colo-frame do checkpoint and send primary packet to
- outdevchardevid. In order to improve efficiency, we need to put
- the task of comparison in another thread. If it has the
- vnet\_hdr\_support flag, colo compare will send/recv packet with
- vnet\_hdr\_len. Then compare\_timeout=@var{ms} determines the
- maximum delay colo-compare wait for the packet.
- The expired\_scan\_cycle=@var{ms} to set the period of scanning
- expired primary node network packets.
- If you want to use Xen COLO, will need the notify\_dev to
+ ``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread=id[,vnet_hdr_support][,notify_dev=id][,compare_timeout=@var{ms}][,expired_scan_cycle=@var{ms}][,max_queue_size=@var{size}]``
+ Colo-compare gets packet from primary\_in chardevid and
+ secondary\_in, then compare whether the payload of primary packet
+ and secondary packet are the same. If same, it will output
+ primary packet to out\_dev, else it will notify COLO-framework to do
+ checkpoint and send primary packet to out\_dev. In order to
+ improve efficiency, we need to put the task of comparison in
+ another iothread. If it has the vnet\_hdr\_support flag,
+ colo compare will send/recv packet with vnet\_hdr\_len.
+ The compare\_timeout=@var{ms} determines the maximum time of the
+ colo-compare hold the packet. The expired\_scan\_cycle=@var{ms}
+ is to set the period of scanning expired primary node network packets.
+ The max\_queue\_size=@var{size} is to set the max compare queue
+ size depend on user environment.
+ If user want to use Xen COLO, need to add the notify\_dev to
notify Xen colo-frame to do checkpoint.
- we must use it with the help of filter-mirror and
- filter-redirector.
+ COLO-compare must be used with the help of filter-mirror,
+ filter-redirector and filter-rewriter.
::
.. parsed-literal::
- # |qemu_system| \
- [...] \
- -object cryptodev-backend-builtin,id=cryptodev0 \
- -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
+ # |qemu_system| \\
+ [...] \\
+ -object cryptodev-backend-builtin,id=cryptodev0 \\
+ -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
[...]
``-object cryptodev-vhost-user,id=id,chardev=chardevid[,queues=queues]``
.. parsed-literal::
- # |qemu_system| \
- [...] \
- -chardev socket,id=chardev0,path=/path/to/socket \
- -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \
- -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
+ # |qemu_system| \\
+ [...] \\
+ -chardev socket,id=chardev0,path=/path/to/socket \\
+ -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \\
+ -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
[...]
``-object secret,id=id,data=string,format=raw|base64[,keyid=secretid,iv=string]``
.. parsed-literal::
- # |qemu_system| \
- -object secret,id=secmaster0,format=base64,file=key.b64 \
- -object secret,id=sec0,keyid=secmaster0,format=base64,\
+ # |qemu_system| \\
+ -object secret,id=secmaster0,format=base64,file=key.b64 \\
+ -object secret,id=sec0,keyid=secmaster0,format=base64,\\
data=$SECRET,iv=$(<iv.b64)
``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file]``
.. parsed-literal::
- # |qemu_system_x86| \
- ......
- -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \
- -machine ...,memory-encryption=sev0
+ # |qemu_system_x86| \\
+ ...... \\
+ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \\
+ -machine ...,memory-encryption=sev0 \\
.....
``-object authz-simple,id=id,identity=string``
.. parsed-literal::
- # |qemu_system| \
- ...
- -object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB' \
+ # |qemu_system| \\
+ ... \\
+ -object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB' \\
...
Note the use of quotes due to the x509 distinguished name
.. parsed-literal::
- # |qemu_system| \
- ...
- -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes
+ # |qemu_system| \\
+ ... \\
+ -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\
...
``-object authz-pam,id=id,service=string``
.. parsed-literal::
- # |qemu_system| \
- ...
- -object authz-pam,id=auth0,service=qemu-vnc
+ # |qemu_system| \\
+ ... \\
+ -object authz-pam,id=auth0,service=qemu-vnc \\
...
There would then be a corresponding config file for PAM at