Provided by: qemu-system-common_2.5+dfsg-5ubuntu10.51_amd64
NAME
qemu-doc - QEMU Emulator User Documentation
SYNOPSIS
usage: qemu-system-i386 [options] [disk_image]
DESCRIPTION
The QEMU PC System emulator simulates the following peripherals: - i440FX host PCI bridge and PIIX3 PCI to ISA bridge - Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA extensions (hardware level, including all non standard modes). - PS/2 mouse and keyboard - 2 PCI IDE interfaces with hard disk and CD-ROM support - Floppy disk - PCI and ISA network adapters - Serial ports - Creative SoundBlaster 16 sound card - ENSONIQ AudioPCI ES1370 sound card - Intel 82801AA AC97 Audio compatible sound card - Intel HD Audio Controller and HDA codec - Adlib (OPL2) - Yamaha YM3812 compatible chip - Gravis Ultrasound GF1 sound card - CS4231A compatible sound card - PCI UHCI USB controller and a virtual USB hub. SMP is supported with up to 255 CPUs. QEMU uses the PC BIOS from the Seabios project and the Plex86/Bochs LGPL VGA BIOS. QEMU uses YM3812 emulation by Tatsuyuki Satoh. QEMU uses GUS emulation (GUSEMU32 <http://www.deinmeister.de/gusemu/>) by Tibor "TS" Schütz. Note that, by default, GUS shares IRQ(7) with parallel ports and so QEMU must be told to not have parallel ports to have working GUS. qemu-system-i386 dos.img -soundhw gus -parallel none Alternatively: qemu-system-i386 dos.img -device gus,irq=5 Or some other unclaimed IRQ. CS4231A is the chip used in Windows Sound System and GUSMAX products
OPTIONS
disk_image is a raw hard disk image for IDE hard disk 0. Some targets do not need a disk image. Standard options: -h Display help and exit -version Display version information and exit -machine [type=]name[,prop=value[,...]] Select the emulated machine by name. Use "-machine help" to list available machines. Supported machine properties are: accel=accels1[:accels2[:...]] This is used to enable an accelerator. Depending on the target architecture, kvm, xen, or tcg can be available. By default, tcg is used. If there is more than one accelerator specified, the next one is used if the previous one fails to initialize. kernel_irqchip=on|off Enables in-kernel irqchip support for the chosen accelerator when available. gfx_passthru=on|off Enables IGD GFX passthrough support for the chosen machine when available. vmport=on|off|auto Enables emulation of VMWare IO port, for vmmouse etc. auto says to select the value based on accel. For accel=xen the default is off otherwise the default is on. kvm_shadow_mem=size Defines the size of the KVM shadow MMU. dump-guest-core=on|off Include guest memory in a core dump. The default is on. mem-merge=on|off Enables or disables memory merge support. This feature, when supported by the host, de-duplicates identical memory pages among VMs instances (enabled by default). iommu=on|off Enables or disables emulated Intel IOMMU (VT-d) support. The default is off. aes-key-wrap=on|off Enables or disables AES key wrapping support on s390-ccw hosts. This feature controls whether AES wrapping keys will be created to allow execution of AES cryptographic functions. The default is on. dea-key-wrap=on|off Enables or disables DEA key wrapping support on s390-ccw hosts. This feature controls whether DEA wrapping keys will be created to allow execution of DEA cryptographic functions. The default is on. -cpu model Select CPU model ("-cpu help" for list and additional feature selection) -smp [cpus=]n[,cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus] Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs to 4. For the PC target, the number of cores per socket, the number of threads per cores and the total number of sockets can be specified. Missing values will be computed. If any on the three values is given, the total number of CPUs n can be omitted. maxcpus specifies the maximum number of hotpluggable CPUs. -numa node[,mem=size][,cpus=cpu[-cpu]][,nodeid=node] -numa node[,memdev=id][,cpus=cpu[-cpu]][,nodeid=node] Simulate a multi node NUMA system. If mem, memdev and cpus are omitted, resources are split equally. Also, note that the -numa option doesn't allocate any of the specified resources. That is, it just assigns existing resources to NUMA nodes. This means that one still has to use the -m, -smp options to allocate RAM and VCPUs respectively, and possibly -object to specify the memory backend for the memdev suboption. mem and memdev are mutually exclusive. Furthermore, if one node uses memdev, all of them have to use it. -add-fd fd=fd,set=set[,opaque=opaque] Add a file descriptor to an fd set. Valid options are: fd=fd This option defines the file descriptor of which a duplicate is added to fd set. The file descriptor cannot be stdin, stdout, or stderr. set=set This option defines the ID of the fd set to add the file descriptor to. opaque=opaque This option defines a free-form string that can be used to describe fd. You can open an image using pre-opened file descriptors from an fd set: qemu-system-i386 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" -drive file=/dev/fdset/2,index=0,media=disk -set group.id.arg=value Set parameter arg for item id of type group " -global driver.prop=value -global driver=driver,property=property,value=value Set default value of driver's property prop to value, e.g.: qemu-system-i386 -global ide-drive.physical_block_size=4096 -drive file=file,if=ide,index=0,media=disk In particular, you can use this to set driver properties for devices which are created automatically by the machine model. To create a device which is not created automatically and set properties on it, use -device. -global driver.prop=value is shorthand for -global driver=driver,property=prop,value=value. The longhand syntax works even when driver contains a dot. -boot [order=drives][,once=drives][,menu=on|off][,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_timeout][,strict=on|off] Specify boot order drives as a string of drive letters. Valid drive letters depend on the target architecture. The x86 PC uses: a, b (floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p (Etherboot from network adapter 1-4), hard disk boot is the default. To apply a particular boot order only on the first startup, specify it via once. Interactive boot menus/prompts can be enabled via menu=on as far as firmware/BIOS supports them. The default is non-interactive boot. A splash picture could be passed to bios, enabling user to show it as logo, when option splash=sp_name is given and menu=on, If firmware/BIOS supports them. Currently Seabios for X86 system support it. limitation: The splash file could be a jpeg file or a BMP file in 24 BPP format(true color). The resolution should be supported by the SVGA mode, so the recommended is 320x240, 640x480, 800x640. A timeout could be passed to bios, guest will pause for rb_timeout ms when boot failed, then reboot. If rb_timeout is '-1', guest will not reboot, qemu passes '-1' to bios by default. Currently Seabios for X86 system support it. Do strict boot via strict=on as far as firmware/BIOS supports it. This only effects when boot priority is changed by bootindex options. The default is non-strict boot. # try to boot from network first, then from hard disk qemu-system-i386 -boot order=nc # boot from CD-ROM first, switch back to default order after reboot qemu-system-i386 -boot once=d # boot with a splash picture for 5 seconds. qemu-system-i386 -boot menu=on,splash=/root/boot.bmp,splash-time=5000 Note: The legacy format '-boot drives' is still supported but its use is discouraged as it may be removed from future versions. -m [size=]megs[,slots=n,maxmem=size] Sets guest startup RAM size to megs megabytes. Default is 128 MiB. Optionally, a suffix of "M" or "G" can be used to signify a value in megabytes or gigabytes respectively. Optional pair slots, maxmem could be used to set amount of hotpluggable memory slots and maximum amount of memory. Note that maxmem must be aligned to the page size. For example, the following command-line sets the guest startup RAM size to 1GB, creates 3 slots to hotplug additional memory and sets the maximum memory the guest can reach to 4GB: qemu-system-x86_64 -m 1G,slots=3,maxmem=4G If slots and maxmem are not specified, memory hotplug won't be enabled and the guest startup RAM will never increase. -mem-path path Allocate guest RAM from a temporarily created file in path. -mem-prealloc Preallocate memory when using -mem-path. -k language Use keyboard layout language (for example "fr" for French). This option is only needed where it is not easy to get raw PC keycodes (e.g. on Macs, with some X11 servers or with a VNC display). You don't normally need to use it on PC/Linux or PC/Windows hosts. The available layouts are: ar de-ch es fo fr-ca hu ja mk no pt-br sv da en-gb et fr fr-ch is lt nl pl ru th de en-us fi fr-be hr it lv nl-be pt sl tr The default is "en-us". -audio-help Will show the audio subsystem help: list of drivers, tunable parameters. -soundhw card1[,card2,...] or -soundhw all Enable audio and selected sound hardware. Use 'help' to print all available sound hardware. qemu-system-i386 -soundhw sb16,adlib disk.img qemu-system-i386 -soundhw es1370 disk.img qemu-system-i386 -soundhw ac97 disk.img qemu-system-i386 -soundhw hda disk.img qemu-system-i386 -soundhw all disk.img qemu-system-i386 -soundhw help Note that Linux's i810_audio OSS kernel (for AC97) module might require manually specifying clocking. modprobe i810_audio clocking=48000 -balloon none Disable balloon device. -balloon virtio[,addr=addr] Enable virtio balloon device (default), optionally with PCI address addr. -device driver[,prop[=value][,...]] Add device driver. prop=value sets driver properties. Valid properties depend on the driver. To get help on possible drivers and properties, use "-device help" and "-device driver,help". -name name Sets the name of the guest. This name will be displayed in the SDL window caption. The name will also be used for the VNC server. Also optionally set the top visible process name in Linux. Naming of individual threads can also be enabled on Linux to aid debugging. -uuid uuid Set system UUID. Block device options: -fda file -fdb file Use file as floppy disk 0/1 image. -hda file -hdb file -hdc file -hdd file Use file as hard disk 0, 1, 2 or 3 image. -cdrom file Use file as CD-ROM image (you cannot use -hdc and -cdrom at the same time). You can use the host CD-ROM by using /dev/cdrom as filename. -drive option[,option[,option[,...]]] Define a new drive. Valid options are: file=file This option defines which disk image to use with this drive. If the filename contains comma, you must double it (for instance, "file=my,,file" to use file "my,file"). Special files such as iSCSI devices can be specified using protocol specific URLs. See the section for "Device URL Syntax" for more information. if=interface This option defines on which type on interface the drive is connected. Available types are: ide, scsi, sd, mtd, floppy, pflash, virtio. bus=bus,unit=unit These options define where is connected the drive by defining the bus number and the unit id. index=index This option defines where is connected the drive by using an index in the list of available connectors of a given interface type. media=media This option defines the type of the media: disk or cdrom. cyls=c,heads=h,secs=s[,trans=t] These options have the same definition as they have in -hdachs. snapshot=snapshot snapshot is "on" or "off" and controls snapshot mode for the given drive (see -snapshot). cache=cache cache is "none", "writeback", "unsafe", "directsync" or "writethrough" and controls how the host cache is used to access block data. aio=aio aio is "threads", or "native" and selects between pthread based disk I/O and native Linux AIO. discard=discard discard is one of "ignore" (or "off") or "unmap" (or "on") and controls whether discard (also known as trim or unmap) requests are ignored or passed to the filesystem. Some machine types may not support discard requests. format=format Specify which disk format will be used rather than detecting the format. Can be used to specifiy format=raw to avoid interpreting an untrusted format header. serial=serial This option specifies the serial number to assign to the device. addr=addr Specify the controller's PCI address (if=virtio only). werror=action,rerror=action Specify which action to take on write and read errors. Valid actions are: "ignore" (ignore the error and try to continue), "stop" (pause QEMU), "report" (report the error to the guest), "enospc" (pause QEMU only if the host disk is full; report the error to the guest otherwise). The default setting is werror=enospc and rerror=report. readonly Open drive file as read-only. Guest write attempts will fail. copy-on-read=copy-on-read copy-on-read is "on" or "off" and enables whether to copy read backing file sectors into the image file. detect-zeroes=detect-zeroes detect-zeroes is "off", "on" or "unmap" and enables the automatic conversion of plain zero writes by the OS to driver specific optimized zero write commands. You may even choose "unmap" if discard is set to "unmap" to allow a zero write to be converted to an UNMAP operation. By default, the cache=writeback mode is used. It will report data writes as completed as soon as the data is present in the host page cache. This is safe as long as your guest OS makes sure to correctly flush disk caches where needed. If your guest OS does not handle volatile disk write caches correctly and your host crashes or loses power, then the guest may experience data corruption. For such guests, you should consider using cache=writethrough. This means that the host page cache will be used to read and write data, but write notification will be sent to the guest only after QEMU has made sure to flush each write to the disk. Be aware that this has a major impact on performance. The host page cache can be avoided entirely with cache=none. This will attempt to do disk IO directly to the guest's memory. QEMU may still perform an internal copy of the data. Note that this is considered a writeback mode and the guest OS must handle the disk write cache correctly in order to avoid data corruption on host crashes. The host page cache can be avoided while only sending write notifications to the guest when the data has been flushed to the disk using cache=directsync. In case you don't care about data integrity over host failures, use cache=unsafe. This option tells QEMU that it never needs to write any data to the disk but can instead keep things in cache. If anything goes wrong, like your host losing power, the disk storage getting disconnected accidentally, etc. your image will most probably be rendered unusable. When using the -snapshot option, unsafe caching is always used. Copy-on-read avoids accessing the same backing file sectors repeatedly and is useful when the backing file is over a slow network. By default copy-on-read is off. Instead of -cdrom you can use: qemu-system-i386 -drive file=file,index=2,media=cdrom Instead of -hda, -hdb, -hdc, -hdd, you can use: qemu-system-i386 -drive file=file,index=0,media=disk qemu-system-i386 -drive file=file,index=1,media=disk qemu-system-i386 -drive file=file,index=2,media=disk qemu-system-i386 -drive file=file,index=3,media=disk You can open an image using pre-opened file descriptors from an fd set: qemu-system-i386 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" -drive file=/dev/fdset/2,index=0,media=disk You can connect a CDROM to the slave of ide0: qemu-system-i386 -drive file=file,if=ide,index=1,media=cdrom If you don't specify the "file=" argument, you define an empty drive: qemu-system-i386 -drive if=ide,index=1,media=cdrom You can connect a SCSI disk with unit ID 6 on the bus #0: qemu-system-i386 -drive file=file,if=scsi,bus=0,unit=6 Instead of -fda, -fdb, you can use: qemu-system-i386 -drive file=file,index=0,if=floppy qemu-system-i386 -drive file=file,index=1,if=floppy By default, interface is "ide" and index is automatically incremented: qemu-system-i386 -drive file=a -drive file=b" is interpreted like: qemu-system-i386 -hda a -hdb b -mtdblock file Use file as on-board Flash memory image. -sd file Use file as SecureDigital card image. -pflash file Use file as a parallel flash image. -snapshot Write to temporary files instead of disk image files. In this case, the raw disk image you use is not written back. You can however force the write back by pressing C-a s. -hdachs c,h,s,[,t] Force hard disk 0 physical geometry (1 <= c <= 16383, 1 <= h <= 16, 1 <= s <= 63) and optionally force the BIOS translation mode (t=none, lba or auto). Usually QEMU can guess all those parameters. This option is useful for old MS-DOS disk images. -fsdev fsdriver,id=id,path=path,[security_model=security_model][,writeout=writeout][,readonly][,socket=socket|sock_fd=sock_fd] Define a new file system device. Valid options are: fsdriver This option specifies the fs driver backend to use. Currently "local", "handle" and "proxy" file system drivers are supported. id=id Specifies identifier for this device path=path Specifies the export path for the file system device. Files under this path will be available to the 9p client on the guest. security_model=security_model Specifies the security model to be used for this export path. Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". In "passthrough" security model, files are stored using the same credentials as they are created on the guest. This requires QEMU to run as root. In "mapped-xattr" security model, some of the file attributes like uid, gid, mode bits and link target are stored as file attributes. For "mapped-file" these attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools. "none" security model is same as passthrough except the sever won't report failures if it fails to set file attributes like ownership. Security model is mandatory only for local fsdriver. Other fsdrivers (like handle, proxy) don't take security model as a parameter. writeout=writeout This is an optional argument. The only supported value is "immediate". This means that host page cache will be used to read and write data but write notification will be sent to the guest only when the data has been reported as written by the storage subsystem. readonly Enables exporting 9p share as a readonly mount for guests. By default read-write access is given. socket=socket Enables proxy filesystem driver to use passed socket file for communicating with virtfs-proxy-helper sock_fd=sock_fd Enables proxy filesystem driver to use passed socket descriptor for communicating with virtfs-proxy-helper. Usually a helper like libvirt will create socketpair and pass one of the fds as sock_fd -fsdev option is used along with -device driver "virtio-9p-pci". -device virtio-9p-pci,fsdev=id,mount_tag=mount_tag Options for virtio-9p-pci driver are: fsdev=id Specifies the id value specified along with -fsdev option mount_tag=mount_tag Specifies the tag name to be used by the guest to mount this export point -virtfs fsdriver[,path=path],mount_tag=mount_tag[,security_model=security_model][,writeout=writeout][,readonly][,socket=socket|sock_fd=sock_fd] The general form of a Virtual File system pass-through options are: fsdriver This option specifies the fs driver backend to use. Currently "local", "handle" and "proxy" file system drivers are supported. id=id Specifies identifier for this device path=path Specifies the export path for the file system device. Files under this path will be available to the 9p client on the guest. security_model=security_model Specifies the security model to be used for this export path. Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". In "passthrough" security model, files are stored using the same credentials as they are created on the guest. This requires QEMU to run as root. In "mapped-xattr" security model, some of the file attributes like uid, gid, mode bits and link target are stored as file attributes. For "mapped-file" these attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools. "none" security model is same as passthrough except the sever won't report failures if it fails to set file attributes like ownership. Security model is mandatory only for local fsdriver. Other fsdrivers (like handle, proxy) don't take security model as a parameter. writeout=writeout This is an optional argument. The only supported value is "immediate". This means that host page cache will be used to read and write data but write notification will be sent to the guest only when the data has been reported as written by the storage subsystem. readonly Enables exporting 9p share as a readonly mount for guests. By default read-write access is given. socket=socket Enables proxy filesystem driver to use passed socket file for communicating with virtfs-proxy-helper. Usually a helper like libvirt will create socketpair and pass one of the fds as sock_fd sock_fd Enables proxy filesystem driver to use passed 'sock_fd' as the socket descriptor for interfacing with virtfs-proxy-helper -virtfs_synth Create synthetic file system image USB options: -usb Enable the USB driver (will be the default soon) -usbdevice devname Add the USB device devname. mouse Virtual Mouse. This will override the PS/2 mouse emulation when activated. tablet Pointer device that uses absolute coordinates (like a touchscreen). This means QEMU is able to report the mouse position without having to grab the mouse. Also overrides the PS/2 mouse emulation when activated. disk:[format=format]:file Mass storage device based on file. The optional format argument will be used rather than detecting the format. Can be used to specifiy "format=raw" to avoid interpreting an untrusted format header. host:bus.addr Pass through the host device identified by bus.addr (Linux only). host:vendor_id:product_id Pass through the host device identified by vendor_id:product_id (Linux only). serial:[vendorid=vendor_id][,productid=product_id]:dev Serial converter to host character device dev, see "-serial" for the available devices. braille Braille device. This will use BrlAPI to display the braille output on a real or fake device. net:options Network adapter that supports CDC ethernet and RNDIS protocols. Display options: -display type Select type of display to use. This option is a replacement for the old style -sdl/-curses/... options. Valid values for type are sdl Display video output via SDL (usually in a separate graphics window; see the SDL documentation for other possibilities). curses Display video output via curses. For graphics device models which support a text mode, QEMU can display this output using a curses/ncurses interface. Nothing is displayed when the graphics device is in graphical mode or if the graphics device does not support a text mode. Generally only the VGA device models support text mode. none Do not display video output. The guest will still see an emulated graphics card, but its output will not be displayed to the QEMU user. This option differs from the -nographic option in that it only affects what is done with video output; -nographic also changes the destination of the serial and parallel port data. gtk Display video output in a GTK window. This interface provides drop-down menus and other UI elements to configure and control the VM during runtime. vnc Start a VNC server on display <arg> -nographic Normally, QEMU uses SDL to display the VGA output. With this option, you can totally disable graphical output so that QEMU is a simple command line application. The emulated serial port is redirected on the console and muxed with the monitor (unless redirected elsewhere explicitly). Therefore, you can still use QEMU to debug a Linux kernel with a serial console. Use C-a h for help on switching between the console and monitor. -curses Normally, QEMU uses SDL to display the VGA output. With this option, QEMU can display the VGA output when in text mode using a curses/ncurses interface. Nothing is displayed in graphical mode. -no-frame Do not use decorations for SDL windows and start them using the whole available screen space. This makes the using QEMU in a dedicated desktop workspace more convenient. -alt-grab Use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt). Note that this also affects the special keys (for fullscreen, monitor-mode switching, etc). -ctrl-grab Use Right-Ctrl to grab mouse (instead of Ctrl-Alt). Note that this also affects the special keys (for fullscreen, monitor-mode switching, etc). -no-quit Disable SDL window close capability. -sdl Enable SDL. -spice option[,option[,...]] Enable the spice remote desktop protocol. Valid options are port=<nr> Set the TCP port spice is listening on for plaintext channels. addr=<addr> Set the IP address spice is listening on. Default is any address. ipv4 ipv6 unix Force using the specified IP version. password=<secret> Set the password you need to authenticate. sasl Require that the client use SASL to authenticate with the spice. The exact choice of authentication method used is controlled from the system / user's SASL configuration file for the 'qemu' service. This is typically found in /etc/sasl2/qemu.conf. If running QEMU as an unprivileged user, an environment variable SASL_CONF_PATH can be used to make it search alternate locations for the service config. While some SASL auth methods can also provide data encryption (eg GSSAPI), it is recommended that SASL always be combined with the 'tls' and 'x509' settings to enable use of SSL and server certificates. This ensures a data encryption preventing compromise of authentication credentials. disable-ticketing Allow client connects without authentication. disable-copy-paste Disable copy paste between the client and the guest. disable-agent-file-xfer Disable spice-vdagent based file-xfer between the client and the guest. tls-port=<nr> Set the TCP port spice is listening on for encrypted channels. x509-dir=<dir> Set the x509 file directory. Expects same filenames as -vnc $display,x509=$dir x509-key-file=<file> x509-key-password=<file> x509-cert-file=<file> x509-cacert-file=<file> x509-dh-key-file=<file> The x509 file names can also be configured individually. tls-ciphers=<list> Specify which ciphers to use. tls-channel=[main|display|cursor|inputs|record|playback] plaintext-channel=[main|display|cursor|inputs|record|playback] Force specific channel to be used with or without TLS encryption. The options can be specified multiple times to configure multiple channels. The special name "default" can be used to set the default mode. For channels which are not explicitly forced into one mode the spice client is allowed to pick tls/plaintext as he pleases. image-compression=[auto_glz|auto_lz|quic|glz|lz|off] Configure image compression (lossless). Default is auto_glz. jpeg-wan-compression=[auto|never|always] zlib-glz-wan-compression=[auto|never|always] Configure wan image compression (lossy for slow links). Default is auto. streaming-video=[off|all|filter] Configure video stream detection. Default is filter. agent-mouse=[on|off] Enable/disable passing mouse events via vdagent. Default is on. playback-compression=[on|off] Enable/disable audio stream compression (using celt 0.5.1). Default is on. seamless-migration=[on|off] Enable/disable spice seamless migration. Default is off. -portrait Rotate graphical output 90 deg left (only PXA LCD). -rotate deg Rotate graphical output some deg left (only PXA LCD). -vga type Select type of VGA card to emulate. Valid values for type are cirrus Cirrus Logic GD5446 Video card. All Windows versions starting from Windows 95 should recognize and use this graphic card. For optimal performances, use 16 bit color depth in the guest and the host OS. (This one is the default) std Standard VGA card with Bochs VBE extensions. If your guest OS supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if you want to use high resolution modes (>= 1280x1024x16) then you should use this option. vmware VMWare SVGA-II compatible adapter. Use it if you have sufficiently recent XFree86/XOrg server or Windows guest with a driver for this card. qxl QXL paravirtual graphic card. It is VGA compatible (including VESA 2.0 VBE support). Works best with qxl guest drivers installed though. Recommended choice when using the spice protocol. tcx (sun4m only) Sun TCX framebuffer. This is the default framebuffer for sun4m machines and offers both 8-bit and 24-bit colour depths at a fixed resolution of 1024x768. cg3 (sun4m only) Sun cgthree framebuffer. This is a simple 8-bit framebuffer for sun4m machines available in both 1024x768 (OpenBIOS) and 1152x900 (OBP) resolutions aimed at people wishing to run older Solaris versions. virtio Virtio VGA card. none Disable VGA card. -full-screen Start in full screen. -g widthxheight[xdepth] Set the initial graphical resolution and depth (PPC, SPARC only). -vnc display[,option[,option[,...]]] Normally, QEMU uses SDL to display the VGA output. With this option, you can have QEMU listen on VNC display display and redirect the VGA display over the VNC session. It is very useful to enable the usb tablet device when using this option (option -usbdevice tablet). When using the VNC display, you must use the -k parameter to set the keyboard layout if you are not using en-us. Valid syntax for the display is host:d TCP connections will only be allowed from host on display d. By convention the TCP port is 5900+d. Optionally, host can be omitted in which case the server will accept connections from any host. unix:path Connections will be allowed over UNIX domain sockets where path is the location of a unix socket to listen for connections on. none VNC is initialized but not started. The monitor "change" command can be used to later start the VNC server. Following the display value there may be one or more option flags separated by commas. Valid options are reverse Connect to a listening VNC client via a "reverse" connection. The client is specified by the display. For reverse network connections (host:d,"reverse"), the d argument is a TCP port number, not a display number. websocket Opens an additional TCP listening port dedicated to VNC Websocket connections. By definition the Websocket port is 5700+display. If host is specified connections will only be allowed from this host. As an alternative the Websocket port could be specified by using "websocket"=port. If no TLS credentials are provided, the websocket connection runs in unencrypted mode. If TLS credentials are provided, the websocket connection requires encrypted client connections. password Require that password based authentication is used for client connections. The password must be set separately using the "set_password" command in the pcsys_monitor. The syntax to change your password is: "set_password <protocol> <password>" where <protocol> could be either "vnc" or "spice". If you would like to change <protocol> password expiration, you should use "expire_password <protocol> <expiration-time>" where expiration time could be one of the following options: now, never, +seconds or UNIX time of expiration, e.g. +60 to make password expire in 60 seconds, or 1335196800 to make password expire on "Mon Apr 23 12:00:00 EDT 2012" (UNIX time for this date and time). You can also use keywords "now" or "never" for the expiration time to allow <protocol> password to expire immediately or never expire. tls-creds=ID Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket and the websocket socket (if enabled). Setting TLS credentials will cause the VNC server socket to enable the VeNCrypt auth mechanism. The credentials should have been previously created using the -object tls-creds argument. The tls-creds parameter obsoletes the tls, x509, and x509verify options, and as such it is not permitted to set both new and old type options at the same time. tls Require that client use TLS when communicating with the VNC server. This uses anonymous TLS credentials so is susceptible to a man-in-the-middle attack. It is recommended that this option be combined with either the x509 or x509verify options. This option is now deprecated in favor of using the tls-creds argument. x509=/path/to/certificate/dir Valid if tls is specified. Require that x509 credentials are used for negotiating the TLS session. The server will send its x509 certificate to the client. It is recommended that a password be set on the VNC server to provide authentication of the client when this is used. The path following this option specifies where the x509 certificates are to be loaded from. See the vnc_security section for details on generating certificates. This option is now deprecated in favour of using the tls-creds argument. x509verify=/path/to/certificate/dir Valid if tls is specified. Require that x509 credentials are used for negotiating the TLS session. The server will send its x509 certificate to the client, and request that the client send its own x509 certificate. The server will validate the client's certificate against the CA certificate, and reject clients when validation fails. If the certificate authority is trusted, this is a sufficient authentication mechanism. You may still wish to set a password on the VNC server as a second authentication layer. The path following this option specifies where the x509 certificates are to be loaded from. See the vnc_security section for details on generating certificates. This option is now deprecated in favour of using the tls-creds argument. sasl Require that the client use SASL to authenticate with the VNC server. The exact choice of authentication method used is controlled from the system / user's SASL configuration file for the 'qemu' service. This is typically found in /etc/sasl2/qemu.conf. If running QEMU as an unprivileged user, an environment variable SASL_CONF_PATH can be used to make it search alternate locations for the service config. While some SASL auth methods can also provide data encryption (eg GSSAPI), it is recommended that SASL always be combined with the 'tls' and 'x509' settings to enable use of SSL and server certificates. This ensures a data encryption preventing compromise of authentication credentials. See the vnc_security section for details on using SASL authentication. acl Turn on access control lists for checking of the x509 client certificate and SASL party. For x509 certs, the ACL check is made against the certificate's distinguished name. This is something that looks like "C=GB,O=ACME,L=Boston,CN=bob". For SASL party, the ACL check is made against the username, which depending on the SASL plugin, may include a realm component, eg "bob" or "bob@EXAMPLE.COM". When the acl flag is set, the initial access list will be empty, with a "deny" policy. Thus no one will be allowed to use the VNC server until the ACLs have been loaded. This can be achieved using the "acl" monitor command. lossy Enable lossy compression methods (gradient, JPEG, ...). If this option is set, VNC client may receive lossy framebuffer updates depending on its encoding settings. Enabling this option can save a lot of bandwidth at the expense of quality. non-adaptive Disable adaptive encodings. Adaptive encodings are enabled by default. An adaptive encoding will try to detect frequently updated screen regions, and send updates in these regions using a lossy encoding (like JPEG). This can be really helpful to save bandwidth when playing videos. Disabling adaptive encodings restores the original static behavior of encodings like Tight. share=[allow-exclusive|force-shared|ignore] Set display sharing policy. 'allow-exclusive' allows clients to ask for exclusive access. As suggested by the rfb spec this is implemented by dropping other connections. Connecting multiple clients in parallel requires all clients asking for a shared session (vncviewer: -shared switch). This is the default. 'force-shared' disables exclusive client access. Useful for shared desktop sessions, where you don't want someone forgetting specify -shared disconnect everybody else. 'ignore' completely ignores the shared flag and allows everybody connect unconditionally. Doesn't conform to the rfb spec but is traditional QEMU behavior. i386 target only: -win2k-hack Use it when installing Windows 2000 to avoid a disk full bug. After Windows 2000 is installed, you no longer need this option (this option slows down the IDE transfers). -no-fd-bootchk Disable boot signature checking for floppy disks in BIOS. May be needed to boot from old floppy disks. -no-acpi Disable ACPI (Advanced Configuration and Power Interface) support. Use it if your guest OS complains about ACPI problems (PC target machine only). -no-hpet Disable HPET support. -acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n] [,asl_compiler_id=str][,asl_compiler_rev=n][,data=file1[:file2]...] Add ACPI table with specified header fields and context from specified files. For file=, take whole ACPI table from the specified files, including all ACPI headers (possible overridden by other options). For data=, only data portion of the table is used, all header information is specified in the command line. -smbios file=binary Load SMBIOS entry from binary file. -smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off] Specify SMBIOS type 0 fields -smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str][,uuid=uuid][,sku=str][,family=str] Specify SMBIOS type 1 fields -smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str][,asset=str][,location=str][,family=str] Specify SMBIOS type 2 fields -smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str][,sku=str] Specify SMBIOS type 3 fields -smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str] Specify SMBIOS type 4 fields -smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,speed=%d] Specify SMBIOS type 17 fields Network options: -net nic[,vlan=n][,macaddr=mac][,model=type] [,name=name][,addr=addr][,vectors=v] Create a new Network Interface Card and connect it to VLAN n (n = 0 is the default). The NIC is an e1000 by default on the PC target. Optionally, the MAC address can be changed to mac, the device address set to addr (PCI cards only), and a name can be assigned for use in monitor commands. Optionally, for PCI cards, you can specify the number v of MSI-X vectors that the card should have; this option currently only affects virtio cards; set v = 0 to disable MSI-X. If no -net option is specified, a single NIC is created. QEMU can emulate several different models of network card. Valid values for type are "virtio", "i82551", "i82557b", "i82559er", "ne2k_pci", "ne2k_isa", "pcnet", "rtl8139", "e1000", "smc91c111", "lance" and "mcf_fec". Not all devices are supported on all targets. Use "-net nic,model=help" for a list of available devices for your target. -netdev user,id=id[,option][,option][,...] -net user[,option][,option][,...] Use the user mode network stack which requires no administrator privilege to run. Valid options are: vlan=n Connect user mode stack to VLAN n (n = 0 is the default). id=id name=name Assign symbolic name for use in monitor commands. net=addr[/mask] Set IP network address the guest will see. Optionally specify the netmask, either in the form a.b.c.d or as number of valid top-most bits. Default is 10.0.2.0/24. host=addr Specify the guest-visible address of the host. Default is the 2nd IP in the guest network, i.e. x.x.x.2. restrict=on|off If this option is enabled, the guest will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect any explicitly set forwarding rules. hostname=name Specifies the client hostname reported by the built-in DHCP server. dhcpstart=addr Specify the first of the 16 IPs the built-in DHCP server can assign. Default is the 15th to 31st IP in the guest network, i.e. x.x.x.15 to x.x.x.31. dns=addr Specify the guest-visible address of the virtual nameserver. The address must be different from the host address. Default is the 3rd IP in the guest network, i.e. x.x.x.3. dnssearch=domain Provides an entry for the domain-search list sent by the built-in DHCP server. More than one domain suffix can be transmitted by specifying this option multiple times. If supported, this will cause the guest to automatically try to append the given domain suffix(es) in case a domain name can not be resolved. Example: qemu -net user,dnssearch=mgmt.example.org,dnssearch=example.org [...] tftp=dir When using the user mode network stack, activate a built-in TFTP server. The files in dir will be exposed as the root of a TFTP server. The TFTP client on the guest must be configured in binary mode (use the command "bin" of the Unix TFTP client). bootfile=file When using the user mode network stack, broadcast file as the BOOTP filename. In conjunction with tftp, this can be used to network boot a guest from a local directory. Example (using pxelinux): qemu-system-i386 -hda linux.img -boot n -net user,tftp=/path/to/tftp/files,bootfile=/pxelinux.0 smb=dir[,smbserver=addr] When using the user mode network stack, activate a built-in SMB server so that Windows OSes can access to the host files in dir transparently. The IP address of the SMB server can be set to addr. By default the 4th IP in the guest network is used, i.e. x.x.x.4. In the guest Windows OS, the line: 10.0.2.4 smbserver must be added in the file C:\WINDOWS\LMHOSTS (for windows 9x/Me) or C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS (Windows NT/2000). Then dir can be accessed in \smbserver\qemu. Note that a SAMBA server must be installed on the host OS. QEMU was tested successfully with smbd versions from Red Hat 9, Fedora Core 3 and OpenSUSE 11.x. hostfwd=[tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport Redirect incoming TCP or UDP connections to the host port hostport to the guest IP address guestaddr on guest port guestport. If guestaddr is not specified, its value is x.x.x.15 (default first address given by the built-in DHCP server). By specifying hostaddr, the rule can be bound to a specific host interface. If no connection type is set, TCP is used. This option can be given multiple times. For example, to redirect host X11 connection from screen 1 to guest screen 0, use the following: # on the host qemu-system-i386 -net user,hostfwd=tcp:127.0.0.1:6001-:6000 [...] # this host xterm should open in the guest X11 server xterm -display :1 To redirect telnet connections from host port 5555 to telnet port on the guest, use the following: # on the host qemu-system-i386 -net user,hostfwd=tcp::5555-:23 [...] telnet localhost 5555 Then when you use on the host "telnet localhost 5555", you connect to the guest telnet server. guestfwd=[tcp]:server:port-dev guestfwd=[tcp]:server:port-cmd:command Forward guest TCP connections to the IP address server on port port to the character device dev or to a program executed by cmd:command which gets spawned for each connection. This option can be given multiple times. You can either use a chardev directly and have that one used throughout QEMU's lifetime, like in the following example: # open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever # the guest accesses it qemu -net user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321 [...] Or you can execute a command on every TCP connection established by the guest, so that QEMU behaves similar to an inetd process for that virtual server: # call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234 # and connect the TCP stream to its stdin/stdout qemu -net 'user,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321' Note: Legacy stand-alone options -tftp, -bootp, -smb and -redir are still processed and applied to -net user. Mixing them with the new configuration syntax gives undefined results. Their use for new applications is discouraged as they will be removed from future versions. -netdev tap,id=id[,fd=h][,ifname=name][,script=file][,downscript=dfile][,helper=helper] -net tap[,vlan=n][,name=name][,fd=h][,ifname=name][,script=file][,downscript=dfile][,helper=helper] Connect the host TAP network interface name to VLAN n. Use the network script file to configure it and the network script dfile to deconfigure it. If name is not provided, the OS automatically provides one. The default network configure script is /etc/qemu-ifup and the default network deconfigure script is /etc/qemu-ifdown. Use script=no or downscript=no to disable script execution. If running QEMU as an unprivileged user, use the network helper helper to configure the TAP interface. The default network helper executable is /path/to/qemu-bridge-helper. fd=h can be used to specify the handle of an already opened host TAP interface. Examples: #launch a QEMU instance with the default network script qemu-system-i386 linux.img -net nic -net tap #launch a QEMU instance with two NICs, each one connected #to a TAP device qemu-system-i386 linux.img \ -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \ -net nic,vlan=1 -net tap,vlan=1,ifname=tap1 #launch a QEMU instance with the default network helper to #connect a TAP device to bridge br0 qemu-system-i386 linux.img \ -net nic -net tap,"helper=/path/to/qemu-bridge-helper" -netdev bridge,id=id[,br=bridge][,helper=helper] -net bridge[,vlan=n][,name=name][,br=bridge][,helper=helper] Connect a host TAP network interface to a host bridge device. Use the network helper helper to configure the TAP interface and attach it to the bridge. The default network helper executable is /path/to/qemu-bridge-helper and the default bridge device is br0. Examples: #launch a QEMU instance with the default network helper to #connect a TAP device to bridge br0 qemu-system-i386 linux.img -net bridge -net nic,model=virtio #launch a QEMU instance with the default network helper to #connect a TAP device to bridge qemubr0 qemu-system-i386 linux.img -net bridge,br=qemubr0 -net nic,model=virtio -netdev socket,id=id[,fd=h][,listen=[host]:port][,connect=host:port] -net socket[,vlan=n][,name=name][,fd=h] [,listen=[host]:port][,connect=host:port] Connect the VLAN n to a remote VLAN in another QEMU virtual machine using a TCP socket connection. If listen is specified, QEMU waits for incoming connections on port (host is optional). connect is used to connect to another QEMU instance using the listen option. fd=h specifies an already opened TCP socket. Example: # launch a first QEMU instance qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:56 \ -net socket,listen=:1234 # connect the VLAN 0 of this instance to the VLAN 0 # of the first instance qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:57 \ -net socket,connect=127.0.0.1:1234 -netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]] -net socket[,vlan=n][,name=name][,fd=h][,mcast=maddr:port[,localaddr=addr]] Create a VLAN n shared with another QEMU virtual machines using a UDP multicast socket, effectively making a bus for every QEMU with same multicast address maddr and port. NOTES: 1. Several QEMU can be running on different hosts and share same bus (assuming correct multicast setup for these hosts). 2. mcast support is compatible with User Mode Linux (argument ethN=mcast), see <http://user-mode-linux.sf.net>. 3. Use fd=h to specify an already opened UDP multicast socket. Example: # launch one QEMU instance qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:56 \ -net socket,mcast=230.0.0.1:1234 # launch another QEMU instance on same "bus" qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:57 \ -net socket,mcast=230.0.0.1:1234 # launch yet another QEMU instance on same "bus" qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:58 \ -net socket,mcast=230.0.0.1:1234 Example (User Mode Linux compat.): # launch QEMU instance (note mcast address selected # is UML's default) qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:56 \ -net socket,mcast=239.192.168.1:1102 # launch UML /path/to/linux ubd0=/path/to/root_fs eth0=mcast Example (send packets from host's 1.2.3.4): qemu-system-i386 linux.img \ -net nic,macaddr=52:54:00:12:34:56 \ -net socket,mcast=239.192.168.1:1102,localaddr=1.2.3.4 -netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset] -net l2tpv3[,vlan=n][,name=name],src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset] Connect VLAN n to L2TPv3 pseudowire. L2TPv3 (RFC3391) is a popular protocol to transport Ethernet (and other Layer 2) data frames between two systems. It is present in routers, firewalls and the Linux kernel (from version 3.3 onwards). This transport allows a VM to communicate to another VM, router or firewall directly. src=srcaddr source address (mandatory) dst=dstaddr destination address (mandatory) udp select udp encapsulation (default is ip). srcport=srcport source udp port. dstport=dstport destination udp port. ipv6 force v6, otherwise defaults to v4. rxcookie=rxcookie txcookie=txcookie Cookies are a weak form of security in the l2tpv3 specification. Their function is mostly to prevent misconfiguration. By default they are 32 bit. cookie64 Set cookie size to 64 bit instead of the default 32 counter=off Force a 'cut-down' L2TPv3 with no counter as in draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00 pincounter=on Work around broken counter handling in peer. This may also help on networks which have packet reorder. offset=offset Add an extra offset between header and data For example, to attach a VM running on host 4.3.2.1 via L2TPv3 to the bridge br-lan on the remote Linux host 1.2.3.4: # Setup tunnel on linux host using raw ip as encapsulation # on 1.2.3.4 ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \ encap udp udp_sport 16384 udp_dport 16384 ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \ 0xFFFFFFFF peer_session_id 0xFFFFFFFF ifconfig vmtunnel0 mtu 1500 ifconfig vmtunnel0 up brctl addif br-lan vmtunnel0 # on 4.3.2.1 # launch QEMU instance - if your network has reorder or is very lossy add ,pincounter qemu-system-i386 linux.img -net nic -net l2tpv3,src=4.2.3.1,dst=1.2.3.4,udp,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter -netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode] -net vde[,vlan=n][,name=name][,sock=socketpath] [,port=n][,group=groupname][,mode=octalmode] Connect VLAN n to PORT n of a vde switch running on host and listening for incoming connections on socketpath. Use GROUP groupname and MODE octalmode to change default ownership and permissions for communication port. This option is only available if QEMU has been compiled with vde support enabled. Example: # launch vde switch vde_switch -F -sock /tmp/myswitch # launch QEMU instance qemu-system-i386 linux.img -net nic -net vde,sock=/tmp/myswitch -netdev hubport,id=id,hubid=hubid Create a hub port on QEMU "vlan" hubid. The hubport netdev lets you connect a NIC to a QEMU "vlan" instead of a single netdev. "-net" and "-device" with parameter vlan create the required hub automatically. -netdev vhost-user,chardev=id[,vhostforce=on|off][,queues=n] Establish a vhost-user netdev, backed by a chardev id. The chardev should be a unix domain socket backed one. The vhost-user uses a specifically defined protocol to pass vhost ioctl replacement messages to an application on the other end of the socket. On non-MSIX guests, the feature can be forced with vhostforce. Use 'queues=n' to specify the number of queues to be created for multiqueue vhost-user. Example: qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \ -numa node,memdev=mem \ -chardev socket,path=/path/to/socket \ -netdev type=vhost-user,id=net0,chardev=chr0 \ -device virtio-net-pci,netdev=net0 -net dump[,vlan=n][,file=file][,len=len] Dump network traffic on VLAN n to file file (qemu-vlan0.pcap by default). At most len bytes (64k by default) per packet are stored. The file format is libpcap, so it can be analyzed with tools such as tcpdump or Wireshark. Note: For devices created with '-netdev', use '-object filter-dump,...' instead. -net none Indicate that no network devices should be configured. It is used to override the default configuration (-net nic -net user) which is activated if no -net options are provided. Character device options: The general form of a character device option is: -chardev backend ,id=id [,mux=on|off] [,options] Backend is one of: null, socket, udp, msmouse, vc, ringbuf, file, pipe, console, serial, pty, stdio, braille, tty, parallel, parport, spicevmc. spiceport. The specific backend will determine the applicable options. All devices must have an id, which can be any string up to 127 characters long. It is used to uniquely identify this device in other command line directives. A character device may be used in multiplexing mode by multiple front-ends. The key sequence of Control-a and c will rotate the input focus between attached front-ends. Specify mux=on to enable this mode. Options to each backend are described below. -chardev null ,id=id A void device. This device will not emit any data, and will drop any data it receives. The null backend does not take any options. -chardev socket ,id=id [TCP options or unix options] [,server] [,nowait] [,telnet] [,reconnect=seconds] Create a two-way stream socket, which can be either a TCP or a unix socket. A unix socket will be created if path is specified. Behaviour is undefined if TCP options are specified for a unix socket. server specifies that the socket shall be a listening socket. nowait specifies that QEMU should not block waiting for a client to connect to a listening socket. telnet specifies that traffic on the socket should interpret telnet escape sequences. reconnect sets the timeout for reconnecting on non-server sockets when the remote end goes away. qemu will delay this many seconds and then attempt to reconnect. Zero disables reconnecting, and is the default. TCP and unix socket options are given below: TCP options: port=port [,host=host] [,to=to] [,ipv4] [,ipv6] [,nodelay] host for a listening socket specifies the local address to be bound. For a connecting socket species the remote host to connect to. host is optional for listening sockets. If not specified it defaults to 0.0.0.0. port for a listening socket specifies the local port to be bound. For a connecting socket specifies the port on the remote host to connect to. port can be given as either a port number or a service name. port is required. to is only relevant to listening sockets. If it is specified, and port cannot be bound, QEMU will attempt to bind to subsequent ports up to and including to until it succeeds. to must be specified as a port number. ipv4 and ipv6 specify that either IPv4 or IPv6 must be used. If neither is specified the socket may use either protocol. nodelay disables the Nagle algorithm. unix options: path=path path specifies the local path of the unix socket. path is required. -chardev udp ,id=id [,host=host] ,port=port [,localaddr=localaddr] [,localport=localport] [,ipv4] [,ipv6] Sends all traffic from the guest to a remote host over UDP. host specifies the remote host to connect to. If not specified it defaults to "localhost". port specifies the port on the remote host to connect to. port is required. localaddr specifies the local address to bind to. If not specified it defaults to 0.0.0.0. localport specifies the local port to bind to. If not specified any available local port will be used. ipv4 and ipv6 specify that either IPv4 or IPv6 must be used. If neither is specified the device may use either protocol. -chardev msmouse ,id=id Forward QEMU's emulated msmouse events to the guest. msmouse does not take any options. -chardev vc ,id=id [[,width=width] [,height=height]] [[,cols=cols] [,rows=rows]] Connect to a QEMU text console. vc may optionally be given a specific size. width and height specify the width and height respectively of the console, in pixels. cols and rows specify that the console be sized to fit a text console with the given dimensions. -chardev ringbuf ,id=id [,size=size] Create a ring buffer with fixed size size. size must be a power of two, and defaults to "64K"). -chardev file ,id=id ,path=path Log all traffic received from the guest to a file. path specifies the path of the file to be opened. This file will be created if it does not already exist, and overwritten if it does. path is required. -chardev pipe ,id=id ,path=path Create a two-way connection to the guest. The behaviour differs slightly between Windows hosts and other hosts: On Windows, a single duplex pipe will be created at \.pipe\path. On other hosts, 2 pipes will be created called path.in and path.out. Data written to path.in will be received by the guest. Data written by the guest can be read from path.out. QEMU will not create these fifos, and requires them to be present. path forms part of the pipe path as described above. path is required. -chardev console ,id=id Send traffic from the guest to QEMU's standard output. console does not take any options. console is only available on Windows hosts. -chardev serial ,id=id ,path=path Send traffic from the guest to a serial device on the host. On Unix hosts serial will actually accept any tty device, not only serial lines. path specifies the name of the serial device to open. -chardev pty ,id=id Create a new pseudo-terminal on the host and connect to it. pty does not take any options. pty is not available on Windows hosts. -chardev stdio ,id=id [,signal=on|off] Connect to standard input and standard output of the QEMU process. signal controls if signals are enabled on the terminal, that includes exiting QEMU with the key sequence Control-c. This option is enabled by default, use signal=off to disable it. stdio is not available on Windows hosts. -chardev braille ,id=id Connect to a local BrlAPI server. braille does not take any options. -chardev tty ,id=id ,path=path tty is only available on Linux, Sun, FreeBSD, NetBSD, OpenBSD and DragonFlyBSD hosts. It is an alias for serial. path specifies the path to the tty. path is required. -chardev parallel ,id=id ,path=path -chardev parport ,id=id ,path=path parallel is only available on Linux, FreeBSD and DragonFlyBSD hosts. Connect to a local parallel port. path specifies the path to the parallel port device. path is required. -chardev spicevmc ,id=id ,debug=debug, name=name spicevmc is only available when spice support is built in. debug debug level for spicevmc name name of spice channel to connect to Connect to a spice virtual machine channel, such as vdiport. -chardev spiceport ,id=id ,debug=debug, name=name spiceport is only available when spice support is built in. debug debug level for spicevmc name name of spice port to connect to Connect to a spice port, allowing a Spice client to handle the traffic identified by a name (preferably a fqdn). Device URL Syntax: In addition to using normal file images for the emulated storage devices, QEMU can also use networked resources such as iSCSI devices. These are specified using a special URL syntax. iSCSI iSCSI support allows QEMU to access iSCSI resources directly and use as images for the guest storage. Both disk and cdrom images are supported. Syntax for specifying iSCSI LUNs is "iscsi://<target-ip>[:<port>]/<target-iqn>/<lun>" By default qemu will use the iSCSI initiator-name 'iqn.2008-11.org.linux-kvm[:<name>]' but this can also be set from the command line or a configuration file. Since version Qemu 2.4 it is possible to specify a iSCSI request timeout to detect stalled requests and force a reestablishment of the session. The timeout is specified in seconds. The default is 0 which means no timeout. Libiscsi 1.15.0 or greater is required for this feature. Example (without authentication): qemu-system-i386 -iscsi initiator-name=iqn.2001-04.com.example:my-initiator \ -cdrom iscsi://192.0.2.1/iqn.2001-04.com.example/2 \ -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1 Example (CHAP username/password via URL): qemu-system-i386 -drive file=iscsi://user%password@192.0.2.1/iqn.2001-04.com.example/1 Example (CHAP username/password via environment variables): LIBISCSI_CHAP_USERNAME="user" \ LIBISCSI_CHAP_PASSWORD="password" \ qemu-system-i386 -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1 iSCSI support is an optional feature of QEMU and only available when compiled and linked against libiscsi. iSCSI parameters such as username and password can also be specified via a configuration file. See qemu-doc for more information and examples. NBD QEMU supports NBD (Network Block Devices) both using TCP protocol as well as Unix Domain Sockets. Syntax for specifying a NBD device using TCP "nbd:<server-ip>:<port>[:exportname=<export>]" Syntax for specifying a NBD device using Unix Domain Sockets "nbd:unix:<domain-socket>[:exportname=<export>]" Example for TCP qemu-system-i386 --drive file=nbd:192.0.2.1:30000 Example for Unix Domain Sockets qemu-system-i386 --drive file=nbd:unix:/tmp/nbd-socket SSH QEMU supports SSH (Secure Shell) access to remote disks. Examples: qemu-system-i386 -drive file=ssh://user@host/path/to/disk.img qemu-system-i386 -drive file.driver=ssh,file.user=user,file.host=host,file.port=22,file.path=/path/to/disk.img Currently authentication must be done using ssh-agent. Other authentication methods may be supported in future. Sheepdog Sheepdog is a distributed storage system for QEMU. QEMU supports using either local sheepdog devices or remote networked devices. Syntax for specifying a sheepdog device sheepdog[+tcp|+unix]://[host:port]/vdiname[?socket=path][#snapid|#tag] Example qemu-system-i386 --drive file=sheepdog://192.0.2.1:30000/MyVirtualMachine See also <http://http://www.osrg.net/sheepdog/>. GlusterFS GlusterFS is an user space distributed file system. QEMU supports the use of GlusterFS volumes for hosting VM disk images using TCP, Unix Domain Sockets and RDMA transport protocols. Syntax for specifying a VM disk image on GlusterFS volume is gluster[+transport]://[server[:port]]/volname/image[?socket=...] Example qemu-system-x86_64 --drive file=gluster://192.0.2.1/testvol/a.img See also <http://www.gluster.org>. HTTP/HTTPS/FTP/FTPS/TFTP QEMU supports read-only access to files accessed over http(s), ftp(s) and tftp. Syntax using a single filename: <protocol>://[<username>[:<password>]@]<host>/<path> where: protocol 'http', 'https', 'ftp', 'ftps', or 'tftp'. username Optional username for authentication to the remote server. password Optional password for authentication to the remote server. host Address of the remote server. path Path on the remote server, including any query string. The following options are also supported: url The full URL when passing options to the driver explicitly. readahead The amount of data to read ahead with each range request to the remote server. This value may optionally have the suffix 'T', 'G', 'M', 'K', 'k' or 'b'. If it does not have a suffix, it will be assumed to be in bytes. The value must be a multiple of 512 bytes. It defaults to 256k. sslverify Whether to verify the remote server's certificate when connecting over SSL. It can have the value 'on' or 'off'. It defaults to 'on'. cookie Send this cookie (it can also be a list of cookies separated by ';') with each outgoing request. Only supported when using protocols such as HTTP which support cookies, otherwise ignored. timeout Set the timeout in seconds of the CURL connection. This timeout is the time that CURL waits for a response from the remote server to get the size of the image to be downloaded. If not set, the default timeout of 5 seconds is used. Note that when passing options to qemu explicitly, driver is the value of <protocol>. Example: boot from a remote Fedora 20 live ISO image qemu-system-x86_64 --drive media=cdrom,file=http://dl.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly qemu-system-x86_64 --drive media=cdrom,file.driver=http,file.url=http://dl.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly Example: boot from a remote Fedora 20 cloud image using a local overlay for writes, copy-on-read, and a readahead of 64k qemu-img create -f qcow2 -o backing_file='json:{"file.driver":"http",, "file.url":"https://dl.fedoraproject.org/pub/fedora/linux/releases/20/Images/x86_64/Fedora-x86_64-20-20131211.1-sda.qcow2",, "file.readahead":"64k"}' /tmp/Fedora-x86_64-20-20131211.1-sda.qcow2 qemu-system-x86_64 -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-on-read=on Example: boot from an image stored on a VMware vSphere server with a self-signed certificate using a local overlay for writes, a readahead of 64k and a timeout of 10 seconds. qemu-img create -f qcow2 -o backing_file='json:{"file.driver":"https",, "file.url":"https://user:password@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10}' /tmp/test.qcow2 qemu-system-x86_64 -drive file=/tmp/test.qcow2 Bluetooth(R) options: -bt hci[...] Defines the function of the corresponding Bluetooth HCI. -bt options are matched with the HCIs present in the chosen machine type. For example when emulating a machine with only one HCI built into it, only the first "-bt hci[...]" option is valid and defines the HCI's logic. The Transport Layer is decided by the machine type. Currently the machines "n800" and "n810" have one HCI and all other machines have none. The following three types are recognized: -bt hci,null (default) The corresponding Bluetooth HCI assumes no internal logic and will not respond to any HCI commands or emit events. -bt hci,host[:id] ("bluez" only) The corresponding HCI passes commands / events to / from the physical HCI identified by the name id (default: "hci0") on the computer running QEMU. Only available on "bluez" capable systems like Linux. -bt hci[,vlan=n] Add a virtual, standard HCI that will participate in the Bluetooth scatternet n (default 0). Similarly to -net VLANs, devices inside a bluetooth network n can only communicate with other devices in the same network (scatternet). -bt vhci[,vlan=n] (Linux-host only) Create a HCI in scatternet n (default 0) attached to the host bluetooth stack instead of to the emulated target. This allows the host and target machines to participate in a common scatternet and communicate. Requires the Linux "vhci" driver installed. Can be used as following: qemu-system-i386 [...OPTIONS...] -bt hci,vlan=5 -bt vhci,vlan=5 -bt device:dev[,vlan=n] Emulate a bluetooth device dev and place it in network n (default 0). QEMU can only emulate one type of bluetooth devices currently: keyboard Virtual wireless keyboard implementing the HIDP bluetooth profile. TPM device options: The general form of a TPM device option is: -tpmdev backend ,id=id [,options] Backend type must be: passthrough. The specific backend type will determine the applicable options. The "-tpmdev" option creates the TPM backend and requires a "-device" option that specifies the TPM frontend interface model. Options to each backend are described below. Use 'help' to print all available TPM backend types. qemu -tpmdev help -tpmdev passthrough, id=id, path=path, cancel-path=cancel-path (Linux-host only) Enable access to the host's TPM using the passthrough driver. path specifies the path to the host's TPM device, i.e., on a Linux host this would be "/dev/tpm0". path is optional and by default "/dev/tpm0" is used. cancel-path specifies the path to the host TPM device's sysfs entry allowing for cancellation of an ongoing TPM command. cancel-path is optional and by default QEMU will search for the sysfs entry to use. Some notes about using the host's TPM with the passthrough driver: The TPM device accessed by the passthrough driver must not be used by any other application on the host. Since the host's firmware (BIOS/UEFI) has already initialized the TPM, the VM's firmware (BIOS/UEFI) will not be able to initialize the TPM again and may therefore not show a TPM-specific menu that would otherwise allow the user to configure the TPM, e.g., allow the user to enable/disable or activate/deactivate the TPM. Further, if TPM ownership is released from within a VM then the host's TPM will get disabled and deactivated. To enable and activate the TPM again afterwards, the host has to be rebooted and the user is required to enter the firmware's menu to enable and activate the TPM. If the TPM is left disabled and/or deactivated most TPM commands will fail. To create a passthrough TPM use the following two options: -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 Note that the "-tpmdev" id is "tpm0" and is referenced by "tpmdev=tpm0" in the device option. Linux/Multiboot boot specific: When using these options, you can use a given Linux or Multiboot kernel without installing it in the disk image. It can be useful for easier testing of various kernels. -kernel bzImage Use bzImage as kernel image. The kernel can be either a Linux kernel or in multiboot format. -append cmdline Use cmdline as kernel command line -initrd file Use file as initial ram disk. -initrd "file1 arg=foo,file2" This syntax is only available with multiboot. Use file1 and file2 as modules and pass arg=foo as parameter to the first module. -dtb file Use file as a device tree binary (dtb) image and pass it to the kernel on boot. Debug/Expert options: -fw_cfg [name=]name,file=file Add named fw_cfg entry from file. name determines the name of the entry in the fw_cfg file directory exposed to the guest. -fw_cfg [name=]name,string=str Add named fw_cfg entry from string. -serial dev Redirect the virtual serial port to host character device dev. The default device is "vc" in graphical mode and "stdio" in non graphical mode. This option can be used several times to simulate up to 4 serial ports. Use "-serial none" to disable all serial ports. Available character devices are: vc[:WxH] Virtual console. Optionally, a width and height can be given in pixel with vc:800x600 It is also possible to specify width or height in characters: vc:80Cx24C pty [Linux only] Pseudo TTY (a new PTY is automatically allocated) none No device is allocated. null void device chardev:id Use a named character device defined with the "-chardev" option. /dev/XXX [Linux only] Use host tty, e.g. /dev/ttyS0. The host serial port parameters are set according to the emulated ones. /dev/parportN [Linux only, parallel port only] Use host parallel port N. Currently SPP and EPP parallel port features can be used. file:filename Write output to filename. No character can be read. stdio [Unix only] standard input/output pipe:filename name pipe filename COMn [Windows only] Use host serial port n udp:[remote_host]:remote_port[@[src_ip]:src_port] This implements UDP Net Console. When remote_host or src_ip are not specified they default to 0.0.0.0. When not using a specified src_port a random port is automatically chosen. If you just want a simple readonly console you can use "netcat" or "nc", by starting QEMU with: "-serial udp::4555" and nc as: "nc -u -l -p 4555". Any time QEMU writes something to that port it will appear in the netconsole session. If you plan to send characters back via netconsole or you want to stop and start QEMU a lot of times, you should have QEMU use the same source port each time by using something like "-serial udp::4555@4556" to QEMU. Another approach is to use a patched version of netcat which can listen to a TCP port and send and receive characters via udp. If you have a patched version of netcat which activates telnet remote echo and single char transfer, then you can use the following options to step up a netcat redirector to allow telnet on port 5555 to access the QEMU port. "QEMU Options:" -serial udp::4555@4556 "netcat options:" -u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T "telnet options:" localhost 5555 tcp:[host]:port[,server][,nowait][,nodelay][,reconnect=seconds] The TCP Net Console has two modes of operation. It can send the serial I/O to a location or wait for a connection from a location. By default the TCP Net Console is sent to host at the port. If you use the server option QEMU will wait for a client socket application to connect to the port before continuing, unless the "nowait" option was specified. The "nodelay" option disables the Nagle buffering algorithm. The "reconnect" option only applies if noserver is set, if the connection goes down it will attempt to reconnect at the given interval. If host is omitted, 0.0.0.0 is assumed. Only one TCP connection at a time is accepted. You can use "telnet" to connect to the corresponding character device. "Example to send tcp console to 192.168.0.2 port 4444" -serial tcp:192.168.0.2:4444 "Example to listen and wait on port 4444 for connection" -serial tcp::4444,server "Example to not wait and listen on ip 192.168.0.100 port 4444" -serial tcp:192.168.0.100:4444,server,nowait telnet:host:port[,server][,nowait][,nodelay] The telnet protocol is used instead of raw tcp sockets. The options work the same as if you had specified "-serial tcp". The difference is that the port acts like a telnet server or client using telnet option negotiation. This will also allow you to send the MAGIC_SYSRQ sequence if you use a telnet that supports sending the break sequence. Typically in unix telnet you do it with Control-] and then type "send break" followed by pressing the enter key. unix:path[,server][,nowait][,reconnect=seconds] A unix domain socket is used instead of a tcp socket. The option works the same as if you had specified "-serial tcp" except the unix domain socket path is used for connections. mon:dev_string This is a special option to allow the monitor to be multiplexed onto another serial port. The monitor is accessed with key sequence of Control-a and then pressing c. dev_string should be any one of the serial devices specified above. An example to multiplex the monitor onto a telnet server listening on port 4444 would be: "-serial mon:telnet::4444,server,nowait" When the monitor is multiplexed to stdio in this way, Ctrl+C will not terminate QEMU any more but will be passed to the guest instead. braille Braille device. This will use BrlAPI to display the braille output on a real or fake device. msmouse Three button serial mouse. Configure the guest to use Microsoft protocol. -parallel dev Redirect the virtual parallel port to host device dev (same devices as the serial port). On Linux hosts, /dev/parportN can be used to use hardware devices connected on the corresponding host parallel port. This option can be used several times to simulate up to 3 parallel ports. Use "-parallel none" to disable all parallel ports. -monitor dev Redirect the monitor to host device dev (same devices as the serial port). The default device is "vc" in graphical mode and "stdio" in non graphical mode. Use "-monitor none" to disable the default monitor. -qmp dev Like -monitor but opens in 'control' mode. -qmp-pretty dev Like -qmp but uses pretty JSON formatting. -mon [chardev=]name[,mode=readline|control][,default] Setup monitor on chardev name. -debugcon dev Redirect the debug console to host device dev (same devices as the serial port). The debug console is an I/O port which is typically port 0xe9; writing to that I/O port sends output to this device. The default device is "vc" in graphical mode and "stdio" in non graphical mode. -pidfile file Store the QEMU process PID in file. It is useful if you launch QEMU from a script. -singlestep Run the emulation in single step mode. -S Do not start CPU at startup (you must type 'c' in the monitor). -realtime mlock=on|off Run qemu with realtime features. mlocking qemu and guest memory can be enabled via mlock=on (enabled by default). -gdb dev Wait for gdb connection on device dev. Typical connections will likely be TCP-based, but also UDP, pseudo TTY, or even stdio are reasonable use case. The latter is allowing to start QEMU from within gdb and establish the connection via a pipe: (gdb) target remote | exec qemu-system-i386 -gdb stdio ... -s Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234. -d item1[,...] Enable logging of specified items. Use '-d help' for a list of log items. -D logfile Output log in logfile instead of to stderr -L path Set the directory for the BIOS, VGA BIOS and keymaps. -bios file Set the filename for the BIOS. -enable-kvm Enable KVM full virtualization support. This option is only available if KVM support is enabled when compiling. -xen-domid id Specify xen guest domain id (XEN only). -xen-create Create domain using xen hypercalls, bypassing xend. Warning: should not be used when xend is in use (XEN only). -xen-attach Attach to existing xen domain. xend will use this when starting QEMU (XEN only). -no-reboot Exit instead of rebooting. -no-shutdown Don't exit QEMU on guest shutdown, but instead only stop the emulation. This allows for instance switching to monitor to commit changes to the disk image. -loadvm file Start right away with a saved state ("loadvm" in monitor) -daemonize Daemonize the QEMU process after initialization. QEMU will not detach from standard IO until it is ready to receive connections on any of its devices. This option is a useful way for external programs to launch QEMU without having to cope with initialization race conditions. -option-rom file Load the contents of file as an option ROM. This option is useful to load things like EtherBoot. -rtc [base=utc|localtime|date][,clock=host|vm][,driftfix=none|slew] Specify base as "utc" or "localtime" to let the RTC start at the current UTC or local time, respectively. "localtime" is required for correct date in MS-DOS or Windows. To start at a specific point in time, provide date in the format "2006-06-17T16:01:21" or "2006-06-17". The default base is UTC. By default the RTC is driven by the host system time. This allows using of the RTC as accurate reference clock inside the guest, specifically if the host time is smoothly following an accurate external reference clock, e.g. via NTP. If you want to isolate the guest time from the host, you can set clock to "rt" instead. To even prevent it from progressing during suspension, you can set it to "vm". Enable driftfix (i386 targets only) if you experience time drift problems, specifically with Windows' ACPI HAL. This option will try to figure out how many timer interrupts were not processed by the Windows guest and will re-inject them. -icount [shift=N|auto][,rr=record|replay,rrfile=filename] Enable virtual instruction counter. The virtual cpu will execute one instruction every 2^N ns of virtual time. If "auto" is specified then the virtual cpu speed will be automatically adjusted to keep virtual time within a few seconds of real time. When the virtual cpu is sleeping, the virtual time will advance at default speed unless sleep=no is specified. With sleep=no, the virtual time will jump to the next timer deadline instantly whenever the virtual cpu goes to sleep mode and will not advance if no timer is enabled. This behavior give deterministic execution times from the guest point of view. Note that while this option can give deterministic behavior, it does not provide cycle accurate emulation. Modern CPUs contain superscalar out of order cores with complex cache hierarchies. The number of instructions executed often has little or no correlation with actual performance. align=on will activate the delay algorithm which will try to synchronise the host clock and the virtual clock. The goal is to have a guest running at the real frequency imposed by the shift option. Whenever the guest clock is behind the host clock and if align=on is specified then we print a message to the user to inform about the delay. Currently this option does not work when shift is "auto". Note: The sync algorithm will work for those shift values for which the guest clock runs ahead of the host clock. Typically this happens when the shift value is high (how high depends on the host machine). When rr option is specified deterministic record/replay is enabled. Replay log is written into filename file in record mode and read from this file in replay mode. -watchdog model Create a virtual hardware watchdog device. Once enabled (by a guest action), the watchdog must be periodically polled by an agent inside the guest or else the guest will be restarted. Choose a model for which your guest has drivers. The model is the model of hardware watchdog to emulate. Use "-watchdog help" to list available hardware models. Only one watchdog can be enabled for a guest. The following models may be available: ib700 iBASE 700 is a very simple ISA watchdog with a single timer. i6300esb Intel 6300ESB I/O controller hub is a much more featureful PCI-based dual-timer watchdog. diag288 A virtual watchdog for s390x backed by the diagnose 288 hypercall (currently KVM only). -watchdog-action action The action controls what QEMU will do when the watchdog timer expires. The default is "reset" (forcefully reset the guest). Other possible actions are: "shutdown" (attempt to gracefully shutdown the guest), "poweroff" (forcefully poweroff the guest), "pause" (pause the guest), "debug" (print a debug message and continue), or "none" (do nothing). Note that the "shutdown" action requires that the guest responds to ACPI signals, which it may not be able to do in the sort of situations where the watchdog would have expired, and thus "-watchdog-action shutdown" is not recommended for production use. Examples: "-watchdog i6300esb -watchdog-action pause" "-watchdog ib700" -echr numeric_ascii_value Change the escape character used for switching to the monitor when using monitor and serial sharing. The default is 0x01 when using the "-nographic" option. 0x01 is equal to pressing "Control-a". You can select a different character from the ascii control keys where 1 through 26 map to Control-a through Control-z. For instance you could use the either of the following to change the escape character to Control-t. "-echr 0x14" "-echr 20" -virtioconsole c Set virtio console. This option is maintained for backward compatibility. Please use "-device virtconsole" for the new way of invocation. -show-cursor Show cursor. -tb-size n Set TB size. -incoming tcp:[host]:port[,to=maxport][,ipv4][,ipv6] -incoming rdma:host:port[,ipv4][,ipv6] Prepare for incoming migration, listen on a given tcp port. -incoming unix:socketpath Prepare for incoming migration, listen on a given unix socket. -incoming fd:fd Accept incoming migration from a given filedescriptor. -incoming exec:cmdline Accept incoming migration as an output from specified external command. -incoming defer Wait for the URI to be specified via migrate_incoming. The monitor can be used to change settings (such as migration parameters) prior to issuing the migrate_incoming to allow the migration to begin. -nodefaults Don't create default devices. Normally, QEMU sets the default devices like serial port, parallel port, virtual console, monitor device, VGA adapter, floppy and CD-ROM drive and others. The "-nodefaults" option will disable all those default devices. -chroot dir Immediately before starting guest execution, chroot to the specified directory. Especially useful in combination with -runas. -runas user Immediately before starting guest execution, drop root privileges, switching to the specified user. -prom-env variable=value Set OpenBIOS nvram variable to given value (PPC, SPARC only). -semihosting Enable semihosting mode (ARM, M68K, Xtensa, MIPS only). -semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]] Enable and configure semihosting (ARM, M68K, Xtensa, MIPS only). target="native|gdb|auto" Defines where the semihosting calls will be addressed, to QEMU ("native") or to GDB ("gdb"). The default is "auto", which means "gdb" during debug sessions and "native" otherwise. arg=str1,arg=str2,... Allows the user to pass input arguments, and can be used multiple times to build up a list. The old-style "-kernel"/"-append" method of passing a command line is still supported for backward compatibility. If both the "--semihosting-config arg" and the "-kernel"/"-append" are specified, the former is passed to semihosting as it always takes precedence. -old-param Old param mode (ARM only). -sandbox arg Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will disable it. The default is 'off'. -readconfig file Read device configuration from file. This approach is useful when you want to spawn QEMU process with many command line options but you don't want to exceed the command line character limit. -writeconfig file Write device configuration to file. The file can be either filename to save command line and device configuration into file or dash "-") character to print the output to stdout. This can be later used as input file for "-readconfig" option. -nodefconfig Normally QEMU loads configuration files from sysconfdir and datadir at startup. The "-nodefconfig" option will prevent QEMU from loading any of those config files. -no-user-config The "-no-user-config" option makes QEMU not load any of the user-provided config files on sysconfdir, but won't make it skip the QEMU-provided config files from datadir. -trace [events=file][,file=file] Specify tracing options. events=file Immediately enable events listed in file. The file must contain one event name (as listed in the trace-events file) per line. This option is only available if QEMU has been compiled with either simple or stderr tracing backend. file=file Log output traces to file. This option is only available if QEMU has been compiled with the simple tracing backend. -enable-fips Enable FIPS 140-2 compliance mode. -msg timestamp[=on|off] prepend a timestamp to each log message.(default:on) -dump-vmstate file Dump json-encoded vmstate information for current machine type to file in file Generic object creation -object typename[,prop1=value1,...] Create a new object of type typename setting properties in the order they are specified. Note that the 'id' property must be set. These objects are placed in the '/objects' path. -object memory-backend-file,id=id,size=size,mem-path=dir,share=on|off Creates a memory file backend object, which can be used to back the guest RAM with huge pages. The id parameter is a unique ID that will be used to reference this memory region when configuring the -numa argument. The size option provides the size of the memory region, and accepts common suffixes, eg 500M. The mem-path provides the path to either a shared memory or huge page filesystem mount. The share boolean option determines whether the memory region is marked as private to QEMU, or shared. The latter allows a co-operating external process to access the QEMU memory region. -object rng-random,id=id,filename=/dev/random Creates a random number generator backend which obtains entropy from a device on the host. The id parameter is a unique ID that will be used to reference this entropy backend from the virtio-rng device. The filename parameter specifies which file to obtain entropy from and if omitted defaults to /dev/random. -object rng-egd,id=id,chardev=chardevid Creates a random number generator backend which obtains entropy from an external daemon running on the host. The id parameter is a unique ID that will be used to reference this entropy backend from the virtio-rng device. The chardev parameter is the unique ID of a character device backend that provides the connection to the RNG daemon. -object tls-creds-anon,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off Creates a TLS anonymous credentials object, which can be used to provide TLS support on network backends. The id parameter is a unique ID which network backends will use to access the credentials. The endpoint is either server or client depending on whether the QEMU network backend that uses the credentials will be acting as a client or as a server. If verify-peer is enabled (the default) then once the handshake is completed, the peer credentials will be verified, though this is a no-op for anonymous credentials. The dir parameter tells QEMU where to find the credential files. For server endpoints, this directory may contain a file dh-params.pem providing diffie- hellman parameters to use for the TLS server. If the file is missing, QEMU will generate a set of DH parameters at startup. This is a computationally expensive operation that consumes random pool entropy, so it is recommended that a persistent set of parameters be generated upfront and saved. -object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off Creates a TLS anonymous credentials object, which can be used to provide TLS support on network backends. The id parameter is a unique ID which network backends will use to access the credentials. The endpoint is either server or client depending on whether the QEMU network backend that uses the credentials will be acting as a client or as a server. If verify-peer is enabled (the default) then once the handshake is completed, the peer credentials will be verified. With x509 certificates, this implies that the clients must be provided with valid client certificates too. The dir parameter tells QEMU where to find the credential files. For server endpoints, this directory may contain a file dh-params.pem providing diffie- hellman parameters to use for the TLS server. If the file is missing, QEMU will generate a set of DH parameters at startup. This is a computationally expensive operation that consumes random pool entropy, so it is recommended that a persistent set of parameters be generated upfront and saved. For x509 certificate credentials the directory will contain further files providing the x509 certificates. The certificates must be stored in PEM format, in filenames ca-cert.pem, ca-crl.pem (optional), server-cert.pem (only servers), server-key.pem (only servers), client-cert.pem (only clients), and client-key.pem (only clients). -object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx] Interval t can't be 0, this filter batches the packet delivery: all packets arriving in a given interval on netdev netdevid are delayed until the end of the interval. Interval is in microseconds. queue all|rx|tx is an option that can be applied to any netfilter. all: the filter is attached both to the receive and the transmit queue of the netdev (default). rx: the filter is attached to the receive queue of the netdev, where it will receive packets sent to the netdev. tx: the filter is attached to the transmit queue of the netdev, where it will receive packets sent by the netdev. -object filter-dump,id=id,netdev=dev,file=filename][,maxlen=len] Dump the network traffic on netdev dev to the file specified by filename. At most len bytes (64k by default) per packet are stored. The file format is libpcap, so it can be analyzed with tools such as tcpdump or Wireshark. During the graphical emulation, you can use special key combinations to change modes. The default key mappings are shown below, but if you use "-alt-grab" then the modifier is Ctrl-Alt-Shift (instead of Ctrl-Alt) and if you use "-ctrl-grab" then the modifier is the right Ctrl key (instead of Ctrl-Alt): Ctrl-Alt-f Toggle full screen Ctrl-Alt-+ Enlarge the screen Ctrl-Alt-- Shrink the screen Ctrl-Alt-u Restore the screen's un-scaled dimensions Ctrl-Alt-n Switch to virtual console 'n'. Standard console mappings are: 1 Target system display 2 Monitor 3 Serial port Ctrl-Alt Toggle mouse and keyboard grab. In the virtual consoles, you can use Ctrl-Up, Ctrl-Down, Ctrl-PageUp and Ctrl-PageDown to move in the back log. During emulation, if you are using the -nographic option, use Ctrl-a h to get terminal commands: Ctrl-a h Ctrl-a ? Print this help Ctrl-a x Exit emulator Ctrl-a s Save disk data back to file (if -snapshot) Ctrl-a t Toggle console timestamps Ctrl-a b Send break (magic sysrq in Linux) Ctrl-a c Switch between console and monitor Ctrl-a Ctrl-a Send Ctrl-a The following options are specific to the PowerPC emulation: -g WxH[xDEPTH] Set the initial VGA graphic mode. The default is 800x600x32. -prom-env string Set OpenBIOS variables in NVRAM, for example: qemu-system-ppc -prom-env 'auto-boot?=false' \ -prom-env 'boot-device=hd:2,\yaboot' \ -prom-env 'boot-args=conf=hd:2,\yaboot.conf' These variables are not used by Open Hack'Ware. The following options are specific to the Sparc32 emulation: -g WxHx[xDEPTH] Set the initial graphics mode. For TCX, the default is 1024x768x8 with the option of 1024x768x24. For cgthree, the default is 1024x768x8 with the option of 1152x900x8 for people who wish to use OBP. -prom-env string Set OpenBIOS variables in NVRAM, for example: qemu-system-sparc -prom-env 'auto-boot?=false' \ -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single' -M [SS-4|SS-5|SS-10|SS-20|SS-600MP|LX|Voyager|SPARCClassic] [|SPARCbook] Set the emulated machine type. Default is SS-5. The following options are specific to the Sparc64 emulation: -prom-env string Set OpenBIOS variables in NVRAM, for example: qemu-system-sparc64 -prom-env 'auto-boot?=false' -M [sun4u|sun4v|Niagara] Set the emulated machine type. The default is sun4u.
SEE ALSO
The HTML documentation of QEMU for more precise information and Linux user mode emulator invocation.
AUTHOR
Fabrice Bellard 2021-02-17 QEMU(1)