QEMU

= Introduction=

QEMU is a generic and open source machine emulator and virtualizer, originally developed by Fabrice Bellard.

When used as a machine emulator, QEMU can run OSes and programs made for one machine (e.g. an ARM board) on a different machine (e.g. your own PC). By using dynamic translation, it achieves very good performances.

When used as a virtualizer, QEMU achieves near native performances by executing the guest code directly on the host CPU. A host driver called the QEMU accelerator (also known as KQEMU) is needed in this case. The virtualizer mode requires that both the host and guest machine use x86 compatible processors.

Qemu project web site

= Use in embedded projects = QEMU is increasingly used to provide an emulator for embedded processors, for testing embedded Linux without the need for actual hardware.

The Embedded Linux From Scratch presentation by Michael Opdenacker has great information about setting up QEMU with embedded Linux.

Also, Firmware Linux uses QEMU as part of a "native" build environment to eliminate cross-compilation problems when building for Embedded Linux distributions for non-X86 platforms.

= Supported architectures =

The following architectures are supported as target architectures for system emulation:


 * x86
 * ARM (ARM Integrator/CP, ARM Versatile, ARM Realview, X-Scale based PDAs, Palm Tungsten, Nokia N800/N810 tablets, Luminary boards, etc.)
 * Sparc32 and Sparc64
 * PowerPC
 * MIPS
 * Coldfire

Support for new boards or new peripherals can added relatively easily in Qemu, the APIs being quite simple to understand and use.

= Resources =
 * QEMU Emulator User Documentation
 * QEMU Internals (broken link --Klausfpga 16:48, 14 May 2009 (UTC) )
 * QEMU Accelerator Technical Documentation
 * Building an embedded Linux system emulator using Qemu
 * QEMU for OMAP3 (BeagleBoard)

= Some quick useful tips =

How to build a rootfs.img
Here are the steps for building a rootfs.img, assuming you busybox built on your host, for the target archictecture: mkdir /mnt/rootfs mount -o loop rootfs.img /mnt/rootfs rsync -a busybox/_install/ /mnt/rootfs chown -R root:root /mnt/rootfs/ sync umount

Some sample command lines
I got these from Rob Landley at OLS 2008:

qemu -kernel linux-2.6.26/arch/i386/boot/bzImage -hda rootfs.img -append "console=ttyS0 root=/dev/hda" -nographic

qemu -kernel linux-2.6.26/arch/i386/boot/bzImage -hda rootfs.img -append "console=ttyS0 root=/dev/hda init=/bin/ash" -nographic

qemu -kernel linux-2.6.26/arch/i386/boot/bzImage -hda rootfs.img -append "console=ttyS0 root=/dev/hda panic=1" -nographic -no-reboot

killall qemu

Interesting options

 * -kernel = specify the kernel image to use for booting
 * -hda = specify
 * -nographic = don't use graphics, and redirect serial I/O to console
 * -no-reboot = exit instead of rebooting