Lines Matching +full:- +full:- +full:disable +full:- +full:seccomp
14 "-h or -help display this help and exit\n", QEMU_ARCH_ALL)
16 ``-h``
21 "-version display version information and exit\n", QEMU_ARCH_ALL)
23 ``-version``
28 "-machine [type=]name[,prop[=value][,...]]\n"
29 " selects emulated machine ('-machine help' for list)\n"
33 " dump-guest-core=on|off include guest memory in a core dump (default=on)\n"
34 " mem-merge=on|off controls memory merge support (default: on)\n"
35 " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n"
36 " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n"
37 " suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
39 " memory-encryption=@var{} memory encryption object to use (default=none)\n"
43 " aux-ram-share=on|off allocate auxiliary guest RAM as shared (default: off)\n"
45 …" memory-backend='backend-id' specifies explicitly provided backend for main RAM (d…
46 …" cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=s…
47 " smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel\n",
50 ``-machine [type=]name[,prop=value[,...]]``
51 Select the emulated machine by name. Use ``-machine help`` to list
57 "pc-i440fx-2.8" and "pc-q35-2.8" for the x86\_64/i686 architectures.
60 version 2.9.0, the 2.9.0 version must support the "pc-i440fx-2.8"
61 and "pc-q35-2.8" machines too. To allow users live migrating VMs to
79 ``dump-guest-core=on|off``
82 ``mem-merge=on|off``
84 supported by the host, de-duplicates identical memory pages
87 ``aes-key-wrap=on|off``
88 Enables or disables AES key wrapping support on s390-ccw hosts.
93 ``dea-key-wrap=on|off``
94 Enables or disables DEA key wrapping support on s390-ccw hosts.
102 ``memory-encryption=``
113 ``aux-ram-share=on|off``
117 It does not apply to memory-backend-objects, whether explicitly
118 specified on the command line, or implicitly created by the -m
121 To use the cpr-transfer migration mode, you must set aux-ram-share=on.
123 ``memory-backend='id'``
124 An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options.
130 -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
131 -machine memory-backend=pc.ram
132 -m 512M
136 * as backend id one shall use value of 'default-ram-id', advertised by
137 machine type (available via ``query-machines`` QMP command), if migration
140 use ``x-use-canonical-path-for-ramblock-id=off`` backend option
146 -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
147 -machine memory-backend=pc.ram
148 -m 512M
150 …``cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.…
158 configure the downstream Host-managed Device Memory (HDM) decoders
163 which may be identified by the id provided in the -device entry.
172 ``interleave-granularity=granularity`` sets the granularity of
180 …-machine cxl-fmw.0.targets.0=cxl.0,cxl-fmw.0.targets.1=cxl.1,cxl-fmw.0.size=128G,cxl-fmw.0.interle…
182 ``smp-cache.0.cache=cachename,smp-cache.0.topology=topologylevel``
207 …-machine smp-cache.0.cache=l1d,smp-cache.0.topology=core,smp-cache.1.cache=l1i,smp-cache.1.topolog…
211 " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
215 ``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
220 "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL)
222 ``-cpu model``
223 Select CPU model (``-cpu help`` for list and additional feature
228 "-accel [accel=]accelerator[,prop[=value][,...]]\n"
230 …" igd-passthru=on|off (enable Xen integrated Intel graphics passthrough, default=of…
231 … " kernel-irqchip=on|off|split controls accelerated irqchip support (default=on)\n"
232 " kvm-shadow-mem=size of KVM shadow MMU in bytes\n"
233 " one-insn-per-tb=on|off (one guest instruction per TCG translation block)\n"
234 " split-wx=on|off (enable TCG split w^x mapping)\n"
235 " tb-size=n (TCG translation block cache size)\n"
236 " dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
237 …" eager-split-size=n (KVM Eager Page Split chunk size, default 0, disabled. ARM onl…
238 …" notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit a…
239 " thread=single|multi (enable multi-threaded TCG)\n"
242 ``-accel name[,prop=value[,...]]``
249 ``igd-passthru=on|off``
254 ``kernel-irqchip=on|off|split``
255 Controls KVM in-kernel irqchip support. The default is full
258 non-MSI interrupts. Disabling the in-kernel irqchip completely
261 ``kvm-shadow-mem=size``
264 ``one-insn-per-tb=on|off``
268 the logs produced by the ``-d`` option.
270 ``split-wx=on|off``
276 ``tb-size=n``
280 Controls number of TCG threads. When the TCG is multi-threaded
282 additional host cores. The default is to enable multi-threading
283 where both the back-end and front-ends support it and no
287 ``dirty-ring-size=n``
288 When the KVM accelerator is used, it controls the size of the per-vCPU
293 Set this value to 0 to disable the feature. By default, this feature
294 is disabled (dirty-ring-size=0). When enabled, KVM will instead
297 ``eager-split-size=n``
299 enabling dirty-logging on a huge-page requires breaking it into
301 lazily by default. There are performance benefits in doing huge-page
303 with break-before-make sequences are considerable and also if guest
309 (eager-split-size=0).
311 ``notify-vmexit=run|internal-error|disable,notify-window=n``
315 if the exit happens. ``internal-error`` option enables the feature.
316 It raises a internal error. ``disable`` option doesn't enable the feature.
318 open up for a specified of time (i.e. notify-window).
319 Default: notify-vmexit=run,notify-window=0.
329 "-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets]\n"
346 " three-level CPU hierarchy of sockets/cores/threads, the parameters will\n"
352 " can be defined through the supported sub-option. Unsupported parameters\n"
353 " can also be provided in addition to the sub-option, but their values\n"
357 ``-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets][,dies=dies][,…
376 be defined through the supported sub-option. Unsupported parameters can
377 also be provided in addition to the sub-option, but their values must be
385 For example, the following sub-option defines a CPU topology hierarchy
393 -smp 8,sockets=2,cores=2,threads=2,maxcpus=8
395 The following sub-option defines a CPU topology hierarchy (2 sockets
403 -smp 32,sockets=2,dies=2,modules=2,cores=2,threads=2,maxcpus=32
405 The following sub-option defines a CPU topology hierarchy (2 sockets
413 -smp 16,sockets=2,clusters=2,cores=2,threads=2,maxcpus=16
426 -smp 2
429 to guest if it's explicitly specified in -smp.
433 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n"
434 "-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n"
435 "-numa dist,src=source,dst=destination,val=distance\n"
436 "-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]\n"
437 …"-numa hmat-lb,initiator=node,target=node,hierarchy=memory|first-level|second-level|third-level,da…
438 …"-numa hmat-cache,node-id=node,size=size,level=level[,associativity=none|direct|complex][,policy=n…
441 ``-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``
443 ``-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``
445 ``-numa dist,src=source,dst=destination,val=distance``
447 ``-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]``
449 ``-numa hmat-lb,initiator=node,target=node,hierarchy=hierarchy,data-type=type[,latency=lat][,bandwi…
451 ``-numa hmat-cache,node-id=node,size=size,level=level[,associativity=str][,policy=str][,line=size]``
459 omitted). A non-contiguous set of VCPUs can be represented by
468 -numa node,cpus=0-2,cpus=5
471 which uses '\ ``socket-id|core-id|thread-id``\ ' properties to
475 '\ ``hotpluggable-cpus``\ ' monitor command. '\ ``node-id``\ '
484 -M pc \
485 -smp 1,sockets=2,maxcpus=2 \
486 -numa node,nodeid=0 -numa node,nodeid=1 \
487 -numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1
494 '\ ``-memory-backend-ram``\ ' allows memory preallocation).
504 for '\ ``-numa node``\ ' without memory specified was removed.
518 -machine hmat=on \
519 -m 2G,slots=2,maxmem=4G \
520 -object memory-backend-ram,size=1G,id=m0 \
521 -object memory-backend-ram,size=1G,id=m1 \
522 -numa node,nodeid=0,memdev=m0 \
523 -numa node,nodeid=1,memdev=m1,initiator=0 \
524 -smp 2,sockets=2,maxcpus=2 \
525 -numa cpu,node-id=0,socket-id=0 \
526 -numa cpu,node-id=0,socket-id=1
539 Note that the -``numa`` option doesn't allocate any of the specified
541 means that one still has to use the ``-m``, ``-smp`` options to
544 Use '\ ``hmat-lb``\ ' to set System Locality Latency and Bandwidth
550 In '\ ``hmat-lb``\ ' option, node are NUMA node IDs. hierarchy is
553 hierarchy is 'first-level\|second-level\|third-level', this
555 for each domain. type of 'data-type' is type of data represented by
556 this structure instance: if 'hierarchy' is 'memory', 'data-type' is
559 'first-level\|second-level\|third-level', 'data-type' is
569 In '\ ``hmat-cache``\ ' option, node-id is the NUMA-id of the memory
572 level 0 should not be used with '\ ``hmat-cache``\ ' option.
574 'none/direct(direct-mapped)/complex(complex cache indexing)'. policy
579 access memory in node 0 with access-latency 5 nanoseconds,
580 access-bandwidth is 200 MB/s; The processors in NUMA node 0 access
581 memory in NUMA node 1 with access-latency 10 nanoseconds,
582 access-bandwidth is 100 MB/s. And for memory side cache information,
584 policy is write-back, the cache Line size is 8 bytes:
588 -machine hmat=on \
589 -m 2G \
590 -object memory-backend-ram,size=1G,id=m0 \
591 -object memory-backend-ram,size=1G,id=m1 \
592 -smp 2,sockets=2,maxcpus=2 \
593 -numa node,nodeid=0,memdev=m0 \
594 -numa node,nodeid=1,memdev=m1,initiator=0 \
595 -numa cpu,node-id=0,socket-id=0 \
596 -numa cpu,node-id=0,socket-id=1 \
597 -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=5 \
598 … -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=200M \
599 -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=10 \
600 … -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=100M \
601 -numa hmat-cache,node-id=0,size=10K,level=1,associativity=direct,policy=write-back,line=8 \
602 -numa hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8
605 DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd,
606 "-add-fd fd=fd,set=set[,opaque=opaque]\n"
609 ``-add-fd fd=fd,set=set[,opaque=opaque]``
622 This option defines a free-form string that can be used to
625 You can open an image using pre-opened file descriptors from an fd
628 .. parsed-literal::
631 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
632 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
633 -drive file=/dev/fdset/2,index=0,media=disk
637 "-set group.id.arg=value\n"
639 " i.e. -set drive.$id.file=/path/to/image\n", QEMU_ARCH_ALL)
641 ``-set group.id.arg=value``
646 "-global driver.property=value\n"
647 "-global driver=driver,property=property,value=value\n"
651 ``-global driver.prop=value``
653 ``-global driver=driver,property=property,value=value``
656 .. parsed-literal::
658 |qemu_system_x86| -global ide-hd.physical_block_size=4096 disk-image.img
663 use -``device``.
665 -global driver.prop=value is shorthand for -global
671 "-boot [order=drives][,once=drives][,menu=on|off]\n"
672 " [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]\n"
673 " 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)\n"
679 ``-boot [order=drives][,once=drives][,menu=on|off][,splash=sp_name][,splash-time=sp_time][,reboot-t…
682 (floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p
683 (Etherboot from network adapter 1-4), hard disk boot is the default.
691 as firmware/BIOS supports them. The default is non-interactive boot.
702 ms when boot failed, then reboot. If rb\_timeout is '-1', guest will
703 not reboot, qemu passes '-1' to bios by default. Currently Seabios
708 options. The default is non-strict boot.
710 .. parsed-literal::
713 |qemu_system_x86| -boot order=nc
714 # boot from CD-ROM first, switch back to default order after reboot
715 |qemu_system_x86| -boot once=d
717 |qemu_system_x86| -boot menu=on,splash=/root/boot.bmp,splash-time=5000
719 Note: The legacy format '-boot drives' is still supported but its
724 "-m [size=]megs[,slots=n,maxmem=size]\n"
732 ``-m [size=]megs[,slots=n,maxmem=size]``
739 For example, the following command-line sets the guest startup RAM
743 .. parsed-literal::
745 |qemu_system| -m 1G,slots=3,maxmem=4G
751 DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath,
752 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL)
754 ``-mem-path path``
758 DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc,
759 "-mem-prealloc preallocate guest memory (use with -mem-path)\n",
762 ``-mem-prealloc``
763 Preallocate memory when using -mem-path.
767 "-k language use keyboard layout (for example 'fr' for French)\n",
770 ``-k language``
781 ar de-ch es fo fr-ca hu ja mk no pt-br sv
782 da en-gb et fr fr-ch is lt nl pl ru th
783 de en-us fi fr-be hr it lv nl-be pt sl tr
785 The default is ``en-us``.
790 "-audio [driver=]driver[,prop[=value][,...]]\n"
793 " options are the same as for -audiodev\n"
794 "-audio [driver=]driver,model=value[,prop[=value][,...]]\n"
796 " apart from 'model', options are the same as for -audiodev.\n"
797 " use '-audio model=help' to show possible devices.\n",
800 ``-audio [driver=]driver[,model=value][,prop[=value][,...]]``
801 If the ``model`` option is specified, ``-audio`` is a shortcut
807 The following two example do exactly the same, to show how ``-audio``
810 .. parsed-literal::
812 |qemu_system| -audiodev pa,id=pa -device sb16,audiodev=pa
813 |qemu_system| -audio pa,model=sb16
815 If the ``model`` option is not specified, ``-audio`` is used to
818 particular, ``-audio none`` ensures that no audio is produced even
822 ``-audiodev`` option below. Use ``driver=help`` to list the available
828 "-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n"
830 " Use ``-audiodev help`` to list the available drivers\n"
832 " timer-period= timer period in microseconds\n"
833 " in|out.mixing-engine= use mixing engine to mix streams inside QEMU\n"
834 " in|out.fixed-settings= use fixed settings for host audio\n"
840 " in|out.buffer-length= length of buffer in microseconds\n"
841 "-audiodev none,id=id,[,prop[=value][,...]]\n"
844 "-audiodev alsa,id=id[,prop[=value][,...]]\n"
846 " in|out.period-length= length of period in microseconds\n"
847 " in|out.try-poll= attempt to use poll mode\n"
851 "-audiodev coreaudio,id=id[,prop[=value][,...]]\n"
852 " in|out.buffer-count= number of buffers\n"
855 "-audiodev dsound,id=id[,prop[=value][,...]]\n"
859 "-audiodev oss,id=id[,prop[=value][,...]]\n"
861 " in|out.buffer-count= number of buffers\n"
862 " in|out.try-poll= attempt to use poll mode\n"
863 " try-mmap= try using memory mapped access\n"
865 " dsp-policy= set timing policy (0..10), -1 to use fragment mode\n"
868 "-audiodev pa,id=id[,prop[=value][,...]]\n"
874 "-audiodev pipewire,id=id[,prop[=value][,...]]\n"
876 " in|out.stream-name= name of pipewire stream\n"
880 "-audiodev sdl,id=id[,prop[=value][,...]]\n"
881 " in|out.buffer-count= number of buffers\n"
884 "-audiodev sndio,id=id[,prop[=value][,...]]\n"
887 "-audiodev spice,id=id[,prop[=value][,...]]\n"
890 "-audiodev dbus,id=id[,prop[=value][,...]]\n"
892 "-audiodev wav,id=id[,prop[=value][,...]]\n"
896 ``-audiodev [driver=]driver,id=id[,prop[=value][,...]]``
905 -audiodev alsa,id=example,in.frequency=44110,out.frequency=8000
906 -audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified
917 ``timer-period=period``
921 ``in|out.mixing-engine=on|off``
924 off, fixed-settings must be off too. Note that disabling this
927 otherwise you'll get no sound. It's not recommended to disable
931 ``in|out.fixed-settings=on|off``
937 Specify the frequency to use when using fixed-settings. Default
941 Specify the number of channels to use when using fixed-settings.
945 Specify the sample format to use when using fixed-settings.
952 ``in|out.buffer-length=usecs``
955 ``-audiodev none,id=id[,prop[=value][,...]]``
959 ``-audiodev alsa,id=id[,prop[=value][,...]]``
969 ``in|out.period-length=usecs``
972 ``in|out.try-poll=on|off``
978 ``-audiodev coreaudio,id=id[,prop[=value][,...]]``
984 ``in|out.buffer-count=count``
987 ``-audiodev dsound,id=id[,prop[=value][,...]]``
997 ``-audiodev oss,id=id[,prop[=value][,...]]``
999 Unix-like systems.
1007 ``in|out.buffer-count=count``
1010 ``in|out.try-poll=on|off``
1013 ``try-mmap=on|off``
1020 ``dsp-policy=policy``
1022 means smaller latency but higher CPU usage). Use -1 to use
1023 buffer sizes specified by ``buffer`` and ``buffer-count``. This
1026 ``-audiodev pa,id=id[,prop[=value][,...]]``
1042 ``-audiodev pipewire,id=id[,prop[=value][,...]]``
1054 ``in|out.stream-name``
1057 ``-audiodev sdl,id=id[,prop[=value][,...]]``
1064 ``in|out.buffer-count=count``
1067 ``-audiodev sndio,id=id[,prop[=value][,...]]``
1069 OpenBSD and most other Unix-like systems.
1080 ``-audiodev spice,id=id[,prop[=value][,...]]``
1082 requires ``-spice`` and automatically selected in that case, so
1086 ``-audiodev wav,id=id[,prop[=value][,...]]``
1097 "-device driver[,prop[=value][,...]]\n"
1100 " use '-device help' to print all possible drivers\n"
1101 " use '-device driver,help' to print all possible properties\n",
1104 ``-device driver[,prop[=value][,...]]``
1107 properties, use ``-device help`` and ``-device driver,help``.
1111 ``-device ipmi-bmc-sim,id=id[,prop[=value][,...]]``
1145 ``-device ipmi-bmc-extern,id=id,chardev=id[,slave_addr=val]``
1151 it is strongly recommended that you use the "reconnect-ms=" chardev
1162 ``-device isa-ipmi-kcs,bmc=id[,ioport=val][,irq=val]``
1167 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern
1175 Define the interrupt to use. The default is 5. To disable
1178 ``-device isa-ipmi-bt,bmc=id[,ioport=val][,irq=val]``
1182 ``-device pci-ipmi-kcs,bmc=id``
1186 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above.
1188 ``-device pci-ipmi-bt,bmc=id``
1191 ``-device intel-iommu[,option=...]``
1192 This is only supported by ``-machine q35``, which will enable Intel VT-d
1197 complete x2apic. Currently it only supports kvm kernel-irqchip modes
1198 ``off`` or ``split``, while full kernel-irqchip is not yet supported.
1200 kernel-irqchip.
1202 ``caching-mode=on|off`` (default: off)
1203 This enables caching mode for the VT-d emulated device. When
1204 caching-mode is enabled, each guest DMA buffer mapping will generate an
1206 a synchronous way. It is required for ``-device vfio-pci`` to work
1207 with the VT-d device, because host assigned devices requires to setup
1210 ``device-iotlb=on|off`` (default: off)
1211 This enables device-iotlb capability for the emulated VT-d device. So
1215 ``aw-bits=39|48`` (default: 39)
1217 space has 39 bits width for 3-level IOMMU page tables, and 48 bits for
1218 4-level IOMMU page tables.
1220 Please also refer to the wiki page for general scenarios of VT-d
1221 emulation in QEMU: https://wiki.qemu.org/Features/VT-d.
1223 ``-device virtio-iommu-pci[,option=...]``
1224 This is only supported by ``-machine q35`` (x86_64) and ``-machine virt`` (ARM).
1229 virtio-iommu. If host, the granule matches the host page size.
1231 ``aw-bits=val`` (val between 32 and 64, default depends on machine)
1237 "-name string1[,process=string2][,debug-threads=on|off]\n"
1240 " When debug-threads is enabled, individual threads are given a separate name\n"
1244 ``-name name``
1252 "-uuid %08x-%04x-%04x-%04x-%012x\n"
1255 ``-uuid uuid``
1270 ``-device`` to specify the hardware device and ``-blockdev`` to
1276 The ``-drive`` option combines the device and backend into a single
1281 Older options like ``-hda`` are essentially macros which expand into
1282 ``-drive`` options for various drive interfaces. The original forms
1289 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
1292 ``-fda file``
1294 ``-fdb file``
1300 "-hda/-hdb file use 'file' as hard disk 0/1 image\n", QEMU_ARCH_ALL)
1303 "-hdc/-hdd file use 'file' as hard disk 2/3 image\n", QEMU_ARCH_ALL)
1306 ``-hda file``
1308 ``-hdb file``
1310 ``-hdc file``
1312 ``-hdd file``
1321 "-cdrom file use 'file' as CD-ROM image\n",
1324 ``-cdrom file``
1325 Use file as CD-ROM image on the default bus of the emulated machine
1326 (which is IDE1 master on x86, so you cannot use ``-hdc`` and ``-cdrom``
1328 host CD-ROM by using ``/dev/cdrom`` as filename.
1332 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n"
1333 " [,cache.direct=on|off][,cache.no-flush=on|off]\n"
1334 " [,read-only=on|off][,auto-read-only=on|off]\n"
1335 " [,force-share=on|off][,detect-zeroes=on|off|unmap]\n"
1339 ``-blockdev option[,option[,option[,...]]]``
1347 existing node (file=node-name), or you define a new node inline,
1351 A block driver node created with ``-blockdev`` can be used for a
1353 in a ``-device`` argument that defines a block device.
1359 ``node-name``
1363 (if you use ``-drive`` as well) the ID of a drive.
1370 ``read-only``
1371 Open the node read-only. Guest write attempts will fail.
1373 Note that some block drivers support only read-only access,
1375 the default value ``read-only=off`` does not work and the
1378 ``auto-read-only``
1379 If ``auto-read-only=on`` is set, QEMU may fall back to
1380 read-only usage even when ``read-only=off`` is requested, or
1385 ``force-share``
1394 Enabling ``force-share=on`` requires ``read-only=on``.
1401 ``cache.no-flush``
1403 failures, you can use ``cache.no-flush=on``. This option
1416 ``detect-zeroes=detect-zeroes``
1417 detect-zeroes is "off", "on" or "unmap" and enables the
1423 ``Driver-specific options for file``
1424 This is the protocol-level block driver for accessing regular
1444 -blockdev driver=file,node-name=disk,filename=disk.img
1446 ``Driver-specific options for raw``
1459 -blockdev driver=file,node-name=disk_file,filename=disk.img
1460 -blockdev driver=raw,node-name=disk,file=disk_file
1466 -blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img
1468 ``Driver-specific options for qcow2``
1480 pass ``null`` here in order to disable the default backing
1483 ``lazy-refcounts``
1487 ``cache-size``
1489 caches in bytes (default: the sum of l2-cache-size and
1490 refcount-cache-size)
1492 ``l2-cache-size``
1494 cache-size is not specified - 32M on Linux platforms, and 8M
1495 on non-Linux platforms; otherwise, as large as possible
1496 within the cache-size, while permitting the requested or the
1499 ``refcount-cache-size``
1501 (default: 4 times the cluster size; or if cache-size is
1505 ``cache-clean-interval``
1511 ``pass-discard-request``
1516 ``pass-discard-snapshot``
1521 ``pass-discard-other``
1526 ``discard-no-unref``
1531 setting of the pass-discard-request option. Keeping the clusters
1533 caused by freeing and re-allocating them later. Besides potential
1542 ``overlap-check``
1546 ``blockdev-add``.
1552 -blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2
1553 -blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216
1559 …-blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2
1561 ``Driver-specific options for other drivers``
1562 Please refer to the QAPI documentation of the ``blockdev-add``
1567 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n"
1572 " [,readonly=on|off][,copy-on-read=on|off]\n"
1573 " [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n"
1582 ``-drive option[,option[,option[,...]]]``
1585 defining the corresponding ``-blockdev`` and ``-device`` options.
1587 ``-drive`` accepts all options that are accepted by ``-blockdev``.
1619 given drive (see ``-snapshot``).
1625 and ``cache.no-flush`` options (as in ``-blockdev``), and
1627 the ``write-cache`` option of block guest devices (as in
1628 ``-device``). The modes correspond to the following settings:
1631 \ cache.writeback cache.direct cache.no-flush
1659 ``copy-on-read=copy-on-read``
1660 copy-on-read is "on" or "off" and enables whether to copy read
1708 When using the ``-snapshot`` option, unsafe caching is always used.
1710 Copy-on-read avoids accessing the same backing file sectors
1712 network. By default copy-on-read is off.
1714 Instead of ``-cdrom`` you can use:
1716 .. parsed-literal::
1718 |qemu_system| -drive file=file,index=2,media=cdrom
1720 Instead of ``-hda``, ``-hdb``, ``-hdc``, ``-hdd``, you can use:
1722 .. parsed-literal::
1724 |qemu_system| -drive file=file,index=0,media=disk
1725 |qemu_system| -drive file=file,index=1,media=disk
1726 |qemu_system| -drive file=file,index=2,media=disk
1727 |qemu_system| -drive file=file,index=3,media=disk
1729 You can open an image using pre-opened file descriptors from an fd
1732 .. parsed-literal::
1735 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
1736 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
1737 -drive file=/dev/fdset/2,index=0,media=disk
1741 .. parsed-literal::
1743 |qemu_system_x86| -drive file=file,if=ide,index=1,media=cdrom
1748 .. parsed-literal::
1750 |qemu_system_x86| -drive if=ide,index=1,media=cdrom
1752 Instead of ``-fda``, ``-fdb``, you can use:
1754 .. parsed-literal::
1756 |qemu_system_x86| -drive file=file,index=0,if=floppy
1757 |qemu_system_x86| -drive file=file,index=1,if=floppy
1762 .. parsed-literal::
1764 |qemu_system_x86| -drive file=a -drive file=b
1768 .. parsed-literal::
1770 |qemu_system_x86| -hda a -hdb b
1774 "-mtdblock file use 'file' as on-board Flash memory image\n",
1777 ``-mtdblock file``
1778 Use file as on-board Flash memory image.
1782 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL)
1784 ``-sd file``
1789 "-snapshot write to temporary files instead of disk image files\n",
1792 ``-snapshot``
1795 force the write back by pressing C-a s (see the :ref:`disk images`
1799 snapshot is incompatible with ``-blockdev`` (instead use qemu-img
1801 If you have mixed ``-blockdev`` and ``-drive`` declarations you
1808 "-fsdev local,id=id,path=path,security_model=mapped-xattr|mapped-file|passthrough|none\n"
1810 " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n"
1811 " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n"
1812 …" [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n"
1813 …" [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm…
1814 " [[,throttling.iops-size=is]]\n"
1815 "-fsdev synth,id=id\n",
1819 ``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly=on][,fm…
1821 ``-fsdev synth,id=id[,readonly=on]``
1839 Supported security models are "passthrough", "mapped-xattr",
1840 "mapped-file" and "none". In "passthrough" security model, files
1842 guest. This requires QEMU to run as root. In "mapped-xattr"
1845 "mapped-file" these attributes are stored in the hidden
1861 default read-write access is given.
1865 Works only with security models "mapped-xattr" and
1866 "mapped-file".
1870 host. Works only with security models "mapped-xattr" and
1871 "mapped-file".
1873 ``throttling.bps-total=b,throttling.bps-read=r,throttling.bps-write=w``
1877 ``throttling.bps-total-max=bm,bps-read-max=rm,bps-write-max=wm``
1882 ``throttling.iops-total=i,throttling.iops-read=r, throttling.iops-write=w``
1886 ``throttling.iops-total-max=im,throttling.iops-read-max=irm, throttling.iops-write-max=iwm``
1891 ``throttling.iops-size=is``
1895 -fsdev option is used along with -device driver "virtio-9p-...".
1897 ``-device virtio-9p-type,fsdev=id,mount_tag=mount_tag``
1898 Options for virtio-9p-... driver are:
1905 Specifies the id value specified along with -fsdev option.
1913 … "-virtfs local,path=path,mount_tag=tag,security_model=mapped-xattr|mapped-file|passthrough|none\n"
1915 "-virtfs synth,mount_tag=tag[,id=id][,readonly=on]\n",
1919 ``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,r…
1921 ``-virtfs synth,mount_tag=mount_tag``
1923 a virtio-9p-device (a.k.a. 9pfs), which essentially means that a certain
1924 directory on host is made directly accessible by guest as a pass-through
1929 Note that ``-virtfs`` is actually just a convenience shortcut for its
1930 generalized form ``-fsdev -device virtio-9p-pci``.
1932 The general form of pass-through file system options are:
1949 Supported security models are "passthrough", "mapped-xattr",
1950 "mapped-file" and "none". In "passthrough" security model, files
1952 guest. This requires QEMU to run as root. In "mapped-xattr"
1955 "mapped-file" these attributes are stored in the hidden
1971 default read-write access is given.
1975 Works only with security models "mapped-xattr" and
1976 "mapped-file".
1980 host. Works only with security models "mapped-xattr" and
1981 "mapped-file".
2021 "-iscsi [user=user][,password=password][,password-secret=secret-id]\n"
2022 " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE]\n"
2023 " [,initiator-name=initiator-iqn][,id=target-iqn]\n"
2028 ``-iscsi``
2037 "-usb enable on-board USB host controller (if not enabled by default)\n",
2040 ``-usb``
2041 Enable USB emulation on machine types with an on-board USB host
2042 controller (if not enabled by default). Note that on-board USB host
2044 ``-device qemu-xhci`` can be used instead on machines with PCI.
2048 "-usbdevice name add the host or guest USB device 'name'\n",
2051 ``-usbdevice devname``
2052 Add the USB device devname, and enable an on-board USB controller
2054 ``-machine usb=on``). Note that this option is mainly intended for
2055 the user's convenience only. More fine-grained control can be
2057 desired USB device via the ``-device`` option instead. For example,
2058 instead of using ``-usbdevice mouse`` it is possible to use
2059 ``-device qemu-xhci -device usb-mouse`` to connect the USB mouse
2070 ``usb-braille`` USB device).
2085 ``wacom-tablet``
2097 "-display spice-app[,gl=on|off]\n"
2100 "-display sdl[,gl=on|core|es|off][,grab-mod=<mod>][,show-cursor=on|off]\n"
2101 " [,window-close=on|off]\n"
2104 "-display gtk[,full-screen=on|off][,gl=on|off][,grab-on-hover=on|off]\n"
2105 " [,show-tabs=on|off][,show-cursor=on|off][,window-close=on|off]\n"
2106 " [,show-menubar=on|off][,zoom-to-fit=on|off]\n"
2109 "-display vnc=<display>[,<optargs>]\n"
2112 "-display curses[,charset=<encoding>]\n"
2115 "-display cocoa[,full-grab=on|off][,swap-opt-cmd=on|off]\n"
2116 " [,show-cursor=on|off][,left-command-key=on|off]\n"
2117 " [,full-screen=on|off][,zoom-to-fit=on|off]\n"
2120 "-display egl-headless[,rendernode=<file>]\n"
2123 "-display dbus[,addr=<dbusaddr>]\n"
2126 "-display none\n"
2130 "\"-display gtk\"\n"
2132 "\"-display sdl\"\n"
2134 "\"-display cocoa\"\n"
2136 "\"-vnc localhost:0,to=99,id=default\"\n"
2138 "\"-display none\"\n"
2142 ``-display type``
2143 Select type of display to use. Use ``-display help`` to list the available
2146 ``spice-app[,gl=on|off]``
2152 Export the display over D-Bus interfaces. (Since 7.0)
2157 ``addr=<dbusaddr>`` : D-Bus bus address to connect to.
2159 ``p2p=yes|no`` : Use peer-to-peer connection, accepted via QMP ``add_client``.
2161 ``gl=on|off|core|es`` : Use OpenGL for rendering (the D-Bus interface
2169 ``grab-mod=<mods>`` : Used to select the modifier keys for toggling
2171 either ``lshift-lctrl-lalt`` or ``rctrl``.
2175 ``show-cursor=on|off`` : Force showing the mouse cursor
2177 ``window-close=on|off`` : Allow to quit qemu with window close button
2181 drop-down menus and other UI elements to configure and control
2184 ``full-screen=on|off`` : Start in fullscreen mode
2188 ``grab-on-hover=on|off`` : Grab keyboard input on mouse hover
2190 ``show-tabs=on|off`` : Display the tab bar for switching between the
2194 ``show-cursor=on|off`` : Force showing the mouse cursor
2196 ``window-close=on|off`` : Allow to quit qemu with window close button
2198 ``show-menubar=on|off`` : Display the main window menubar, defaults to "on"
2200 ``zoom-to-fit=on|off`` : Expand video output to the window size,
2216 provides drop-down menus and other UI elements to configure and
2219 ``full-grab=on|off`` : Capture all key presses, including system combos.
2223 https://support.apple.com/en-in/guide/mac-help/mh32356/mac
2225 ``swap-opt-cmd=on|off`` : Swap the Option and Command keys so that their
2226 key codes match their position on non-Mac
2230 ``show-cursor=on|off`` : Force showing the mouse cursor
2232 ``left-command-key=on|off`` : Disable forwarding left command key to host
2234 ``full-screen=on|off`` : Start in fullscreen mode
2236 ``zoom-to-fit=on|off`` : Expand video output to the window size,
2239 ``egl-headless[,rendernode=<file>]``
2250 the QEMU user. This option differs from the -nographic option in
2251 that it only affects what is done with video output; -nographic
2257 "-nographic disable graphical output and redirect serial I/Os to console\n",
2260 ``-nographic``
2263 monitor in a window. With this option, you can totally disable
2268 Use C-a h for help on switching between the console and monitor.
2273 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n"
2274 " [,x509-key-file=<file>][,x509-key-password=<file>]\n"
2275 " [,x509-cert-file=<file>][,x509-cacert-file=<file>]\n"
2276 " [,x509-dh-key-file=<file>][,addr=addr]\n"
2278 " [,tls-ciphers=<list>]\n"
2279 " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
2280 " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
2281 " [,sasl=on|off][,disable-ticketing=on|off]\n"
2282 " [,password-secret=<secret-id>]\n"
2283 " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
2284 " [,jpeg-wan-compression=[auto|never|always]]\n"
2285 " [,zlib-glz-wan-compression=[auto|never|always]]\n"
2286 " [,streaming-video=[off|all|filter]][,disable-copy-paste=on|off]\n"
2287 " [,disable-agent-file-xfer=on|off][,agent-mouse=[on|off]]\n"
2288 " [,playback-compression=[on|off]][,seamless-migration=[on|off]]\n"
2289 " [,video-codec=<codec>\n"
2290 " [,max-refresh-rate=rate\n"
2293 " at least one of {port, tls-port} is mandatory\n",
2297 ``-spice option[,option[,...]]``
2310 ``password-secret=<secret-id>``
2328 ``disable-ticketing=on|off``
2331 ``disable-copy-paste=on|off``
2332 Disable copy paste between the client and the guest.
2334 ``disable-agent-file-xfer=on|off``
2335 Disable spice-vdagent based file-xfer between the client and the
2338 ``tls-port=<nr>``
2341 ``x509-dir=<dir>``
2342 Set the x509 file directory. Expects same filenames as -vnc
2345 …``x509-key-file=<file>``; \ ``x509-key-password=<file>``; \ ``x509-cert-file=<file>``; \ ``x509-ca…
2348 ``tls-ciphers=<list>``
2351 …``tls-channel=[main|display|cursor|inputs|record|playback]``; \ ``plaintext-channel=[main|display|…
2359 ``image-compression=[auto_glz|auto_lz|quic|glz|lz|off]``
2362 ``jpeg-wan-compression=[auto|never|always]``; \ ``zlib-glz-wan-compression=[auto|never|always]``
2366 ``streaming-video=[off|all|filter]``
2369 ``agent-mouse=[on|off]``
2370 Enable/disable passing mouse events via vdagent. Default is on.
2372 ``playback-compression=[on|off]``
2373 Enable/disable audio stream compression (using celt 0.5.1).
2376 ``seamless-migration=[on|off]``
2377 Enable/disable spice seamless migration. Default is off.
2379 ``video-codec=<codec>``
2386 ``max-refresh-rate=rate``
2391 Enable/disable OpenGL context. Default is off.
2399 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n"
2402 ``-vga type``
2419 VMWare SVGA-II compatible adapter. Use it if you have
2431 framebuffer for sun4m machines and offers both 8-bit and 24-bit
2435 (sun4m only) Sun cgthree framebuffer. This is a simple 8-bit
2444 Disable VGA card.
2447 DEF("full-screen", 0, QEMU_OPTION_full_screen,
2448 "-full-screen start in full screen\n", QEMU_ARCH_ALL)
2450 ``-full-screen``
2455 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n",
2458 ``-g`` *width*\ ``x``\ *height*\ ``[x``\ *depth*\ ``]``
2471 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL)
2474 ``-vnc display[,option[,option[,...]]]``
2480 using this option (option ``-device usb-tablet``). When using the
2481 VNC display, you must use the ``-k`` parameter to set the keyboard
2482 layout if you are not using en-us. Valid syntax for the display is
2486 until the number L, if the originally defined "-vnc display" is
2542 should use ``expire_password <protocol> <expiration-time>``
2553 ``password-secret=<secret-id>``
2556 object identified by ``secret-id``.
2558 ``tls-creds=ID``
2564 using the ``-object tls-creds`` argument.
2566 ``tls-authz=ID``
2589 ``sasl-authz=ID``
2599 creation of two ``authz-list`` objects with IDs of
2604 ``sasl-authz`` and ``tls-authz`` options are a replacement.
2612 ``non-adaptive=on|off``
2613 Disable adaptive encodings. Adaptive encodings are enabled by
2620 ``share=[allow-exclusive|force-shared|ignore]``
2621 Set display sharing policy. 'allow-exclusive' allows clients to
2625 session (vncviewer: -shared switch). This is the default.
2626 'force-shared' disables exclusive client access. Useful for
2628 specify -shared disconnect everybody else. 'ignore' completely
2633 ``key-delay-ms``
2635 milliseconds. Default is 10. Keyboards are low-bandwidth
2643 transmission. When not using an -audiodev argument, this option
2647 ``power-control=on|off``
2656 DEF("win2k-hack", 0, QEMU_OPTION_win2k_hack,
2657 "-win2k-hack use it when installing Windows 2000 to avoid a disk full bug\n",
2660 ``-win2k-hack``
2663 option slows down the IDE transfers). Synonym of ``-global
2664 ide-device.win2k-install-hack=on``.
2667 DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
2668 "-no-fd-bootchk disable boot signature checking for floppy disks\n",
2671 ``-no-fd-bootchk``
2672 Disable boot signature checking for floppy disks in BIOS. May be
2673 needed to boot from old floppy disks. Synonym of ``-m fd-bootchk=off``.
2677 …"-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,a…
2680 ``-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n] [,asl_compiler_id=str][,…
2693 "-smbios file=binary\n"
2695 "-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]\n"
2698 "-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]\n"
2701 "-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str]\n"
2704 "-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str]\n"
2707 "-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n"
2708 " [,asset=str][,part=str][,max-speed=%d][,current-speed=%d]\n"
2709 " [,processor-family=%d][,processor-id=%d]\n"
2711 …"-smbios type=8[,external_reference=str][,internal_reference=str][,connector_type=%d][,port_type=%…
2713 "-smbios type=11[,value=str][,path=filename]\n"
2715 "-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n"
2718 "-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]\n"
2722 ``-smbios file=binary``
2725 ``-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off]``
2728 ``-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str][,uuid=uuid][,sku=str][…
2731 ``-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str][,asset=str][,location=…
2734 ``-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str][,sku=str]``
2737 ``-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str…
2740 ``-smbios type=9[,slot_designation=str][,slot_type=%d][,slot_data_bus_width=%d][,current_usage=%d][…
2743 ``-smbios type=11[,value=str][,path=filename]``
2764 .. parsed-literal::
2766 -smbios type=11,value=cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/,\\
2772 .. parsed-literal::
2774 $ dmidecode -t 11
2777 String 1: cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/
2782 ``-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,…
2785 ``-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]``
2794 .. parsed-literal::
2796 -netdev user,id=internet \\
2797 -device virtio-net-pci,mac=50:54:00:00:00:42,netdev=internet,id=internet-dev \\
2798 -smbios type=41,designation='Onboard LAN',instance=1,kind=ethernet,pcidev=internet-dev
2802 ..parsed-literal::
2804 $ ip -brief l
2818 "-netdev passt,id=str[,path=file][,quiet=on|off][,vhost-user=on|off]\n"
2820 " [,interface=name][,outbound=address][,outbound-if4=name]\n"
2821 " [,outbound-if6=name][,dns=addr][,search=list][,fqdn=name]\n"
2822 " [,dhcp-dns=on|off][,dhcp-search=on|off][,map-host-loopback=addr]\n"
2823 " [,map-guest-addr=addr][,dns-forward=addr][,dns-host=addr]\n"
2826 " [,ipv4=on|off][,ipv6=on|off][,tcp-ports=spec][,udp-ports=spec]\n"
2832 … " by default, passt will be started in socket-based mode, to enable vhost-mode,\n"
2833 " use 'vhost-user=on'\n"
2838 "-netdev user,id=str[,ipv4=on|off][,net=addr[/mask]][,host=addr]\n"
2839 " [,ipv6=on|off][,ipv6-net=addr[/int]][,ipv6-host=addr]\n"
2841 " [,dns=addr][,ipv6-dns=addr][,dnssearch=domain][,domainname=domain]\n"
2842 " [,tftp=dir][,tftp-server-name=name][,bootfile=f][,hostfwd=rule][,guestfwd=rule]"
2850 "-netdev tap,id=str,ifname=name\n"
2853 "-netdev tap,id=str[,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]\n"
2856 " [,poll-us=n]\n"
2862 " use '[down]script=no' to disable script execution\n"
2873 " use vhostforce=on to force vhost on for non-MSIX virtio guests\n"
2877 " use 'poll-us=n' to specify the maximum number of microseconds that could be\n"
2879 "-netdev bridge,id=str[,br=bridge][,helper=helper]\n"
2885 "-netdev l2tpv3,id=str,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport]\n"
2893 " VM to a router and even VM to Host. It is a nearly-universal\n"
2894 " standard (RFC3931). Note - this implementation uses static\n"
2895 " pre-configured tunnels (same as the Linux kernel).\n"
2907 " use 'counter=off' to force a 'cut-down' L2TPv3 with no counter\n"
2911 "-netdev socket,id=str[,fd=h][,listen=[host]:port][,connect=host:port]\n"
2914 "-netdev socket,id=str[,fd=h][,mcast=maddr:port[,localaddr=addr]]\n"
2917 "-netdev socket,id=str[,fd=h][,udp=host:port][,localaddr=host:port]\n"
2920 …-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,n…
2921 …"-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|o…
2922 …"-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=millise…
2925 …"-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.h…
2926 …"-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str…
2929 …"-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.hos…
2930 "-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]\n"
2931 "-netdev dgram,id=str,local.type=fd,local.str=file-descriptor\n"
2935 "-netdev vde,id=str[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]\n"
2942 "-netdev netmap,id=str,ifname=name[,devname=nmname]\n"
2943 " attach to the existing netmap-enabled network interface 'name', or to a\n"
2948 "-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off]\n"
2949 " [,queues=n][,start-queue=m][,inhibit=on|off][,sock-fds=x:y:...:z]\n"
2950 " [,map-path=/path/to/socket/map][,map-start-index=i]\n"
2953 …" use 'force-copy=on|off' to force XDP copy mode even if device supports zero-copy …
2956 " use 'sock-fds' to provide file descriptors for already open AF_XDP sockets\n"
2958 …" use 'map-path' to provide the socket map location to populate AF_XDP sockets wi…
2959 …" and use 'map-start-index' to specify the starting index for the map (default: 0…
2961 " use 'start-queue=m' to specify the first queue that should be used\n"
2964 "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n"
2965 " configure a vhost-user network, backed by a chardev 'dev'\n"
2968 "-netdev vhost-vdpa,id=str[,vhostdev=/path/to/dev][,vhostfd=h]\n"
2969 " configure a vhost-vdpa network,Establish a vhost-vdpa netdev\n"
2974 "-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]\n"
2975 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
2979 " specify network UUID 'uuid' to disable DHCP and interact with\n"
2980 " vmnet-host interfaces within this isolated network\n"
2981 "-netdev vmnet-shared,id=str[,isolated=on|off][,nat66-prefix=addr]\n"
2982 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
2987 "-netdev vmnet-bridged,id=str,ifname=name[,isolated=on|off]\n"
2992 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
2995 "-nic [tap|bridge|"
3012 "af-xdp|"
3015 "vhost-user|"
3018 "vmnet-host|vmnet-shared|vmnet-bridged|"
3021 " initialize an on-board / default host NIC (using MAC address\n"
3023 "-nic none use it alone to have zero network devices (the default is to\n"
3027 "-net nic[,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n"
3028 " configure or create an on-board (or machine default) NIC and\n"
3029 " connect it to hub 0 (please use -nic unless you need a hub)\n"
3030 "-net ["
3046 "af-xdp|"
3049 "vmnet-host|vmnet-shared|vmnet-bridged|"
3053 " (use the -netdev option if possible instead)\n", QEMU_ARCH_ALL)
3055 ``-nic [tap|passt|bridge|user|l2tpv3|vde|netmap|af-xdp|vhost-user|socket][,...][,mac=macaddr][,mode…
3056 This option is a shortcut for configuring both the on-board
3059 ``-netdev`` options below. The guest NIC model can be set with
3063 The following two example do exactly the same, to show how ``-nic``
3066 .. parsed-literal::
3068 |qemu_system| -netdev user,id=n1,ipv6=off -device e1000,netdev=n1,mac=52:54:98:76:54:32
3069 |qemu_system| -nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32
3071 ``-nic none``
3077 ``-netdev passt,id=str[,option][,...]``
3090 By default, ``quiet=on`` to disable informational message from
3091 passt. ``quiet=on`` is passed as ``--quiet`` to passt.
3093 ``vhost-user=on|off``
3094 By default, ``vhost-user=off`` and QEMU uses the stream network
3095 backend to communicate with passt. If ``vhost-user=on``, passt is
3096 started with ``--vhost-user`` and QEMU uses the vhost-user network
3120 ``outbound-if4``
3123 ``outbound-if6``
3135 ``dhcp-dns``
3136 Enable/disable DNS list in DHCP/DHCPv6/NDP
3138 ``dhcp-search``
3139 Enable/disable list in DHCP/DHCPv6/NDP
3141 ``map-host-loopback``
3144 ``map-guest-addr``
3147 ``dns-forward``
3150 ``dns-host``
3154 Enable/disable TCP
3157 Enable/disable UDP
3160 Enable/disable ICMP
3163 Enable/disable DHCP
3166 Enable/disable NDP
3169 Enable/disable DHCPv6
3172 Enable/disable route advertisements
3178 Enable/disable IPv4
3181 Enable/disable IPv6
3183 ``tcp-ports``
3186 ``udp-ports``
3194 For instance, to pass ``--trace --log=trace.log``:
3196 .. parsed-literal::
3198 |qemu_system| -nic passt,param=--trace,param=--log=trace.log
3200 ``-netdev user,id=id[,option][,option][,...]``
3214 top-most bits. Default is 10.0.2.0/24.
3217 Specify the guest-visible address of the host. Default is the
3220 ``ipv6-net=addr[/int]``
3224 as the number of valid top-most bits (default is 64).
3226 ``ipv6-host=addr``
3227 Specify the guest-visible IPv6 address of the host. Default is
3237 Specifies the client hostname reported by the built-in DHCP
3241 Specify the first of the 16 IPs the built-in DHCP server can
3246 Specify the guest-visible address of the virtual nameserver. The
3250 ``ipv6-dns=addr``
3251 Specify the guest-visible address of the IPv6 virtual
3256 Provides an entry for the domain-search list sent by the
3257 built-in DHCP server. More than one domain suffix can be
3265 .. parsed-literal::
3267 |qemu_system| -nic user,dnssearch=mgmt.example.org,dnssearch=example.org
3270 Specifies the client domain name reported by the built-in DHCP
3274 When using the user mode network stack, activate a built-in TFTP
3278 The built-in TFTP server is read-only; it does not implement any
3281 ``tftp-server-name=name``
3294 .. parsed-literal::
3296 |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \\
3297 -netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0
3300 When using the user mode network stack, activate a built-in SMB
3320 ``hostfwd=[tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport``
3324 (default first address given by the built-in DHCP server). By
3332 .. parsed-literal::
3335 |qemu_system| -nic user,hostfwd=tcp:127.0.0.1:6001-:6000
3337 xterm -display :1
3342 .. parsed-literal::
3345 |qemu_system| -nic user,hostfwd=tcp::5555-:23
3351 ``guestfwd=[tcp]:server:port-dev``; \ ``guestfwd=[tcp]:server:port-cmd:command``
3360 .. parsed-literal::
3364 |qemu_system| -nic user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321
3370 .. parsed-literal::
3374 |qemu_system| -nic 'user,id=n1,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321'
3376 ``-netdev tap,id=id[,fd=h][,ifname=name][,script=file][,downscript=dfile][,br=bridge][,helper=helpe…
3382 ``/etc/qemu-ifup`` and the default network deconfigure script is
3383 ``/etc/qemu-ifdown``. Use ``script=no`` or ``downscript=no`` to
3384 disable script execution.
3389 ``/path/to/qemu-bridge-helper`` and the default bridge device is
3397 .. parsed-literal::
3400 |qemu_system| linux.img -nic tap
3402 .. parsed-literal::
3407 -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \\
3408 -netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1
3410 .. parsed-literal::
3414 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3415 -netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper"
3417 ``-netdev bridge,id=id[,br=bridge][,helper=helper]``
3422 ``/path/to/qemu-bridge-helper`` and the default bridge device is
3427 .. parsed-literal::
3431 |qemu_system| linux.img -netdev bridge,id=n1 -device virtio-net,netdev=n1
3433 .. parsed-literal::
3437 |qemu_system| linux.img -netdev bridge,br=qemubr0,id=n1 -device virtio-net,netdev=n1
3439 ``-netdev socket,id=id[,fd=h][,listen=[host]:port][,connect=host:port]``
3449 .. parsed-literal::
3453 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3454 -netdev socket,id=n1,listen=:1234
3457 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
3458 -netdev socket,id=n2,connect=127.0.0.1:1234
3460 ``-netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]]``
3470 ``ethN=mcast``), see http://user-mode-linux.sf.net.
3476 .. parsed-literal::
3480 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3481 -netdev socket,id=n1,mcast=230.0.0.1:1234
3484 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
3485 -netdev socket,id=n2,mcast=230.0.0.1:1234
3488 -device e1000,netdev=n3,mac=52:54:00:12:34:58 \\
3489 -netdev socket,id=n3,mcast=230.0.0.1:1234
3493 .. parsed-literal::
3497 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3498 -netdev socket,id=n1,mcast=239.192.168.1:1102
3504 .. parsed-literal::
3507 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3508 -netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4
3510 …-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,n…
3525 ``keep-alive=on|off``
3526 enable keep-alive when connecting to this socket. Not supported for passive sockets.
3537 ``reconnect-ms=milliseconds``
3543 .. parsed-literal::
3547 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3548 … -netdev stream,id=net0,server=on,addr.type=inet,addr.host=localhost,addr.port=1234
3551 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3552 …-netdev stream,id=net0,server=off,addr.type=inet,addr.host=localhost,addr.port=1234,reconnect-ms=5…
3554 ``-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|o…
3569 ``reconnect-ms=milliseconds``
3573 Example (using passt as a replacement of -netdev user):
3575 .. parsed-literal::
3582 -device virtio-net,netdev=net0 \\
3583 -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket
3587 .. parsed-literal::
3591 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3595 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3596 … -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/qemu0,reconnect-ms=5000
3598 ``-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=millise…
3604 ``addr.str=file-descriptor``
3607 ``reconnect-ms=milliseconds``
3611 ``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.h…
3622 .. parsed-literal::
3626 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3627 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3630 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3631 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3634 -device virtio-net,netdev=net0,mac=52:54:00:12:34:58 \\
3635 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3637 ``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str…
3643 ``local.str=file-descriptor``
3646 ``-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.hos…
3658 .. parsed-literal::
3662 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3663 …-netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1234,remote.type=inet,remote…
3666 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3667 …-netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1235,remote.type=inet,remote…
3669 ``-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]``
3681 .. parsed-literal::
3685 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3686 …-netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu0,remote.type=unix,remote.path=/tmp/qemu1
3689 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3690 …-netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu1,remote.type=unix,remote.path=/tmp/qemu0
3692 ``-netdev dgram,id=str,local.type=fd,local.str=file-descriptor``
3696 ``local.str=file-descriptor``
3699 ``-netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsess…
3735 Force a 'cut-down' L2TPv3 with no counter as in
3736 draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00
3746 the bridge br-lan on the remote Linux host 1.2.3.4:
3748 .. parsed-literal::
3758 brctl addif br-lan vmtunnel0
3762 # launch QEMU instance - if your network has reorder or is very lossy add ,pincounter
3764 |qemu_system| linux.img -device e1000,netdev=n1 \\
3765 …-netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp=on,srcport=16384,dstport=16384,rxsession=0xffffff…
3767 ``-netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]``
3776 .. parsed-literal::
3779 vde_switch -F -sock /tmp/myswitch
3781 |qemu_system| linux.img -nic vde,sock=/tmp/myswitch
3783 …-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off][,queues=n][,start-queue=m]…
3786 XDP program can be forced with 'mode', defaults to best-effort,
3789 defaults to 1. Traffic arriving on non-configured device queues will
3792 .. parsed-literal::
3795 ethtool -L eth0 combined 4
3797 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3798 -netdev af-xdp,id=n1,ifname=eth0,queues=4
3800 'start-queue' option can be specified if a particular range of queues
3808 .. parsed-literal::
3811 ethtool -L eth0 combined 1
3813 # note: drivers may require non-empty key/mask pair.
3814 ethtool -N eth0 flow-type ether \\
3816 ethtool -N eth0 flow-type ether \\
3819 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3820 -netdev af-xdp,id=n1,ifname=eth0,queues=1,start-queue=1
3823 should be set to 'on'. Either 'sock-fds' or 'map-path' can be used with
3824 'inhibit' enabled. 'sock-fds' can be provided with file descriptors for
3828 .. parsed-literal::
3830 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3831 -netdev af-xdp,id=n1,ifname=eth0,queues=3,inhibit=on,sock-fds=15:16:17
3833 For the 'inhibit' option set to 'on' used together with 'map-path' it is
3839 .. parsed-literal::
3841 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3842 -netdev af-xdp,id=n1,ifname=eth0,queues=2,inhibit=on,map-path=/sys/fs/bpf/xsks_map
3844 Additionally, 'map-start-index' can be used to specify the start offset
3845 for insertion into the socket map. The combination of 'map-path' and
3846 'sock-fds' together is not supported.
3848 ``-netdev vhost-user,chardev=id[,vhostforce=on|off][,queues=n]``
3849 Establish a vhost-user netdev, backed by a chardev id. The chardev
3850 should be a unix domain socket backed one. The vhost-user uses a
3853 non-MSIX guests, the feature can be forced with vhostforce. Use
3855 multiqueue vhost-user.
3861 qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
3862 -numa node,memdev=mem \
3863 -chardev socket,id=chr0,path=/path/to/socket \
3864 -netdev type=vhost-user,id=net0,chardev=chr0 \
3865 -device virtio-net-pci,netdev=net0
3867 ``-netdev vhost-vdpa[,vhostdev=/path/to/dev][,vhostfd=h]``
3868 Establish a vhost-vdpa netdev.
3875 ``-netdev hubport,id=id,hubid=hubid[,netdev=nd]``
3883 ``-net nic[,netdev=nd][,macaddr=mac][,model=type] [,name=name][,addr=addr][,vectors=v]``
3884 Legacy option to configure or create an on-board (or machine
3893 can specify the number v of MSI-X vectors that the card should have;
3895 disable MSI-X. If no ``-net`` option is specified, a single NIC is
3897 Use ``-net nic,model=help`` for a list of available devices for your
3900 ``-net user|passt|tap|bridge|socket|l2tpv3|vde[,...][,name=name]``
3902 the same ``-netdev`` option) and connect it to the emulated hub 0
3911 "-chardev help\n"
3912 "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3913 …"-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off]\…
3914 …" [,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect-ms=millisec…
3915 " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n"
3916 …"-chardev socket,id=id,path=path[,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][…
3918 "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n"
3921 "-chardev msmouse,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3922 "-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]\n"
3924 "-chardev ringbuf,id=id[,size=size][,logfile=PATH][,logappend=on|off]\n"
3925 …"-chardev file,id=id,path=path[,input-path=input-file][,mux=on|off][,logfile=PATH][,logappend=on|o…
3926 "-chardev pipe,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3928 "-chardev console,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3929 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3931 "-chardev pty,id=id[,path=path][,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3932 "-chardev stdio,id=id[,mux=on|off][,signal=on|off][,logfile=PATH][,logappend=on|off]\n"
3935 "-chardev braille,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3939 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3942 "-chardev parallel,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3945 "-chardev spicevmc,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n"
3946 "-chardev spiceport,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n"
3954 ``-chardev backend,id=id[,mux=on|off][,options]``
3961 Use ``-chardev help`` to print all available chardev backend types.
3968 front-ends. Specify ``mux=on`` to enable this mode. A multiplexer is
3982 -chardev stdio,mux=on,id=char0 \
3983 -mon chardev=char0,mode=readline \
3984 -serial chardev:char0 \
3985 -serial chardev:char0
3994 -chardev stdio,mux=on,id=char0 \
3995 -mon chardev=char0,mode=readline \
3996 -parallel chardev:char0 \
3997 -chardev tcp,...,mux=on,id=char1 \
3998 -serial chardev:char1 \
3999 -serial chardev:char1
4007 multiplexed character backends; for instance ``-serial mon:stdio``
4009 the QEMU monitor, and ``-nographic`` also multiplexes the console
4024 ``-chardev null,id=id``
4028 …-chardev socket,id=id[,TCP options or unix options][,server=on|off][,wait=on|off][,telnet=on|off][…
4029 Create a two-way stream socket, which can be either a TCP or a unix
4045 ``reconnect-ms`` sets the timeout for reconnecting on non-server
4050 ``tls-creds`` requests enablement of the TLS protocol for
4053 ``-object tls-creds`` argument.
4055 ``tls-auth`` provides the ID of the QAuthZ authorization object
4093 ``-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr][,localport=localport][,ipv4=on|off…
4111 ``-chardev msmouse,id=id``
4115 ``-chardev hub,id=id,chardevs.0=id[,chardevs.N=id]``
4135 -chardev pty,path=/tmp/pty,id=pty0 \
4136 -chardev vc,id=vc0 \
4137 -chardev hub,id=hub0,chardevs.0=pty0,chardevs.1=vc0 \
4138 -device virtconsole,chardev=hub0 \
4139 -vnc 0.0.0.0:0
4149 # Start VNC client and switch to virtual console Ctrl-Alt-2
4155 ``-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]``
4165 ``-chardev ringbuf,id=id[,size=size]``
4169 ``-chardev file,id=id,path=path[,input-path=input-path]``
4176 If ``input-path`` is specified, this is the path of a second file
4177 which will be used for input. If ``input-path`` is not specified,
4180 Note that ``input-path`` is not supported on Windows hosts.
4182 ``-chardev pipe,id=id,path=path``
4183 Create a two-way connection to the guest. The behaviour differs
4197 ``-chardev console,id=id``
4203 ``-chardev serial,id=id,path=path``
4211 ``-chardev pty,id=id[,path=path]``
4212 Create a new pseudo-terminal on the host and connect to it.
4227 ``-chardev stdio,id=id[,signal=on|off]``
4231 includes exiting QEMU with the key sequence Control-c. This option
4232 is enabled by default, use ``signal=off`` to disable it.
4234 ``-chardev braille,id=id``
4238 ``-chardev parallel,id=id,path=path``
4248 ``-chardev spicevmc,id=id,debug=debug,name=name``
4257 ``-chardev spiceport,id=id,debug=debug,name=name``
4274 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n"
4276 " use cancel-path to provide path to TPM's cancel sysfs entry; if\n"
4278 "-tpmdev emulator,id=id,chardev=dev\n"
4284 ``-tpmdev backend,id=id[,options]``
4286 ``-tpmdev`` option creates the TPM backend and requires a
4287 ``-device`` option that specifies the TPM frontend interface model.
4289 Use ``-tpmdev help`` to print all available TPM backend types.
4293 ``-tpmdev passthrough,id=id,path=path,cancel-path=cancel-path``
4294 (Linux-host only) Enable access to the host's TPM using the
4301 ``cancel-path`` specifies the path to the host TPM device's sysfs
4303 ``cancel-path`` is optional and by default QEMU will search for the
4313 the TPM again and may therefore not show a TPM-specific menu that
4315 user to enable/disable or activate/deactivate the TPM. Further, if
4326 -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0
4328 Note that the ``-tpmdev`` id is ``tpm0`` and is referenced by
4331 ``-tpmdev emulator,id=id,chardev=dev``
4332 (Linux-host only) Enable access to a TPM emulator using Unix domain
4342 …-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm…
4353 - specify a firmware and let it control finding a kernel
4354 - specify a firmware and pass a hint to the kernel to boot
4355 - direct kernel image boot
4356 - manually load files into the guest's address space
4374 For x86 machines and some other architectures ``-bios`` will generally
4376 more strict ``-pflash`` option needs an image that is sized for the
4379 Please see the :ref:`system-targets-ref` section of the manual for
4385 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL)
4387 ``-bios file``
4392 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL)
4394 ``-pflash file``
4414 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL)
4416 ``-kernel bzImage``
4422 "-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL)
4424 ``-shim shim.efi``
4429 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL)
4431 ``-append cmdline``
4436 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL)
4439 ``-initrd file``
4442 ``-initrd "file1 arg=foo,file2"``
4449 ``-initrd "bzImage earlyprintk=xen,,keep root=/dev/xvda1,initrd.img"``
4457 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL)
4459 ``-dtb file``
4473 ``-device loader,addr=<addr>,data=<data>,data-len=<data-len>[,data-be=<data-be>][,cpu-num=<cpu-num>…
4476 tweaks the DTB so a hypervisor loaded via ``-kernel`` can find where
4479 ``-device guest-loader,addr=<addr>[,kernel=<path>,[bootargs=<arguments>]][,initrd=<path>]``
4488 "-compat [deprecated-input=accept|reject|crash][,deprecated-output=accept|hide]\n"
4490 "-compat [unstable-input=accept|reject|crash][,unstable-output=accept|hide]\n"
4494 ``-compat [deprecated-input=@var{input-policy}][,deprecated-output=@var{output-policy}]``
4497 ``deprecated-input=accept`` (default)
4499 ``deprecated-input=reject``
4501 ``deprecated-input=crash``
4503 ``deprecated-output=accept`` (default)
4505 ``deprecated-output=hide``
4510 ``-compat [unstable-input=@var{input-policy}][,unstable-output=@var{output-policy}]``
4513 ``unstable-input=accept`` (default)
4515 ``unstable-input=reject``
4517 ``unstable-input=crash``
4519 ``unstable-output=accept`` (default)
4521 ``unstable-output=hide``
4528 "-fw_cfg [name=]<name>,file=<file>\n"
4530 "-fw_cfg [name=]<name>,string=<str>\n"
4534 ``-fw_cfg [name=]name,file=file``
4539 ``-fw_cfg [name=]name,string=str``
4554 -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin
4561 "-serial dev redirect the serial port to char device 'dev'\n",
4564 ``-serial dev``
4572 You can use ``-serial none`` to suppress the creation of default
4619 Use a named character device defined with the ``-chardev``
4649 ``-serial udp::4555`` and nc as: ``nc -u -l -p 4555``. Any time
4655 the same source port each time by using something like ``-serial
4665 -serial udp::4555@:4556
4668 -u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T
4673 ``tcp:[host]:port[,server=on|off][,wait=on|off][,nodelay=on|off][,reconnect-ms=milliseconds]``
4680 option disables the Nagle buffering algorithm. The ``reconnect-ms``
4688 -serial tcp:192.168.0.2:4444
4691 -serial tcp::4444,server=on
4694 -serial tcp:192.168.0.100:4444,server=on,wait=off
4698 options work the same as if you had specified ``-serial tcp``.
4703 you do it with Control-] and then type "send break" followed by
4710 ``unix:path[,server=on|off][,wait=on|off][,reconnect-ms=milliseconds]``
4712 works the same as if you had specified ``-serial tcp`` except
4718 sequence of Control-a and then pressing c. dev\_string should be
4723 ``-serial mon:telnet::4444,server=on,wait=off``
4739 "-parallel dev redirect the parallel port to char device 'dev'\n",
4742 ``-parallel dev``
4751 Use ``-parallel none`` to disable all parallel ports.
4755 "-monitor dev redirect the monitor to char device 'dev'\n",
4758 ``-monitor dev``
4761 in non graphical mode. Use ``-monitor none`` to disable the default
4765 "-qmp dev like -monitor but opens in 'control' mode\n",
4768 ``-qmp dev``
4769 Like ``-monitor`` but opens in 'control' mode. For example, to make
4772 -qmp tcp:localhost:4444,server=on,wait=off
4775 flexibility use the ``-mon`` option and an accompanying ``-chardev``.
4778 DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \
4779 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n",
4782 ``-qmp-pretty dev``
4783 Like ``-qmp`` but uses pretty JSON formatting.
4787 "-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL)
4789 ``-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]``
4793 (QMP; a JSON RPC-style protocol).
4801 -chardev socket,id=mon1,host=localhost,port=4444,server=on,wait=off \
4802 -mon chardev=mon1,mode=control,pretty=on
4804 enables the QMP monitor on localhost port 4444 with pretty-printing.
4808 "-debugcon dev redirect the debug console to char device 'dev'\n",
4811 ``-debugcon dev``
4820 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL)
4822 ``-pidfile file``
4828 "--preconfig pause QEMU before machine is initialized (experimental)\n",
4831 ``--preconfig``
4834 affect machine initialization. Use QMP command 'x-exit-preconfig' to
4836 if -S isn't used or pause the second time if -S is used). This
4841 "-S freeze CPU at startup (use 'c' to start execution)\n",
4844 ``-S``
4849 "-overcommit [mem-lock=on|off|on-fault][cpu-pm=on|off]\n"
4851 " mem-lock=on|off|on-fault controls memory lock support (default: off)\n"
4852 " cpu-pm=on|off controls cpu power management (default: off)\n",
4855 ``-overcommit mem-lock=on|off|on-fault``
4857 ``-overcommit cpu-pm=on|off``
4861 Locking qemu and guest memory can be enabled via ``mem-lock=on``
4862 or ``mem-lock=on-fault`` (disabled by default). This works when
4863 host memory is not overcommitted and reduces the worst-case latency for
4864 guest. The on-fault option is better for reducing the memory footprint
4871 guest) can be enabled via ``cpu-pm=on`` (disabled by default). This
4878 "-gdb dev accept gdb connection on 'dev'. (QEMU defaults to starting\n"
4879 " the guest without waiting for gdb to connect; use -S too\n"
4883 ``-gdb dev``
4886 execution -- if you want QEMU to not start the guest until you
4888 also pass the ``-S`` option to QEMU.
4892 -gdb tcp::3117
4899 .. parsed-literal::
4901 (gdb) target remote | exec |qemu_system| -gdb stdio ...
4905 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n",
4908 ``-s``
4909 Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234
4914 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n",
4917 ``-d item1[,...]``
4918 Enable logging of specified items. Use '-d help' for a list of log
4923 "-D logfile output log to logfile (default stderr)\n",
4926 ``-D logfile``
4931 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n",
4934 ``-dfilter range1[,...]``
4936 The filter spec can be either start+size, start-size or start..end
4942 -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000
4950 "-seed number seed the pseudo-random number generator\n",
4953 ``-seed number``
4954 Force the guest to use a deterministic pseudo-random number
4960 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
4963 ``-L path``
4966 To list all the data directories, use ``-L help``.
4969 DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \
4970 "-enable-kvm enable KVM full virtualization support\n",
4974 ``-enable-kvm``
4979 DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid,
4980 "-xen-domid id specify xen guest domain id\n",
4982 DEF("xen-attach", 0, QEMU_OPTION_xen_attach,
4983 "-xen-attach attach to existing xen domain\n"
4986 DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
4987 "-xen-domid-restrict restrict set of available xen operations\n"
4992 ``-xen-domid id``
4995 ``-xen-attach``
5001 DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \
5002 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL)
5004 ``-no-reboot``
5008 DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \
5009 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL)
5011 ``-no-shutdown``
5018 "-action reboot=reset|shutdown\n"
5020 "-action shutdown=poweroff|pause\n"
5022 "-action panic=pause|shutdown|exit-failure|none\n"
5024 "-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n"
5028 ``-action event=action``
5031 same behaviors that are modified by the ``-no-reboot`` and ``-no-shutdown``
5036 ``-action panic=none``
5037 ``-action reboot=shutdown,shutdown=pause``
5038 ``-device i6300esb -action watchdog=pause``
5043 "-loadvm [tag|id]\n" \
5047 ``-loadvm file``
5053 "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
5056 ``-daemonize``
5064 DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \
5065 "-option-rom rom load a file, rom, into the option ROM space\n",
5068 ``-option-rom file``
5074 "-rtc [base=utc|localtime|<datetime>][,clock=host|rt|vm][,driftfix=none|slew]\n" \
5079 ``-rtc [base=utc|localtime|datetime][,clock=host|rt|vm][,driftfix=none|slew]``
5082 required for correct date in MS-DOS or Windows. To start at a
5084 ``2006-06-17T16:01:21`` or ``2006-06-17``. The default base is UTC.
5102 Windows guest and will re-inject them.
5106 …"-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=<filename>[,rrsnaps…
5109 " or disable real time cpu sleeping, and optionally enable\n" \
5110 " record-and-replay mode\n", QEMU_ARCH_ALL)
5112 ``-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=filename[,rrsnapsho…
5156 DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \
5157 "-watchdog-action reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" \
5161 ``-watchdog-action action``
5166 ``inject-nmi`` (inject a NMI into the guest), ``pause`` (pause the
5173 ``-watchdog-action shutdown`` is not recommended for production use.
5177 ``-device i6300esb -watchdog-action pause``
5182 "-echr chr set terminal escape character instead of ctrl-a\n",
5185 ``-echr numeric_ascii_value``
5188 the ``-nographic`` option. ``0x01`` is equal to pressing
5189 ``Control-a``. You can select a different character from the ascii
5190 control keys where 1 through 26 map to Control-a through Control-z.
5192 escape character to Control-t.
5194 ``-echr 0x14``; \ ``-echr 20``
5199 "-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]\n" \
5200 "-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]\n" \
5201 "-incoming unix:socketpath\n" \
5204 "-incoming fd:fd\n" \
5205 "-incoming file:filename[,offset=offset]\n" \
5206 "-incoming exec:cmdline\n" \
5209 "-incoming <channel>\n" \
5211 "-incoming defer\n" \
5215 The -incoming option specifies the migration channel for an incoming
5218 or is 'main' for all other forms of -incoming. If multiple -incoming
5221 ``-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]``
5223 ``-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]``
5226 ``-incoming unix:socketpath``
5229 ``-incoming fd:fd``
5232 ``-incoming file:filename[,offset=offset]``
5236 ``-incoming exec:cmdline``
5240 ``-incoming <channel>``
5246 -incoming '{"channel-type": "main",
5251 -incoming main,addr.transport=socket,addr.type=unix,addr.path=my.sock
5253 ``-incoming defer``
5259 DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \
5260 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL)
5262 ``-only-migratable``
5268 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL)
5270 ``-nodefaults``
5273 device, VGA adapter, floppy and CD-ROM drive and others. The
5274 ``-nodefaults`` option will disable all those default devices.
5277 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
5278 "-prom-env variable=value\n"
5282 ``-prom-env variable=value``
5287 qemu-system-sparc -prom-env 'auto-boot?=false' \
5288 -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
5292 qemu-system-ppc -prom-env 'auto-boot?=false' \
5293 -prom-env 'boot-device=hd:2,\yaboot' \
5294 -prom-env 'boot-args=conf=hd:2,\yaboot.conf'
5297 "-semihosting semihosting mode\n",
5301 ``-semihosting``
5302 Enable :ref:`Semihosting` mode (ARM, M68K, Xtensa, MIPS, RISC-V only).
5308 See the -semihosting-config option documentation for further
5311 DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
5312 …"-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg…
5317 ``-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg…
5318 Enable and configure :ref:`Semihosting` (ARM, M68K, Xtensa, MIPS, RISC-V
5339 bare-metal test case code).
5343 multiple times to build up a list. The old-style
5344 ``-kernel``/``-append`` method of passing a command line is
5346 ``--semihosting-config arg`` and the ``-kernel``/``-append`` are
5350 DEF("old-param", 0, QEMU_OPTION_old_param,
5351 "-old-param old param mode\n", QEMU_ARCH_ARM)
5353 ``-old-param``
5358 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \
5360 " Enable seccomp mode 2 system call filter (default 'off').\n" \
5370 " use 'resourcecontrol' to disable process affinity and schedular priority\n",
5373 ``-sandbox arg[,obsolete=string][,elevateprivileges=string][,spawn=string][,resourcecontrol=string]…
5374 Enable Seccomp mode 2 system call filter. 'on' will enable syscall
5375 filtering and 'off' will disable it. The default is 'off'.
5381 Disable set\*uid\|gid system calls
5384 Disable \*fork and execve
5387 Disable process affinity and schedular priority
5391 "-readconfig <file>\n"
5394 ``-readconfig file``
5400 DEF("no-user-config", 0, QEMU_OPTION_nouserconfig,
5401 "-no-user-config\n"
5402 " do not load default user-provided config files at startup\n",
5405 ``-no-user-config``
5406 The ``-no-user-config`` option makes QEMU not load any of the
5407 user-provided config files on sysconfdir.
5411 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
5415 ``-trace [[enable=]pattern][,events=file][,file=file]``
5416 .. include:: ../qemu-option-trace.rst.inc
5420 "-plugin [file=]<file>[,<argname>=<argvalue>]\n"
5424 ``-plugin file=file[,argname=argvalue]``
5436 DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL)
5439 DEF("run-with", HAS_ARG, QEMU_OPTION_run_with,
5440 "-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]\n"
5442 " async-teardown=on enables asynchronous teardown (Linux only)\n"
5445 " user=uid:gid ditto, but use specified user-ID and group-ID instead\n",
5448 ``-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]``
5451 ``async-teardown=on`` enables asynchronous teardown. A new process called
5476 "-msg [timestamp[=on|off]][,guest-name=[on|off]]\n"
5479 " guest-name=on enables guest name prefix but only if\n"
5480 " -name guest option is set (default: off)\n",
5483 ``-msg [timestamp[=on|off]][,guest-name[=on|off]]``
5489 ``guest-name=on|off``
5490 Prefix messages with guest name but only if -name guest option is set
5494 DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate,
5495 "-dump-vmstate <file>\n"
5497 " Use the scripts/vmstate-static-checker.py file to\n"
5502 ``-dump-vmstate file``
5503 Dump json-encoded vmstate information for current machine type to
5507 DEF("enable-sync-profile", 0, QEMU_OPTION_enable_sync_profile,
5508 "-enable-sync-profile\n"
5512 ``-enable-sync-profile``
5518 "-perfmap generate a /tmp/perf-${pid}.map file for perf\n",
5521 ``-perfmap``
5527 "-jitdump generate a jit-${pid}.dump file for perf\n",
5530 ``-jitdump``
5541 "-object TYPENAME[,PROP1=VALUE1,...]\n"
5548 ``-object typename[,prop1=value1,...]``
5553 …``-object memory-backend-file,id=id,size=size,mem-path=dir,share=on|off,discard-data=on|off,merge=…
5558 reference this memory region in other parameters, e.g. ``-numa``,
5559 ``-device nvdimm``, etc.
5564 The ``mem-path`` provides the path to either a shared memory or
5569 allows a co-operating external process to access the QEMU memory
5577 Setting the ``discard-data`` boolean option to on indicates that
5580 ``discard-data`` is only an optimization, and QEMU might not
5593 The ``host-nodes`` option binds the memory range to a list of
5613 QEMU mmap(2) ``mem-path``, and accepts common suffixes, eg
5614 ``2M``. Some backend store specified by ``mem-path`` requires an
5625 by ``mem-path`` is in host persistent memory that can be
5629 ``mem-path`` (e.g. in vNVDIMM label emulation and live
5630 migration). Also, we will map the backend-file with MAP\_SYNC
5632 ``mem-path`` in case of host crash or a power failure. MAP\_SYNC
5634 4.15) and the filesystem of ``mem-path`` mounted with DAX
5638 read-only or read-write (default).
5654 …``-object memory-backend-ram,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size…
5657 ``-m`` option that is traditionally used to define guest RAM.
5658 Please refer to ``memory-backend-file`` for a description of the
5661 …``-object memory-backend-memfd,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=si…
5664 using vhost-user). The memory is allocated with memfd and
5667 The ``seal`` option creates a sealed-file, that will block
5681 Please refer to ``memory-backend-file`` for a description of the
5686 …``-object memory-backend-shm,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size…
5689 using vhost-user).
5691 ``memory-backend-shm`` is a more portable and less featureful version
5692 of ``memory-backend-memfd``. It can then be used in any POSIX system,
5695 Please refer to ``memory-backend-file`` for a description of the
5702 ``-object iommufd,id=id[,fd=fd]``
5707 vfio-pci of vdpa) will use to connect with the iommufd backend.
5709 The ``fd`` parameter is an optional pre-opened file descriptor
5714 ``-object rng-builtin,id=id``
5718 ``virtio-rng`` device. By default, the ``virtio-rng`` device
5721 ``-object rng-random,id=id,filename=/dev/random``
5725 ``virtio-rng`` device. The ``filename`` parameter specifies
5729 ``-object rng-egd,id=id,chardev=chardevid``
5733 entropy backend from the ``virtio-rng`` device. The ``chardev``
5737 ``-object tls-creds-anon,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off``
5744 ``verify-peer`` is enabled (the default) then once the handshake
5746 is a no-op for anonymous credentials.
5750 dh-params.pem providing diffie-hellman parameters to use for the
5757 ``-object tls-creds-psk,id=id,endpoint=endpoint,dir=/path/to/keys/dir[,username=username]``
5758 Creates a TLS Pre-Shared Keys (PSK) credentials object, which
5772 For server endpoints, dir may also contain a file dh-params.pem
5773 providing diffie-hellman parameters to use for the TLS server.
5780 …``-object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir,priority=priority,verify-pe…
5787 ``verify-peer`` is enabled (the default) then once the handshake
5794 dh-params.pem providing diffie-hellman parameters to use for the
5803 must be stored in PEM format, in filenames ca-cert.pem,
5804 ca-crl.pem (optional), server-cert.pem (only servers),
5805 server-key.pem (only servers), client-cert.pem (only clients),
5806 and client-key.pem (only clients).
5808 For the server-key.pem and client-key.pem files which contain
5822 https://gnutls.org/manual/html_node/Priority-Strings.html.
5824 ``-object tls-cipher-suites,id=id,priority=priority``
5841 https://gnutls.org/manual/html_node/Priority-Strings.html.
5844 The tls-cipher-suites object exposes the ordered list of permitted
5848 guest-side TLS.
5850 In the following example, the priority at which the host-side policy
5853 refer to /etc/crypto-policies/back-ends/gnutls.config.
5855 .. parsed-literal::
5858 -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \\
5859 -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0
5861 …``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,positi…
5902 …``-object filter-mirror,id=id,netdev=netdevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][…
5903 filter-mirror on netdev netdevid,mirror net packet to
5905 filter-mirror will mirror packet with vnet\_hdr\_len.
5907 …``-object filter-redirector,id=id,netdev=netdevid,indev=chardevid,outdev=chardevid,queue=all|rx|tx…
5908 filter-redirector on netdev netdevid,redirect filter's net
5910 filter.if it has the vnet\_hdr\_support flag, filter-redirector
5912 filter-redirector we need to differ outdev id from indev id, id
5916 …``-object filter-rewriter,id=id,netdev=netdevid,queue=all|rx|tx,[vnet_hdr_support][,position=head|…
5917 Filter-rewriter is a part of COLO project.It will rewrite tcp
5923 usage: colo secondary: -object
5924 filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 -object
5925 filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 -object
5926 filter-rewriter,id=rew0,netdev=hn0,queue=all
5928 …``-object filter-dump,id=id,netdev=dev[,file=filename][,maxlen=len][,position=head|tail|id=<id>][,…
5934 …``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread…
5935 Colo-compare gets packet from primary\_in chardevid and
5938 primary packet to out\_dev, else it will notify COLO-framework to do
5944 colo-compare hold the packet. The expired\_scan\_cycle=@var{ms}
5949 notify Xen colo-frame to do checkpoint.
5951 COLO-compare must be used with the help of filter-mirror,
5952 filter-redirector and filter-rewriter.
5959 -netdev tap,id=hn0,vhost=off
5960 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
5961 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off
5962 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off
5963 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off
5964 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
5965 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off
5966 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
5967 -object iothread,id=iothread1
5968 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
5969 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
5970 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
5971 …-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,ioth…
5974 -netdev tap,id=hn0,vhost=off
5975 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
5976 -chardev socket,id=red0,host=3.3.3.3,port=9003
5977 -chardev socket,id=red1,host=3.3.3.3,port=9004
5978 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
5979 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
5985 -netdev tap,id=hn0,vhost=off
5986 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
5987 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off
5988 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off
5989 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off
5990 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
5991 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off
5992 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
5993 -chardev socket,id=notify_way,host=3.3.3.3,port=9009,server=on,wait=off
5994 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
5995 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
5996 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
5997 -object iothread,id=iothread1
5998 …-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,noti…
6001 -netdev tap,id=hn0,vhost=off
6002 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
6003 -chardev socket,id=red0,host=3.3.3.3,port=9003
6004 -chardev socket,id=red1,host=3.3.3.3,port=9004
6005 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
6006 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
6009 read the colo-compare git log.
6011 ``-object cryptodev-backend-builtin,id=id[,queues=queues]``
6015 ``virtio-crypto`` device. The queues parameter is optional,
6019 .. parsed-literal::
6023 -object cryptodev-backend-builtin,id=cryptodev0 \\
6024 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
6027 ``-object cryptodev-vhost-user,id=id,chardev=chardevid[,queues=queues]``
6028 Creates a vhost-user cryptodev backend, backed by a chardev
6030 reference this cryptodev backend from the ``virtio-crypto``
6032 The vhost-user uses a specifically defined protocol to pass
6036 vhost-user, the default of queues is 1.
6038 .. parsed-literal::
6042 -chardev socket,id=chardev0,path=/path/to/socket \\
6043 -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \\
6044 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
6047 ``-object secret,id=id,data=string,format=raw|base64[,keyid=secretid,iv=string]``
6049 ``-object secret,id=id,file=filename,format=raw|base64[,keyid=secretid,iv=string]``
6058 valid UTF-8 characters, so base64 is recommended for sending
6065 associated with a secret using the AES-256-CBC cipher. Use of
6068 defined secret that contains the AES-256 decryption key. This
6069 key should be 32-bytes long and be base64 encoded. The iv
6072 encrypted string of the 16-byte IV.
6076 .. parsed-literal::
6078 # |qemu_system| -object secret,id=sec0,data=letmein,format=raw
6082 # printf "letmein" > mypasswd.txt # QEMU\_SYSTEM\_MACRO -object
6085 For greater security, AES-256-CBC should be used. To illustrate
6095 # openssl rand -base64 32 > key.b64
6096 # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"')
6104 # openssl rand -base64 16 > iv.b64
6105 # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"')
6114 openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
6120 .. parsed-literal::
6123 -object secret,id=secmaster0,format=base64,file=key.b64 \\
6124 -object secret,id=sec0,keyid=secmaster0,format=base64,\\
6127 …-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,han…
6133 bit (aka the C-bit) is utilized to mark if a memory page is
6134 protected. The ``cbitpos`` is used to provide the C-bit
6135 position. The C-bit position is Host family dependent hence user
6139 physical address space. The ``reduced-phys-bits`` is used to
6141 Similar to C-bit, the value is Host family dependent. On EPYC,
6144 The ``sev-device`` provides the device file to use for
6161 The ``dh-cert-file`` and ``session-file`` provides the guest
6162 owner's Public Diffie-Hillman key defined in SEV spec. The PDH
6167 The ``kernel-hashes`` adds the hashes of given kernel/initrd/
6169 boot with -kernel. The default is off. (Since 6.2)
6173 .. parsed-literal::
6177 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\
6178 -machine ...,memory-encryption=sev0 \\
6181 ``-object igvm-cfg,file=file``
6186 This is currently only supported by ``-machine q35`` and
6187 ``-machine pc``.
6195 machine, therefore an ``igvm-cfg`` object cannot be provided along
6196 with other ways of specifying firmware, such as the ``-bios``
6201 .. parsed-literal::
6205 -object igvm-cfg,id=igvm0,file=bios.igvm \\
6206 -machine ...,igvm-cfg=igvm0 \\
6209 ``-object authz-simple,id=id,identity=string``
6222 .. parsed-literal::
6226 …-object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,…
6232 ``-object authz-listfile,id=id,filename=path,refresh=on|off``
6266 As with the ``authz-simple`` object, the format of the identity
6273 .. parsed-literal::
6277 -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\
6280 ``-object authz-pam,id=id,service=string``
6292 .. parsed-literal::
6296 -object authz-pam,id=auth0,service=qemu-vnc \\
6300 ``/etc/pam.d/qemu-vnc`` that contains:
6314 …``-object iothread,id=id,poll-max-ns=poll-max-ns,poll-grow=poll-grow,poll-shrink=poll-shrink,aio-m…
6322 reference this IOThread from ``-device ...,iothread=id``.
6326 The ``query-iothreads`` QMP command lists IOThreads and reports
6338 The ``poll-max-ns`` parameter is the maximum number of
6342 The ``poll-grow`` parameter is the multiplier used to increase
6346 The ``poll-shrink`` parameter is the divisor used to decrease
6350 The ``aio-max-batch`` parameter is the maximum number of requests
6354 The IOThread parameters can be modified at run-time using the
6355 ``qom-set`` command (where ``iothread1`` is the IOThread's
6360 (qemu) qom-set /objects/iothread1 poll-max-ns 100000