According to the QEMU user manual, I should be able to use the ,help to check the further info about an option.
From the sample command below, it seems pauth-impdef can be used to configure the -cpu max.
-cpu max,pauth-impdef=on
So I try to check what other configurations are available for -cpu max like below:
qemu-system-aarch64 -M virt -cpu max,help
But what I got is:
qemu-system-aarch64: Expected key=value format, found help.
This basically says nothing useful. So what should I do?
For Arm, the CPU feature options are documented on this page. The page also describes how to probe for supported feature names if you need to automate that.
I agree that it would be nice if 'help' worked on the -cpu option, so I've filed a wishlist bug about that.
We can use QMP (QEmu Monitor Protocol) commands to check a lot of things, including some available configuration entries.
For how to run QMP interactively, check:
https://wiki.qemu.org/Documentation/QMP
Related
I'm working on an i386 bootloader and I'm running it with QEMU on my Apple Silicon machine, and everything works just fine, except I can't debug it: GDB does not (yet?) work on AS and LLDB sternly refuses to load a raw binary. This starts up fine:
$ qemu-system-i386 -s -S -drive format=raw,file=boot.bin,media=disk,if=floppy -no-fd-bootchk
but this errors out:
$ lldb boot.bin
(lldb) target create "boot.bin"
error: '/Users/morpheu5/src/boots/cube/boot.bin' doesn't contain the architecture x86_64
and I also tried this, because well, it's supposed to be i386, not x86_64:
$ lldb --arch i386 boot.bin
(lldb) target create --arch=i386 "boot.bin"
error: '/Users/morpheu5/src/boots/cube/boot.bin' doesn't contain the architecture i386
but it didn't make much of a difference. The inline help is not greatly helpful and I am having zero success searching online.
Now, I have alternatives: bochs has an internal debugger but the text-based interface is a bit clunky and I can't even figure out how to pre-set certain breakpoints -- I like to break on 0x7c00 or otherwise I have to step through the entire BIOS code -- and I can't even run the gui debugger despite having configured it with display_library: sdl2, options=gui_debug. The other alternative is a Raspberry Pi in which I could probably use gdb but I haven't tried this out yet and it's a Zero so it's not even that powerful anyway -- not that I need it, but I'd rather keep my workflow smooth...
It seems clear that lldb isn't recognizing the binary's format so I'm wondering if there's a way of just asking it to disassemble it as a 32 bit binary and just roll with it the best it can. In the end, all I really need is a way of seeing what is in memory, in the registers, and in the stack.
Any ideas?
After a few weeks of experimentation, it doesn't look like lldb is a viable option, but Bochs' command-line debugger was somewhat useful. Shame I couldn't get the GUI to run on macOS.
brew install x86_64-elf-gdb
qemu-system-i386 -s -S result.bin
x86_64-elf-gdb -ex "target remote localhost:1234" -ex "set architecture i8086" -ex "set disassembly-flavor intel" ····
this works for me, but this don't use lldb.
I have been developing the OS for a prototype device using hardware. Unfortunately, it's a very manual and buggy process to flash the OS each time and then debug the issues.
I'd like to switch to developing the OS in QEMU, so that I can be sure that the OS is loading correctly before going through the faff of programming the device for real. This will come in handy later for Continuous Integration work.
I have a full copy of the NVM device that is generated from my build process. This is a known working image I'd like to run in QEMU as a start point. This is ready to then be JTAG'd onto the device. The partition layout is:
P0 - loader - Flash of IDBLoader from rockchip loader binaries
P1 - Uboot - Flash of Uboot
P2 - trust - Flash of Trust image for rockchip specific loader
P3 - / - Root partition with Debian based image and packages required for application
P4 - data partition - Application Data
I have not changed anything with the Rockchip partitions (P0 - P2) apart from the serial console settings. When trying to boot the image though, nothing happens. There is no output at all, but the VM shows as still running. I use the following command to run it:
qemu-system-aarch64 -machine virt -cpu cortex-a53 \
-kernel u-boot-nodtb.bin \
-drive format=raw,file=image.img \
-boot c -serial stdio
I have no error information to go on to understand what is going on with it, where can I get more information or debug?
QEMU cannot not emulate arbitrary hardware. You will have to compile U-Boot to match the hardware that QEMU emulates, e.g. using make qemu_arm64_defconfig. The OS must also provide drivers for QEMU's emulated hardware.
If you want to emulate the complete hardware to debug drivers, Renode (https://renode.io/) is a good choice.
For anyone else trying to figure this out, I found good resources here:
https://translatedcode.wordpress.com/2017/07/24/installing-debian-on-qemus-64-bit-arm-virt-board/
and
https://azeria-labs.com/emulate-raspberry-pi-with-qemu/
Looking at the information though, you need to extract the kernel from your image and provide that to the qemu command line as an argument. You'll also need to append an argument telling the system which partition to use as a root drive.
My final command line for starting the machine looks like this:
qemu-system-aarch64 -machine virt -cpu cortex-a53 \
-drive format=raw,file=image.img,id=hd \
-boot c -serial stdio
-kernel <kernelextracted> -append "root=fe04"
Different Arm boards can be significantly different from one another in where they put their hardware, including where they put basic hardware required for bootup (UART, RAM, interrupt controller, etc). It is therefore pretty much expected that if you take a piece of low-level software like u-boot or a Linux kernel that was compiled to run on one board and try to run it on a different one that it will fail to boot. Generally it won't be able to output anything because it won't even have been able to find the UART. (Linux kernels can be compiled to be generic and include drivers for a wider variety of hardware, so if you have that sort of kernel it can be booted on a different board type: it will use a device tree blob, provided either by you or autogenerated by QEMU for the 'virt' board, to figure out what hardware it's running on and adapt to it. But kernels compiled for a specific embedded target are often built with only the device drivers they need, and that kind of kernel can't boot on a different system.)
There are broadly speaking two paths you can take:
(1) build the guest for the board you're emulating (here the 'virt' one). u-boot and Linux both have support for QEMU's 'virt' board. This may or may not be useful for what you're trying to do -- you would be able to test any userspace level code that doesn't care what hardware it runs on, but obviously not anything that's specific to the real hardware you're targeting.
(2) In theory you could add emulation support to QEMU for the hardware you're trying to run on. However this is generally a fair amount of work and isn't trivial if you're not already familiar with QEMU internals. I usually ballpark estimate it as "about as much work as it would take to port the kernel to the hardware"; though it depends a bit on how much functionality you/your guest need to have working, and whether QEMU already has a model of the SoC your hardware is using.
To answer the general "what's the best way to debug a guest image that doesn't boot", the best thing is usually to connect an arm-aware gdb to QEMU's gdbstub. This gives you debug access broadly similar to a JTAG debug connection to real hardware and is probably sufficient to let you find out where the guest is crashing. QEMU also has some debug logging options under the '-d' option, although the logging is partially intended to assist in debugging problems within QEMU itself and can be a bit tricky to interpret.
I found in QEMU NIOS IP https://wiki.qemu.org/Documentation/Platforms/Nios2
I have downloaded intel tool chain from their website : https://www.intel.com/content/www/us/en/programmable/products/boards_and_kits/dev-kits/altera/kit-niosii-2s60.html
I have few questions:
Is the NIOS2 in QEMU IP matching intel’s NIOS IP ?
What is the toolchain you use to compile and run it in QEMU ? Is it same tool-chain as provided by intel’s website ?
How to general Firmware code and run it on NIOS over QEMU. In the Wiki it says:
qemu-system-nios2 -M 10m50-ghrd -kernel -dtb -nographic
How to generate dtb file for it?
Do we need to take products created by the quartos/EDS for the running of the QEMU, other from the compiled binary? (DTB - board specification?)
Do we need to run it with specific QEMU parameters/arguments ?
Do you have code examples for NIOS using its peripherals?
Basically, I didn’t find any documentations/examples about how to use the NIOS2 in QEMU. Can you help with some additional info ?
Even some basic “hello would” (compile and run in QEMU) would be great…
UPDATE: the most up-to-date answer to this question may be to analyse the linux console nios test at https://gitlab.com/qemu-project/qemu/-/blob/master/tests/acceptance/boot_linux_console.py#L1029 (or of course contact a maintainer). The kernel image from advent calendar 2018 day 14 runs great. It looks like it can all be done with buildroot.
My comments started bearing fruit, so I'll try to put a partial answer together. I haven't gotten this to work yet, but maybe this can be helpful to others who might work farther.
NOTE: If you just want to run a single nios2 binary, you can pass it straight to qemu-nios2. qemu-system-nios2 is for running linux.
I believe the qemu behavior is functionality rather than intellectual property. It would be a bug if it mismatched. I do not know whether it does. Mentioning IP here, please remember that open source projects are generally run by a handful of vulnerable caring devs who usually have no legal team if ownership of intellectual property is challenged. If there's an issue, it would be polite to refer the concerning party to https://eff.org/ who often legally represents such things.
I expect that any nios2 toolchain works. Here's a toolchain from a quick internet search that led me to bootlin.com. Appears to include instructions on how to duplicate it from source.
See 4
Here is what I have so far for firmware generation:
# set up a toolchain (note: this old step is redundant with buildroot, lower down, which also installs a toolchain and even builds a kernel if asked)
wget https://toolchains.bootlin.com/downloads/releases/toolchains/nios2/tarballs/nios2--glibc--stable-2020.08-1.tar.bz2
tar -jxvf nios2--glibc--stable-2020.08-1.tar.bz2
# get kernel sources (pass --depth 1 to speed up)
git clone https://github.com/altera-opensource/linux-socfpga.git
# build kernel and device tree
cd linux-socfpga
make ARCH=nios2 CROSS_COMPILE=$(pwd)/../nios2--glibc--stable-2020.08-1/bin/nios2-linux- 10m50_defconfig 10m50_devboard.dtb vmlinux -j5
cd ..
# kernel is now at linux-socfpga/vmlinux
# device tree is now at linux-socfpga/arch/nios2/boot/dts/10m50_devboard.dtb
# set up buildroot to build a root image
git clone https://github.com/buildroot/buildroot.git
cd buildroot
# configure for qemu nios2
make qemu_nios2_10m50_defconfig
# build root image
PERL_MM_OPT= LDFLAGS= CPPFLAGS= LD_LIBRARY_PATH= make
cd ..
# rootfs images are now in buildroot/output/images/
I'm afraid I'm just a visitor and I don't know who quartos/eds are or what compiled binary you are referring to.
The qemu command line appears to be qemu-system-nios2 -M <machine> -kernel <kernel file> -dtb <dtb file> <rootfs image file>. The example machine is 10m50-ghrd which we built the kernel for above, and this may be the only one.
not yet! i'll try to update this answer if i get farther. feel free to edit it if you get farther.
First, some background:
I suppose I've found a bug with KVM, at least on my system.
When I try to install Windows XP via virt-manager, the installer aborts/reboots.
But if I run a raw qemu-system-i386 command (see below), it succeeds.
From looking at the logs in /var/log/libvirt/qemu/..., the key difference is the "accel=kvm" argument (equivalent to -enable-kvm).
So, narrowing it down, this command succeeds:
qemu-system-i386 \
-m 512 \
-usb \
-cdrom path/to/WinXP_CD.iso \
-boot d \
"$image"
But this next command results in an infinite series of reboots. The XP installer starts, but after scanning the system, just reboots rather than proceeding:
qemu-system-i386 \
-enable-kvm \
-m 512 \
-usb \
-cdrom path/to/WinXP_CD.iso \
-boot d \
"$image"
Perhaps you don't believe I have KVM working properly on my system.
But, I can install other OSes (eg: FreeBSD) using KVM just fine. This seems to be XP-specific.
So now, my questions:
How do I force libvirt to NOT use KVM for a chosen VM? Ideally via virt-manager, but I'm fine with virsh too.
I imagine somewhere in the mess of XML is some setting, but I'm not terribly familiar.
aside: any idea where I should log this bug? Against KVM? Libvirt? QEMU?
Well, I managed to hack around this, but I'm sure there's a more pretty way.
Basically, that -enable-kvm option corresponds to the type="kvm" value in your domain XML file. See libvirt documentation.
But there seems to be no way to change this from virt-manager. I'm not familiar enough with virsh yet to do it that way either. So, I just manually edited my XML file like so:
$ sudoedit /etc/libvirt/qemu/myxp.xml
I did this while virt-manager was closed.
When I opened it, the setting did not seem to stick. For some reason, I seemed to need to run:
$ sudo virsh define /etc/libvirt/qemu/myxp.xml
to get it to stick.
Anyway, after that little dance, then in virt-manager, in the `Overview' tab for my VM, it says "Hypervisor: QEMU TCG", where it had "KVM" before.
And now, the XP installer works!
Again, probably a better way, but good enough for now.
Presumably, performance will be poorer with KVM disabled. I still don't know who to send a bug, or whether this is a QEMU or KVM issue, at its core.
You can change
<domain type="kvm">
to
<domain type="qemu">
as as stated in the documentation.
To edit xml of VM in virt-manager you should activate xml editing in parameters and press "xml" tab.
I am trying to use the qemu-system-arm.exe on Windows 10 to simulate an ARM environment.
I use below command to disable serial and graphic:
qemu-system-arm -machine versatilepb -kernel t.bin -nographic -serial
none
I set the -serial none because my t.bin doesn't touch the serial port of the QEMU virtual machine. So there should be no data on the serial line.
But when I type commands in the (qemu) prompt, it contains many unexpected control characters. Though the command seems still working.
QEMU 4.0.95 monitor - type 'help' for more information
(qemu) h[K[Dhe[K[D[Dhel[K[D[D[Dhelp[K
I also tried to use com0com to create a pair of virtual serial ports. And connect them as below.
But both ends show nothing as I type commands. I guess it was due to incorrect baud rate. So I tried a few but still no luck. As said above, I think the serial line is quite because there's serial communication happening.
I launched qemu the same way on Linux, the (qemu) prompt works perfect. Only Windows has such mess characters.
So how to redirect (qemu) output to Windows cmd console properly? I just want to check some machine states.
(Well, this is just a work around...)
I launch exactly the same command within a Cygwin shell, the mess characters disappear now...
ANSI support is missing in the Windows command console (before Windows 10 Terminal app).
Your com0com solution works just fine, at least for me (QEMU on Windows 8.1 emulating Debian MIPS).
All I had to do was to add the following, and then connect with PuTTY to COM9:
-chardev tty,path=COM8,id=hostcom8 -device pci-serial,chardev=hostcom8 -append "console=ttyS2" (I had ttyS0 and ttyS1 virtual serial ports)