| 'virt' generic virtual platform (``virt``) |
| ========================================== |
| |
| The ``virt`` board is a platform which does not correspond to any |
| real hardware; it is designed for use in virtual machines. |
| It is the recommended board type if you simply want to run |
| a guest such as Linux and do not care about reproducing the |
| idiosyncrasies and limitations of a particular bit of real-world |
| hardware. |
| |
| This is a "versioned" board model, so as well as the ``virt`` machine |
| type itself (which may have improvements, bugfixes and other minor |
| changes between QEMU versions) a version is provided that guarantees |
| to have the same behaviour as that of previous QEMU releases, so |
| that VM migration will work between QEMU versions. For instance the |
| ``virt-5.0`` machine type will behave like the ``virt`` machine from |
| the QEMU 5.0 release, and migration should work between ``virt-5.0`` |
| of the 5.0 release and ``virt-5.0`` of the 5.1 release. Migration |
| is not guaranteed to work between different QEMU releases for |
| the non-versioned ``virt`` machine type. |
| |
| Supported devices |
| """"""""""""""""" |
| |
| The virt board supports: |
| |
| - PCI/PCIe devices |
| - Flash memory |
| - Either one or two PL011 UARTs for the NonSecure World |
| - An RTC |
| - The fw_cfg device that allows a guest to obtain data from QEMU |
| - A PL061 GPIO controller |
| - An optional SMMUv3 IOMMU |
| - hotpluggable DIMMs |
| - hotpluggable NVDIMMs |
| - An MSI controller (GICv2M or ITS). GICv2M is selected by default along |
| with GICv2. ITS is selected by default with GICv3 (>= virt-2.7). Note |
| that ITS is not modeled in TCG mode. |
| - 32 virtio-mmio transport devices |
| - running guests using the KVM accelerator on aarch64 hardware |
| - large amounts of RAM (at least 255GB, and more if using highmem) |
| - many CPUs (up to 512 if using a GICv3 and highmem) |
| - Secure-World-only devices if the CPU has TrustZone: |
| |
| - A second PL011 UART |
| - A second PL061 GPIO controller, with GPIO lines for triggering |
| a system reset or system poweroff |
| - A secure flash memory |
| - 16MB of secure RAM |
| |
| The second NonSecure UART only exists if a backend is configured |
| explicitly (e.g. with a second -serial command line option) and |
| TrustZone emulation is not enabled. |
| |
| Supported guest CPU types: |
| |
| - ``cortex-a7`` (32-bit) |
| - ``cortex-a15`` (32-bit; the default) |
| - ``cortex-a35`` (64-bit) |
| - ``cortex-a53`` (64-bit) |
| - ``cortex-a55`` (64-bit) |
| - ``cortex-a57`` (64-bit) |
| - ``cortex-a72`` (64-bit) |
| - ``cortex-a76`` (64-bit) |
| - ``cortex-a710`` (64-bit) |
| - ``a64fx`` (64-bit) |
| - ``host`` (with KVM only) |
| - ``neoverse-n1`` (64-bit) |
| - ``neoverse-v1`` (64-bit) |
| - ``neoverse-n2`` (64-bit) |
| - ``max`` (same as ``host`` for KVM; best possible emulation with TCG) |
| |
| Note that the default is ``cortex-a15``, so for an AArch64 guest you must |
| specify a CPU type. |
| |
| Also, please note that passing ``max`` CPU (i.e. ``-cpu max``) won't |
| enable all the CPU features for a given ``virt`` machine. Where a CPU |
| architectural feature requires support in both the CPU itself and in the |
| wider system (e.g. the MTE feature), it may not be enabled by default, |
| but instead requires a machine option to enable it. |
| |
| For example, MTE support must be enabled with ``-machine virt,mte=on``, |
| as well as by selecting an MTE-capable CPU (e.g., ``max``) with the |
| ``-cpu`` option. |
| |
| See the machine-specific options below, or check them for a given machine |
| by passing the ``help`` suboption, like: ``-machine virt-9.0,help``. |
| |
| Graphics output is available, but unlike the x86 PC machine types |
| there is no default display device enabled: you should select one from |
| the Display devices section of "-device help". The recommended option |
| is ``virtio-gpu-pci``; this is the only one which will work correctly |
| with KVM. You may also need to ensure your guest kernel is configured |
| with support for this; see below. |
| |
| Machine-specific options |
| """""""""""""""""""""""" |
| |
| The following machine-specific options are supported: |
| |
| secure |
| Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the |
| Arm Security Extensions (TrustZone). The default is ``off``. |
| |
| virtualization |
| Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the |
| Arm Virtualization Extensions. The default is ``off``. |
| |
| mte |
| Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the |
| Arm Memory Tagging Extensions. The default is ``off``. |
| |
| highmem |
| Set ``on``/``off`` to enable/disable placing devices and RAM in physical |
| address space above 32 bits. The default is ``on`` for machine types |
| later than ``virt-2.12`` when the CPU supports an address space |
| bigger than 32 bits (i.e. 64-bit CPUs, and 32-bit CPUs with the |
| Large Physical Address Extension (LPAE) feature). If you want to |
| boot a 32-bit kernel which does not have ``CONFIG_LPAE`` enabled on |
| a CPU type which implements LPAE, you will need to manually set |
| this to ``off``; otherwise some devices, such as the PCI controller, |
| will not be accessible. |
| |
| compact-highmem |
| Set ``on``/``off`` to enable/disable the compact layout for high memory regions. |
| The default is ``on`` for machine types later than ``virt-7.2``. |
| |
| highmem-redists |
| Set ``on``/``off`` to enable/disable the high memory region for GICv3 or |
| GICv4 redistributor. The default is ``on``. Setting this to ``off`` will |
| limit the maximum number of CPUs when GICv3 or GICv4 is used. |
| |
| highmem-ecam |
| Set ``on``/``off`` to enable/disable the high memory region for PCI ECAM. |
| The default is ``on`` for machine types later than ``virt-3.0``. |
| |
| highmem-mmio |
| Set ``on``/``off`` to enable/disable the high memory region for PCI MMIO. |
| The default is ``on``. |
| |
| gic-version |
| Specify the version of the Generic Interrupt Controller (GIC) to provide. |
| Valid values are: |
| |
| ``2`` |
| GICv2. Note that this limits the number of CPUs to 8. |
| ``3`` |
| GICv3. This allows up to 512 CPUs. |
| ``4`` |
| GICv4. Requires ``virtualization`` to be ``on``; allows up to 317 CPUs. |
| ``host`` |
| Use the same GIC version the host provides, when using KVM |
| ``max`` |
| Use the best GIC version possible (same as host when using KVM; |
| with TCG this is currently ``3`` if ``virtualization`` is ``off`` and |
| ``4`` if ``virtualization`` is ``on``, but this may change in future) |
| |
| its |
| Set ``on``/``off`` to enable/disable ITS instantiation. The default is ``on`` |
| for machine types later than ``virt-2.7``. |
| |
| iommu |
| Set the IOMMU type to create for the guest. Valid values are: |
| |
| ``none`` |
| Don't create an IOMMU (the default) |
| ``smmuv3`` |
| Create an SMMUv3 |
| |
| ras |
| Set ``on``/``off`` to enable/disable reporting host memory errors to a guest |
| using ACPI and guest external abort exceptions. The default is off. |
| |
| dtb-randomness |
| Set ``on``/``off`` to pass random seeds via the guest DTB |
| rng-seed and kaslr-seed nodes (in both "/chosen" and |
| "/secure-chosen") to use for features like the random number |
| generator and address space randomisation. The default is |
| ``on``. You will want to disable it if your trusted boot chain |
| will verify the DTB it is passed, since this option causes the |
| DTB to be non-deterministic. It would be the responsibility of |
| the firmware to come up with a seed and pass it on if it wants to. |
| |
| dtb-kaslr-seed |
| A deprecated synonym for dtb-randomness. |
| |
| Linux guest kernel configuration |
| """""""""""""""""""""""""""""""" |
| |
| The 'defconfig' for Linux arm and arm64 kernels should include the |
| right device drivers for virtio and the PCI controller; however some older |
| kernel versions, especially for 32-bit Arm, did not have everything |
| enabled by default. If you're not seeing PCI devices that you expect, |
| then check that your guest config has:: |
| |
| CONFIG_PCI=y |
| CONFIG_VIRTIO_PCI=y |
| CONFIG_PCI_HOST_GENERIC=y |
| |
| If you want to use the ``virtio-gpu-pci`` graphics device you will also |
| need:: |
| |
| CONFIG_DRM=y |
| CONFIG_DRM_VIRTIO_GPU=y |
| |
| Hardware configuration information for bare-metal programming |
| """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
| |
| The ``virt`` board automatically generates a device tree blob ("dtb") |
| which it passes to the guest. This provides information about the |
| addresses, interrupt lines and other configuration of the various devices |
| in the system. Guest code can rely on and hard-code the following |
| addresses: |
| |
| - Flash memory starts at address 0x0000_0000 |
| |
| - RAM starts at 0x4000_0000 |
| |
| All other information about device locations may change between |
| QEMU versions, so guest code must look in the DTB. |
| |
| QEMU supports two types of guest image boot for ``virt``, and |
| the way for the guest code to locate the dtb binary differs: |
| |
| - For guests using the Linux kernel boot protocol (this means any |
| non-ELF file passed to the QEMU ``-kernel`` option) the address |
| of the DTB is passed in a register (``r2`` for 32-bit guests, |
| or ``x0`` for 64-bit guests) |
| |
| - For guests booting as "bare-metal" (any other kind of boot), |
| the DTB is at the start of RAM (0x4000_0000) |