Lines Matching +full:gnutls +full:- +full:devel
1 HXCOMM See docs/devel/docs.rst for the format of this file.
14 "-h or -help display this help and exit\n", QEMU_ARCH_ALL)
16 ``-h``
21 "-version display version information and exit\n", QEMU_ARCH_ALL)
23 ``-version``
28 "-machine [type=]name[,prop[=value][,...]]\n"
29 " selects emulated machine ('-machine help' for list)\n"
33 " dump-guest-core=on|off include guest memory in a core dump (default=on)\n"
34 " mem-merge=on|off controls memory merge support (default: on)\n"
35 " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n"
36 " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n"
37 " suppress-vmdesc=on|off disables self-describing migration (default=off)\n"
39 " memory-encryption=@var{} memory encryption object to use (default=none)\n"
41 …" memory-backend='backend-id' specifies explicitly provided backend for main RAM (d…
42 …" cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=s…
45 ``-machine [type=]name[,prop=value[,...]]``
46 Select the emulated machine by name. Use ``-machine help`` to list
52 "pc-i440fx-2.8" and "pc-q35-2.8" for the x86\_64/i686 architectures.
55 version 2.9.0, the 2.9.0 version must support the "pc-i440fx-2.8"
56 and "pc-q35-2.8" machines too. To allow users live migrating VMs to
74 ``dump-guest-core=on|off``
77 ``mem-merge=on|off``
79 supported by the host, de-duplicates identical memory pages
82 ``aes-key-wrap=on|off``
83 Enables or disables AES key wrapping support on s390-ccw hosts.
88 ``dea-key-wrap=on|off``
89 Enables or disables DEA key wrapping support on s390-ccw hosts.
97 ``memory-encryption=``
104 ``memory-backend='id'``
105 An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options.
111 -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
112 -machine memory-backend=pc.ram
113 -m 512M
117 * as backend id one shall use value of 'default-ram-id', advertised by
118 machine type (available via ``query-machines`` QMP command), if migration
121 use ``x-use-canonical-path-for-ramblock-id=off`` backend option
127 -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
128 -machine memory-backend=pc.ram
129 -m 512M
131 …``cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.…
139 configure the downstream Host-managed Device Memory (HDM) decoders
144 which may be identified by the id provided in the -device entry.
153 ``interleave-granularity=granularity`` sets the granularity of
161 …-machine cxl-fmw.0.targets.0=cxl.0,cxl-fmw.0.targets.1=cxl.1,cxl-fmw.0.size=128G,cxl-fmw.0.interle…
165 " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n",
169 ``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}``
174 "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL)
176 ``-cpu model``
177 Select CPU model (``-cpu help`` for list and additional feature
182 "-accel [accel=]accelerator[,prop[=value][,...]]\n"
184 …" igd-passthru=on|off (enable Xen integrated Intel graphics passthrough, default=of…
185 … " kernel-irqchip=on|off|split controls accelerated irqchip support (default=on)\n"
186 " kvm-shadow-mem=size of KVM shadow MMU in bytes\n"
187 " one-insn-per-tb=on|off (one guest instruction per TCG translation block)\n"
188 " split-wx=on|off (enable TCG split w^x mapping)\n"
189 " tb-size=n (TCG translation block cache size)\n"
190 " dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
191 …" eager-split-size=n (KVM Eager Page Split chunk size, default 0, disabled. ARM onl…
192 …" notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit a…
193 " thread=single|multi (enable multi-threaded TCG)\n"
196 ``-accel name[,prop=value[,...]]``
203 ``igd-passthru=on|off``
208 ``kernel-irqchip=on|off|split``
209 Controls KVM in-kernel irqchip support. The default is full
212 non-MSI interrupts. Disabling the in-kernel irqchip completely
215 ``kvm-shadow-mem=size``
218 ``one-insn-per-tb=on|off``
222 the logs produced by the ``-d`` option.
224 ``split-wx=on|off``
230 ``tb-size=n``
234 Controls number of TCG threads. When the TCG is multi-threaded
236 additional host cores. The default is to enable multi-threading
237 where both the back-end and front-ends support it and no
241 ``dirty-ring-size=n``
242 When the KVM accelerator is used, it controls the size of the per-vCPU
248 is disabled (dirty-ring-size=0). When enabled, KVM will instead
251 ``eager-split-size=n``
253 enabling dirty-logging on a huge-page requires breaking it into
255 lazily by default. There are performance benefits in doing huge-page
257 with break-before-make sequences are considerable and also if guest
263 (eager-split-size=0).
265 ``notify-vmexit=run|internal-error|disable,notify-window=n``
269 if the exit happens. ``internal-error`` option enables the feature.
272 open up for a specified of time (i.e. notify-window).
273 Default: notify-vmexit=run,notify-window=0.
283 "-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets]\n"
300 " three-level CPU hierarchy of sockets/cores/threads, the parameters will\n"
306 " can be defined through the supported sub-option. Unsupported parameters\n"
307 " can also be provided in addition to the sub-option, but their values\n"
311 ``-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets][,dies=dies][,…
330 be defined through the supported sub-option. Unsupported parameters can
331 also be provided in addition to the sub-option, but their values must be
339 For example, the following sub-option defines a CPU topology hierarchy
347 -smp 8,sockets=2,cores=2,threads=2,maxcpus=8
349 The following sub-option defines a CPU topology hierarchy (2 sockets
357 -smp 32,sockets=2,dies=2,modules=2,cores=2,threads=2,maxcpus=32
359 The following sub-option defines a CPU topology hierarchy (2 sockets
367 -smp 16,sockets=2,clusters=2,cores=2,threads=2,maxcpus=16
380 -smp 2
383 to guest if it's explicitly specified in -smp.
387 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n"
388 "-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n"
389 "-numa dist,src=source,dst=destination,val=distance\n"
390 "-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]\n"
391 …"-numa hmat-lb,initiator=node,target=node,hierarchy=memory|first-level|second-level|third-level,da…
392 …"-numa hmat-cache,node-id=node,size=size,level=level[,associativity=none|direct|complex][,policy=n…
395 ``-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``
397 ``-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``
399 ``-numa dist,src=source,dst=destination,val=distance``
401 ``-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]``
403 ``-numa hmat-lb,initiator=node,target=node,hierarchy=hierarchy,data-type=type[,latency=lat][,bandwi…
405 ``-numa hmat-cache,node-id=node,size=size,level=level[,associativity=str][,policy=str][,line=size]``
413 omitted). A non-contiguous set of VCPUs can be represented by
422 -numa node,cpus=0-2,cpus=5
425 which uses '\ ``socket-id|core-id|thread-id``\ ' properties to
429 '\ ``hotpluggable-cpus``\ ' monitor command. '\ ``node-id``\ '
438 -M pc \
439 -smp 1,sockets=2,maxcpus=2 \
440 -numa node,nodeid=0 -numa node,nodeid=1 \
441 -numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1
448 '\ ``-memory-backend-ram``\ ' allows memory preallocation).
458 for '\ ``-numa node``\ ' without memory specified was removed.
472 -machine hmat=on \
473 -m 2G,slots=2,maxmem=4G \
474 -object memory-backend-ram,size=1G,id=m0 \
475 -object memory-backend-ram,size=1G,id=m1 \
476 -numa node,nodeid=0,memdev=m0 \
477 -numa node,nodeid=1,memdev=m1,initiator=0 \
478 -smp 2,sockets=2,maxcpus=2 \
479 -numa cpu,node-id=0,socket-id=0 \
480 -numa cpu,node-id=0,socket-id=1
493 Note that the -``numa`` option doesn't allocate any of the specified
495 means that one still has to use the ``-m``, ``-smp`` options to
498 Use '\ ``hmat-lb``\ ' to set System Locality Latency and Bandwidth
504 In '\ ``hmat-lb``\ ' option, node are NUMA node IDs. hierarchy is
507 hierarchy is 'first-level\|second-level\|third-level', this
509 for each domain. type of 'data-type' is type of data represented by
510 this structure instance: if 'hierarchy' is 'memory', 'data-type' is
513 'first-level\|second-level\|third-level', 'data-type' is
523 In '\ ``hmat-cache``\ ' option, node-id is the NUMA-id of the memory
526 level 0 should not be used with '\ ``hmat-cache``\ ' option.
528 'none/direct(direct-mapped)/complex(complex cache indexing)'. policy
533 access memory in node 0 with access-latency 5 nanoseconds,
534 access-bandwidth is 200 MB/s; The processors in NUMA node 0 access
535 memory in NUMA node 1 with access-latency 10 nanoseconds,
536 access-bandwidth is 100 MB/s. And for memory side cache information,
538 policy is write-back, the cache Line size is 8 bytes:
542 -machine hmat=on \
543 -m 2G \
544 -object memory-backend-ram,size=1G,id=m0 \
545 -object memory-backend-ram,size=1G,id=m1 \
546 -smp 2,sockets=2,maxcpus=2 \
547 -numa node,nodeid=0,memdev=m0 \
548 -numa node,nodeid=1,memdev=m1,initiator=0 \
549 -numa cpu,node-id=0,socket-id=0 \
550 -numa cpu,node-id=0,socket-id=1 \
551 -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=5 \
552 … -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=200M \
553 -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=10 \
554 … -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=100M \
555 -numa hmat-cache,node-id=0,size=10K,level=1,associativity=direct,policy=write-back,line=8 \
556 -numa hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8
559 DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd,
560 "-add-fd fd=fd,set=set[,opaque=opaque]\n"
563 ``-add-fd fd=fd,set=set[,opaque=opaque]``
576 This option defines a free-form string that can be used to
579 You can open an image using pre-opened file descriptors from an fd
582 .. parsed-literal::
585 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
586 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
587 -drive file=/dev/fdset/2,index=0,media=disk
591 "-set group.id.arg=value\n"
593 " i.e. -set drive.$id.file=/path/to/image\n", QEMU_ARCH_ALL)
595 ``-set group.id.arg=value``
600 "-global driver.property=value\n"
601 "-global driver=driver,property=property,value=value\n"
605 ``-global driver.prop=value``
607 ``-global driver=driver,property=property,value=value``
610 .. parsed-literal::
612 |qemu_system_x86| -global ide-hd.physical_block_size=4096 disk-image.img
617 use -``device``.
619 -global driver.prop=value is shorthand for -global
625 "-boot [order=drives][,once=drives][,menu=on|off]\n"
626 " [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]\n"
627 " 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)\n"
633 ``-boot [order=drives][,once=drives][,menu=on|off][,splash=sp_name][,splash-time=sp_time][,reboot-t…
636 (floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p
637 (Etherboot from network adapter 1-4), hard disk boot is the default.
645 as firmware/BIOS supports them. The default is non-interactive boot.
656 ms when boot failed, then reboot. If rb\_timeout is '-1', guest will
657 not reboot, qemu passes '-1' to bios by default. Currently Seabios
662 options. The default is non-strict boot.
664 .. parsed-literal::
667 |qemu_system_x86| -boot order=nc
668 # boot from CD-ROM first, switch back to default order after reboot
669 |qemu_system_x86| -boot once=d
671 |qemu_system_x86| -boot menu=on,splash=/root/boot.bmp,splash-time=5000
673 Note: The legacy format '-boot drives' is still supported but its
678 "-m [size=]megs[,slots=n,maxmem=size]\n"
686 ``-m [size=]megs[,slots=n,maxmem=size]``
693 For example, the following command-line sets the guest startup RAM
697 .. parsed-literal::
699 |qemu_system| -m 1G,slots=3,maxmem=4G
705 DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath,
706 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL)
708 ``-mem-path path``
712 DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc,
713 "-mem-prealloc preallocate guest memory (use with -mem-path)\n",
716 ``-mem-prealloc``
717 Preallocate memory when using -mem-path.
721 "-k language use keyboard layout (for example 'fr' for French)\n",
724 ``-k language``
735 ar de-ch es fo fr-ca hu ja mk no pt-br sv
736 da en-gb et fr fr-ch is lt nl pl ru th
737 de en-us fi fr-be hr it lv nl-be pt sl tr
739 The default is ``en-us``.
744 "-audio [driver=]driver[,prop[=value][,...]]\n"
747 " options are the same as for -audiodev\n"
748 "-audio [driver=]driver,model=value[,prop[=value][,...]]\n"
750 " apart from 'model', options are the same as for -audiodev.\n"
751 " use '-audio model=help' to show possible devices.\n",
754 ``-audio [driver=]driver[,model=value][,prop[=value][,...]]``
755 If the ``model`` option is specified, ``-audio`` is a shortcut
761 The following two example do exactly the same, to show how ``-audio``
764 .. parsed-literal::
766 |qemu_system| -audiodev pa,id=pa -device sb16,audiodev=pa
767 |qemu_system| -audio pa,model=sb16
769 If the ``model`` option is not specified, ``-audio`` is used to
772 particular, ``-audio none`` ensures that no audio is produced even
776 ``-audiodev`` option below. Use ``driver=help`` to list the available
782 "-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n"
784 " Use ``-audiodev help`` to list the available drivers\n"
786 " timer-period= timer period in microseconds\n"
787 " in|out.mixing-engine= use mixing engine to mix streams inside QEMU\n"
788 " in|out.fixed-settings= use fixed settings for host audio\n"
794 " in|out.buffer-length= length of buffer in microseconds\n"
795 "-audiodev none,id=id,[,prop[=value][,...]]\n"
798 "-audiodev alsa,id=id[,prop[=value][,...]]\n"
800 " in|out.period-length= length of period in microseconds\n"
801 " in|out.try-poll= attempt to use poll mode\n"
805 "-audiodev coreaudio,id=id[,prop[=value][,...]]\n"
806 " in|out.buffer-count= number of buffers\n"
809 "-audiodev dsound,id=id[,prop[=value][,...]]\n"
813 "-audiodev oss,id=id[,prop[=value][,...]]\n"
815 " in|out.buffer-count= number of buffers\n"
816 " in|out.try-poll= attempt to use poll mode\n"
817 " try-mmap= try using memory mapped access\n"
819 " dsp-policy= set timing policy (0..10), -1 to use fragment mode\n"
822 "-audiodev pa,id=id[,prop[=value][,...]]\n"
828 "-audiodev pipewire,id=id[,prop[=value][,...]]\n"
830 " in|out.stream-name= name of pipewire stream\n"
834 "-audiodev sdl,id=id[,prop[=value][,...]]\n"
835 " in|out.buffer-count= number of buffers\n"
838 "-audiodev sndio,id=id[,prop[=value][,...]]\n"
841 "-audiodev spice,id=id[,prop[=value][,...]]\n"
844 "-audiodev dbus,id=id[,prop[=value][,...]]\n"
846 "-audiodev wav,id=id[,prop[=value][,...]]\n"
850 ``-audiodev [driver=]driver,id=id[,prop[=value][,...]]``
859 -audiodev alsa,id=example,in.frequency=44110,out.frequency=8000
860 -audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified
871 ``timer-period=period``
875 ``in|out.mixing-engine=on|off``
878 off, fixed-settings must be off too. Note that disabling this
885 ``in|out.fixed-settings=on|off``
891 Specify the frequency to use when using fixed-settings. Default
895 Specify the number of channels to use when using fixed-settings.
899 Specify the sample format to use when using fixed-settings.
906 ``in|out.buffer-length=usecs``
909 ``-audiodev none,id=id[,prop[=value][,...]]``
913 ``-audiodev alsa,id=id[,prop[=value][,...]]``
923 ``in|out.period-length=usecs``
926 ``in|out.try-poll=on|off``
932 ``-audiodev coreaudio,id=id[,prop[=value][,...]]``
938 ``in|out.buffer-count=count``
941 ``-audiodev dsound,id=id[,prop[=value][,...]]``
951 ``-audiodev oss,id=id[,prop[=value][,...]]``
953 Unix-like systems.
961 ``in|out.buffer-count=count``
964 ``in|out.try-poll=on|of``
967 ``try-mmap=on|off``
974 ``dsp-policy=policy``
976 means smaller latency but higher CPU usage). Use -1 to use
977 buffer sizes specified by ``buffer`` and ``buffer-count``. This
980 ``-audiodev pa,id=id[,prop[=value][,...]]``
996 ``-audiodev pipewire,id=id[,prop[=value][,...]]``
1008 ``in|out.stream-name``
1011 ``-audiodev sdl,id=id[,prop[=value][,...]]``
1018 ``in|out.buffer-count=count``
1021 ``-audiodev sndio,id=id[,prop[=value][,...]]``
1023 OpenBSD and most other Unix-like systems.
1034 ``-audiodev spice,id=id[,prop[=value][,...]]``
1036 requires ``-spice`` and automatically selected in that case, so
1040 ``-audiodev wav,id=id[,prop[=value][,...]]``
1051 "-device driver[,prop[=value][,...]]\n"
1054 " use '-device help' to print all possible drivers\n"
1055 " use '-device driver,help' to print all possible properties\n",
1058 ``-device driver[,prop[=value][,...]]``
1061 properties, use ``-device help`` and ``-device driver,help``.
1065 ``-device ipmi-bmc-sim,id=id[,prop[=value][,...]]``
1099 ``-device ipmi-bmc-extern,id=id,chardev=id[,slave_addr=val]``
1105 it is strongly recommended that you use the "reconnect-ms=" chardev
1116 ``-device isa-ipmi-kcs,bmc=id[,ioport=val][,irq=val]``
1121 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern
1132 ``-device isa-ipmi-bt,bmc=id[,ioport=val][,irq=val]``
1136 ``-device pci-ipmi-kcs,bmc=id``
1140 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above.
1142 ``-device pci-ipmi-bt,bmc=id``
1145 ``-device intel-iommu[,option=...]``
1146 This is only supported by ``-machine q35``, which will enable Intel VT-d
1151 complete x2apic. Currently it only supports kvm kernel-irqchip modes
1152 ``off`` or ``split``, while full kernel-irqchip is not yet supported.
1154 kernel-irqchip.
1156 ``caching-mode=on|off`` (default: off)
1157 This enables caching mode for the VT-d emulated device. When
1158 caching-mode is enabled, each guest DMA buffer mapping will generate an
1160 a synchronous way. It is required for ``-device vfio-pci`` to work
1161 with the VT-d device, because host assigned devices requires to setup
1164 ``device-iotlb=on|off`` (default: off)
1165 This enables device-iotlb capability for the emulated VT-d device. So
1169 ``aw-bits=39|48`` (default: 39)
1171 space has 39 bits width for 3-level IOMMU page tables, and 48 bits for
1172 4-level IOMMU page tables.
1174 Please also refer to the wiki page for general scenarios of VT-d
1175 emulation in QEMU: https://wiki.qemu.org/Features/VT-d.
1177 ``-device virtio-iommu-pci[,option=...]``
1178 This is only supported by ``-machine q35`` (x86_64) and ``-machine virt`` (ARM).
1183 virtio-iommu. If host, the granule matches the host page size.
1185 ``aw-bits=val`` (val between 32 and 64, default depends on machine)
1191 "-name string1[,process=string2][,debug-threads=on|off]\n"
1194 " When debug-threads is enabled, individual threads are given a separate name\n"
1198 ``-name name``
1206 "-uuid %08x-%04x-%04x-%04x-%012x\n"
1209 ``-uuid uuid``
1224 ``-device`` to specify the hardware device and ``-blockdev`` to
1230 The ``-drive`` option combines the device and backend into a single
1235 Older options like ``-hda`` are essentially macros which expand into
1236 ``-drive`` options for various drive interfaces. The original forms
1243 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
1246 ``-fda file``
1248 ``-fdb file``
1254 "-hda/-hdb file use 'file' as hard disk 0/1 image\n", QEMU_ARCH_ALL)
1257 "-hdc/-hdd file use 'file' as hard disk 2/3 image\n", QEMU_ARCH_ALL)
1260 ``-hda file``
1262 ``-hdb file``
1264 ``-hdc file``
1266 ``-hdd file``
1275 "-cdrom file use 'file' as CD-ROM image\n",
1278 ``-cdrom file``
1279 Use file as CD-ROM image on the default bus of the emulated machine
1280 (which is IDE1 master on x86, so you cannot use ``-hdc`` and ``-cdrom``
1282 host CD-ROM by using ``/dev/cdrom`` as filename.
1286 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n"
1287 " [,cache.direct=on|off][,cache.no-flush=on|off]\n"
1288 " [,read-only=on|off][,auto-read-only=on|off]\n"
1289 " [,force-share=on|off][,detect-zeroes=on|off|unmap]\n"
1293 ``-blockdev option[,option[,option[,...]]]``
1301 existing node (file=node-name), or you define a new node inline,
1305 A block driver node created with ``-blockdev`` can be used for a
1307 in a ``-device`` argument that defines a block device.
1313 ``node-name``
1317 (if you use ``-drive`` as well) the ID of a drive.
1324 ``read-only``
1325 Open the node read-only. Guest write attempts will fail.
1327 Note that some block drivers support only read-only access,
1329 the default value ``read-only=off`` does not work and the
1332 ``auto-read-only``
1333 If ``auto-read-only=on`` is set, QEMU may fall back to
1334 read-only usage even when ``read-only=off`` is requested, or
1339 ``force-share``
1348 Enabling ``force-share=on`` requires ``read-only=on``.
1355 ``cache.no-flush``
1357 failures, you can use ``cache.no-flush=on``. This option
1370 ``detect-zeroes=detect-zeroes``
1371 detect-zeroes is "off", "on" or "unmap" and enables the
1377 ``Driver-specific options for file``
1378 This is the protocol-level block driver for accessing regular
1398 -blockdev driver=file,node-name=disk,filename=disk.img
1400 ``Driver-specific options for raw``
1413 -blockdev driver=file,node-name=disk_file,filename=disk.img
1414 -blockdev driver=raw,node-name=disk,file=disk_file
1420 -blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img
1422 ``Driver-specific options for qcow2``
1437 ``lazy-refcounts``
1441 ``cache-size``
1443 caches in bytes (default: the sum of l2-cache-size and
1444 refcount-cache-size)
1446 ``l2-cache-size``
1448 cache-size is not specified - 32M on Linux platforms, and 8M
1449 on non-Linux platforms; otherwise, as large as possible
1450 within the cache-size, while permitting the requested or the
1453 ``refcount-cache-size``
1455 (default: 4 times the cluster size; or if cache-size is
1459 ``cache-clean-interval``
1465 ``pass-discard-request``
1470 ``pass-discard-snapshot``
1475 ``pass-discard-other``
1480 ``discard-no-unref``
1485 setting of the pass-discard-request option. Keeping the clusters
1487 caused by freeing and re-allocating them later. Besides potential
1496 ``overlap-check``
1500 ``blockdev-add``.
1506 -blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2
1507 -blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216
1513 …-blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2
1515 ``Driver-specific options for other drivers``
1516 Please refer to the QAPI documentation of the ``blockdev-add``
1521 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n"
1526 " [,readonly=on|off][,copy-on-read=on|off]\n"
1527 " [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n"
1536 ``-drive option[,option[,option[,...]]]``
1539 defining the corresponding ``-blockdev`` and ``-device`` options.
1541 ``-drive`` accepts all options that are accepted by ``-blockdev``.
1573 given drive (see ``-snapshot``).
1579 and ``cache.no-flush`` options (as in ``-blockdev``), and
1581 the ``write-cache`` option of block guest devices (as in
1582 ``-device``). The modes correspond to the following settings:
1585 \ cache.writeback cache.direct cache.no-flush
1613 ``copy-on-read=copy-on-read``
1614 copy-on-read is "on" or "off" and enables whether to copy read
1662 When using the ``-snapshot`` option, unsafe caching is always used.
1664 Copy-on-read avoids accessing the same backing file sectors
1666 network. By default copy-on-read is off.
1668 Instead of ``-cdrom`` you can use:
1670 .. parsed-literal::
1672 |qemu_system| -drive file=file,index=2,media=cdrom
1674 Instead of ``-hda``, ``-hdb``, ``-hdc``, ``-hdd``, you can use:
1676 .. parsed-literal::
1678 |qemu_system| -drive file=file,index=0,media=disk
1679 |qemu_system| -drive file=file,index=1,media=disk
1680 |qemu_system| -drive file=file,index=2,media=disk
1681 |qemu_system| -drive file=file,index=3,media=disk
1683 You can open an image using pre-opened file descriptors from an fd
1686 .. parsed-literal::
1689 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\
1690 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\
1691 -drive file=/dev/fdset/2,index=0,media=disk
1695 .. parsed-literal::
1697 |qemu_system_x86| -drive file=file,if=ide,index=1,media=cdrom
1702 .. parsed-literal::
1704 |qemu_system_x86| -drive if=ide,index=1,media=cdrom
1706 Instead of ``-fda``, ``-fdb``, you can use:
1708 .. parsed-literal::
1710 |qemu_system_x86| -drive file=file,index=0,if=floppy
1711 |qemu_system_x86| -drive file=file,index=1,if=floppy
1716 .. parsed-literal::
1718 |qemu_system_x86| -drive file=a -drive file=b
1722 .. parsed-literal::
1724 |qemu_system_x86| -hda a -hdb b
1728 "-mtdblock file use 'file' as on-board Flash memory image\n",
1731 ``-mtdblock file``
1732 Use file as on-board Flash memory image.
1736 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL)
1738 ``-sd file``
1743 "-snapshot write to temporary files instead of disk image files\n",
1746 ``-snapshot``
1749 force the write back by pressing C-a s (see the :ref:`disk images`
1753 snapshot is incompatible with ``-blockdev`` (instead use qemu-img
1755 If you have mixed ``-blockdev`` and ``-drive`` declarations you
1762 "-fsdev local,id=id,path=path,security_model=mapped-xattr|mapped-file|passthrough|none\n"
1764 " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n"
1765 " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n"
1766 …" [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n"
1767 …" [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm…
1768 " [[,throttling.iops-size=is]]\n"
1769 "-fsdev synth,id=id\n",
1773 ``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly=on][,fm…
1775 ``-fsdev synth,id=id[,readonly=on]``
1793 Supported security models are "passthrough", "mapped-xattr",
1794 "mapped-file" and "none". In "passthrough" security model, files
1796 guest. This requires QEMU to run as root. In "mapped-xattr"
1799 "mapped-file" these attributes are stored in the hidden
1815 default read-write access is given.
1819 Works only with security models "mapped-xattr" and
1820 "mapped-file".
1824 host. Works only with security models "mapped-xattr" and
1825 "mapped-file".
1827 ``throttling.bps-total=b,throttling.bps-read=r,throttling.bps-write=w``
1831 ``throttling.bps-total-max=bm,bps-read-max=rm,bps-write-max=wm``
1836 ``throttling.iops-total=i,throttling.iops-read=r, throttling.iops-write=w``
1840 ``throttling.iops-total-max=im,throttling.iops-read-max=irm, throttling.iops-write-max=iwm``
1845 ``throttling.iops-size=is``
1849 -fsdev option is used along with -device driver "virtio-9p-...".
1851 ``-device virtio-9p-type,fsdev=id,mount_tag=mount_tag``
1852 Options for virtio-9p-... driver are:
1859 Specifies the id value specified along with -fsdev option.
1867 … "-virtfs local,path=path,mount_tag=tag,security_model=mapped-xattr|mapped-file|passthrough|none\n"
1869 "-virtfs synth,mount_tag=tag[,id=id][,readonly=on]\n",
1873 ``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,r…
1875 ``-virtfs synth,mount_tag=mount_tag``
1877 a virtio-9p-device (a.k.a. 9pfs), which essentially means that a certain
1878 directory on host is made directly accessible by guest as a pass-through
1883 Note that ``-virtfs`` is actually just a convenience shortcut for its
1884 generalized form ``-fsdev -device virtio-9p-pci``.
1886 The general form of pass-through file system options are:
1903 Supported security models are "passthrough", "mapped-xattr",
1904 "mapped-file" and "none". In "passthrough" security model, files
1906 guest. This requires QEMU to run as root. In "mapped-xattr"
1909 "mapped-file" these attributes are stored in the hidden
1925 default read-write access is given.
1929 Works only with security models "mapped-xattr" and
1930 "mapped-file".
1934 host. Works only with security models "mapped-xattr" and
1935 "mapped-file".
1970 "-iscsi [user=user][,password=password][,password-secret=secret-id]\n"
1971 " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE]\n"
1972 " [,initiator-name=initiator-iqn][,id=target-iqn]\n"
1977 ``-iscsi``
1986 "-usb enable on-board USB host controller (if not enabled by default)\n",
1989 ``-usb``
1990 Enable USB emulation on machine types with an on-board USB host
1991 controller (if not enabled by default). Note that on-board USB host
1993 ``-device qemu-xhci`` can be used instead on machines with PCI.
1997 "-usbdevice name add the host or guest USB device 'name'\n",
2000 ``-usbdevice devname``
2001 Add the USB device devname, and enable an on-board USB controller
2003 ``-machine usb=on``). Note that this option is mainly intended for
2004 the user's convenience only. More fine-grained control can be
2006 desired USB device via the ``-device`` option instead. For example,
2007 instead of using ``-usbdevice mouse`` it is possible to use
2008 ``-device qemu-xhci -device usb-mouse`` to connect the USB mouse
2019 ``usb-braille`` USB device).
2034 ``wacom-tablet``
2046 "-display spice-app[,gl=on|off]\n"
2049 "-display sdl[,gl=on|core|es|off][,grab-mod=<mod>][,show-cursor=on|off]\n"
2050 " [,window-close=on|off]\n"
2053 "-display gtk[,full-screen=on|off][,gl=on|off][,grab-on-hover=on|off]\n"
2054 " [,show-tabs=on|off][,show-cursor=on|off][,window-close=on|off]\n"
2055 " [,show-menubar=on|off][,zoom-to-fit=on|off]\n"
2058 "-display vnc=<display>[,<optargs>]\n"
2061 "-display curses[,charset=<encoding>]\n"
2064 "-display cocoa[,full-grab=on|off][,swap-opt-cmd=on|off]\n"
2065 " [,show-cursor=on|off][,left-command-key=on|off]\n"
2066 " [,full-screen=on|off][,zoom-to-fit=on|off]\n"
2069 "-display egl-headless[,rendernode=<file>]\n"
2072 "-display dbus[,addr=<dbusaddr>]\n"
2075 "-display none\n"
2079 "\"-display gtk\"\n"
2081 "\"-display sdl\"\n"
2083 "\"-display cocoa\"\n"
2085 "\"-vnc localhost:0,to=99,id=default\"\n"
2087 "\"-display none\"\n"
2091 ``-display type``
2092 Select type of display to use. Use ``-display help`` to list the available
2095 ``spice-app[,gl=on|off]``
2101 Export the display over D-Bus interfaces. (Since 7.0)
2106 ``addr=<dbusaddr>`` : D-Bus bus address to connect to.
2108 ``p2p=yes|no`` : Use peer-to-peer connection, accepted via QMP ``add_client``.
2110 ``gl=on|off|core|es`` : Use OpenGL for rendering (the D-Bus interface
2118 ``grab-mod=<mods>`` : Used to select the modifier keys for toggling
2120 either ``lshift-lctrl-lalt`` or ``rctrl``.
2124 ``show-cursor=on|off`` : Force showing the mouse cursor
2126 ``window-close=on|off`` : Allow to quit qemu with window close button
2130 drop-down menus and other UI elements to configure and control
2133 ``full-screen=on|off`` : Start in fullscreen mode
2137 ``grab-on-hover=on|off`` : Grab keyboard input on mouse hover
2139 ``show-tabs=on|off`` : Display the tab bar for switching between the
2143 ``show-cursor=on|off`` : Force showing the mouse cursor
2145 ``window-close=on|off`` : Allow to quit qemu with window close button
2147 ``show-menubar=on|off`` : Display the main window menubar, defaults to "on"
2149 ``zoom-to-fit=on|off`` : Expand video output to the window size,
2165 provides drop-down menus and other UI elements to configure and
2168 ``full-grab=on|off`` : Capture all key presses, including system combos.
2172 https://support.apple.com/en-in/guide/mac-help/mh32356/mac
2174 ``swap-opt-cmd=on|off`` : Swap the Option and Command keys so that their
2175 key codes match their position on non-Mac
2179 ``show-cursor=on|off`` : Force showing the mouse cursor
2181 ``left-command-key=on|off`` : Disable forwarding left command key to host
2183 ``full-screen=on|off`` : Start in fullscreen mode
2185 ``zoom-to-fit=on|off`` : Expand video output to the window size,
2188 ``egl-headless[,rendernode=<file>]``
2199 the QEMU user. This option differs from the -nographic option in
2200 that it only affects what is done with video output; -nographic
2206 "-nographic disable graphical output and redirect serial I/Os to console\n",
2209 ``-nographic``
2217 Use C-a h for help on switching between the console and monitor.
2222 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n"
2223 " [,x509-key-file=<file>][,x509-key-password=<file>]\n"
2224 " [,x509-cert-file=<file>][,x509-cacert-file=<file>]\n"
2225 " [,x509-dh-key-file=<file>][,addr=addr]\n"
2227 " [,tls-ciphers=<list>]\n"
2228 " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
2229 " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
2230 " [,sasl=on|off][,disable-ticketing=on|off]\n"
2231 " [,password-secret=<secret-id>]\n"
2232 " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
2233 " [,jpeg-wan-compression=[auto|never|always]]\n"
2234 " [,zlib-glz-wan-compression=[auto|never|always]]\n"
2235 " [,streaming-video=[off|all|filter]][,disable-copy-paste=on|off]\n"
2236 " [,disable-agent-file-xfer=on|off][,agent-mouse=[on|off]]\n"
2237 " [,playback-compression=[on|off]][,seamless-migration=[on|off]]\n"
2240 " at least one of {port, tls-port} is mandatory\n",
2244 ``-spice option[,option[,...]]``
2257 ``password-secret=<secret-id>``
2275 ``disable-ticketing=on|off``
2278 ``disable-copy-paste=on|off``
2281 ``disable-agent-file-xfer=on|off``
2282 Disable spice-vdagent based file-xfer between the client and the
2285 ``tls-port=<nr>``
2288 ``x509-dir=<dir>``
2289 Set the x509 file directory. Expects same filenames as -vnc
2292 …``x509-key-file=<file>``; \ ``x509-key-password=<file>``; \ ``x509-cert-file=<file>``; \ ``x509-ca…
2295 ``tls-ciphers=<list>``
2298 …``tls-channel=[main|display|cursor|inputs|record|playback]``; \ ``plaintext-channel=[main|display|…
2306 ``image-compression=[auto_glz|auto_lz|quic|glz|lz|off]``
2309 ``jpeg-wan-compression=[auto|never|always]``; \ ``zlib-glz-wan-compression=[auto|never|always]``
2313 ``streaming-video=[off|all|filter]``
2316 ``agent-mouse=[on|off]``
2319 ``playback-compression=[on|off]``
2323 ``seamless-migration=[on|off]``
2335 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n"
2338 ``-vga type``
2355 VMWare SVGA-II compatible adapter. Use it if you have
2367 framebuffer for sun4m machines and offers both 8-bit and 24-bit
2371 (sun4m only) Sun cgthree framebuffer. This is a simple 8-bit
2383 DEF("full-screen", 0, QEMU_OPTION_full_screen,
2384 "-full-screen start in full screen\n", QEMU_ARCH_ALL)
2386 ``-full-screen``
2391 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n",
2394 ``-g`` *width*\ ``x``\ *height*\ ``[x``\ *depth*\ ``]``
2407 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL)
2410 ``-vnc display[,option[,option[,...]]]``
2416 using this option (option ``-device usb-tablet``). When using the
2417 VNC display, you must use the ``-k`` parameter to set the keyboard
2418 layout if you are not using en-us. Valid syntax for the display is
2422 until the number L, if the originally defined "-vnc display" is
2478 should use ``expire_password <protocol> <expiration-time>``
2489 ``password-secret=<secret-id>``
2492 object identified by ``secret-id``.
2494 ``tls-creds=ID``
2500 using the ``-object tls-creds`` argument.
2502 ``tls-authz=ID``
2525 ``sasl-authz=ID``
2535 creation of two ``authz-list`` objects with IDs of
2540 ``sasl-authz`` and ``tls-authz`` options are a replacement.
2548 ``non-adaptive=on|off``
2556 ``share=[allow-exclusive|force-shared|ignore]``
2557 Set display sharing policy. 'allow-exclusive' allows clients to
2561 session (vncviewer: -shared switch). This is the default.
2562 'force-shared' disables exclusive client access. Useful for
2564 specify -shared disconnect everybody else. 'ignore' completely
2569 ``key-delay-ms``
2571 milliseconds. Default is 10. Keyboards are low-bandwidth
2579 transmission. When not using an -audiodev argument, this option
2583 ``power-control=on|off``
2592 DEF("win2k-hack", 0, QEMU_OPTION_win2k_hack,
2593 "-win2k-hack use it when installing Windows 2000 to avoid a disk full bug\n",
2596 ``-win2k-hack``
2599 option slows down the IDE transfers). Synonym of ``-global
2600 ide-device.win2k-install-hack=on``.
2603 DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
2604 "-no-fd-bootchk disable boot signature checking for floppy disks\n",
2607 ``-no-fd-bootchk``
2609 needed to boot from old floppy disks. Synonym of ``-m fd-bootchk=off``.
2613 …"-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,a…
2616 ``-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n] [,asl_compiler_id=str][,…
2629 "-smbios file=binary\n"
2631 "-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]\n"
2634 "-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]\n"
2637 "-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str]\n"
2640 "-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str]\n"
2643 "-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n"
2644 " [,asset=str][,part=str][,max-speed=%d][,current-speed=%d]\n"
2645 " [,processor-family=%d][,processor-id=%d]\n"
2647 …"-smbios type=8[,external_reference=str][,internal_reference=str][,connector_type=%d][,port_type=%…
2649 "-smbios type=11[,value=str][,path=filename]\n"
2651 "-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n"
2654 "-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]\n"
2658 ``-smbios file=binary``
2661 ``-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off]``
2664 ``-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str][,uuid=uuid][,sku=str][…
2667 ``-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str][,asset=str][,location=…
2670 ``-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str][,sku=str]``
2673 ``-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str…
2676 ``-smbios type=9[,slot_designation=str][,slot_type=%d][,slot_data_bus_width=%d][,current_usage=%d][…
2679 ``-smbios type=11[,value=str][,path=filename]``
2700 .. parsed-literal::
2702 -smbios type=11,value=cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/,\\
2708 .. parsed-literal::
2710 $ dmidecode -t 11
2713 String 1: cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/
2718 ``-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,…
2721 ``-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]``
2730 .. parsed-literal::
2732 -netdev user,id=internet \\
2733 -device virtio-net-pci,mac=50:54:00:00:00:42,netdev=internet,id=internet-dev \\
2734 -smbios type=41,designation='Onboard LAN',instance=1,kind=ethernet,pcidev=internet-dev
2738 ..parsed-literal::
2740 $ ip -brief l
2754 "-netdev user,id=str[,ipv4=on|off][,net=addr[/mask]][,host=addr]\n"
2755 " [,ipv6=on|off][,ipv6-net=addr[/int]][,ipv6-host=addr]\n"
2757 " [,dns=addr][,ipv6-dns=addr][,dnssearch=domain][,domainname=domain]\n"
2758 " [,tftp=dir][,tftp-server-name=name][,bootfile=f][,hostfwd=rule][,guestfwd=rule]"
2766 "-netdev tap,id=str,ifname=name\n"
2769 "-netdev tap,id=str[,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]\n"
2772 " [,poll-us=n]\n"
2789 " use vhostforce=on to force vhost on for non-MSIX virtio guests\n"
2793 " use 'poll-us=n' to specify the maximum number of microseconds that could be\n"
2795 "-netdev bridge,id=str[,br=bridge][,helper=helper]\n"
2801 "-netdev l2tpv3,id=str,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport]\n"
2809 " VM to a router and even VM to Host. It is a nearly-universal\n"
2810 " standard (RFC3931). Note - this implementation uses static\n"
2811 " pre-configured tunnels (same as the Linux kernel).\n"
2823 " use 'counter=off' to force a 'cut-down' L2TPv3 with no counter\n"
2827 "-netdev socket,id=str[,fd=h][,listen=[host]:port][,connect=host:port]\n"
2830 "-netdev socket,id=str[,fd=h][,mcast=maddr:port[,localaddr=addr]]\n"
2833 "-netdev socket,id=str[,fd=h][,udp=host:port][,localaddr=host:port]\n"
2836 …-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,n…
2837 …"-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|o…
2838 …"-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=millise…
2841 …"-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.h…
2842 …"-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str…
2845 …"-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.hos…
2846 "-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]\n"
2847 "-netdev dgram,id=str,local.type=fd,local.str=file-descriptor\n"
2851 "-netdev vde,id=str[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]\n"
2858 "-netdev netmap,id=str,ifname=name[,devname=nmname]\n"
2859 " attach to the existing netmap-enabled network interface 'name', or to a\n"
2864 "-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off]\n"
2865 " [,queues=n][,start-queue=m][,inhibit=on|off][,sock-fds=x:y:...:z]\n"
2868 …" use 'force-copy=on|off' to force XDP copy mode even if device supports zero-copy …
2871 " use 'sock-fds' to provide file descriptors for already open AF_XDP sockets\n"
2874 " use 'start-queue=m' to specify the first queue that should be used\n"
2877 "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n"
2878 " configure a vhost-user network, backed by a chardev 'dev'\n"
2881 "-netdev vhost-vdpa,id=str[,vhostdev=/path/to/dev][,vhostfd=h]\n"
2882 " configure a vhost-vdpa network,Establish a vhost-vdpa netdev\n"
2887 "-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]\n"
2888 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
2893 " vmnet-host interfaces within this isolated network\n"
2894 "-netdev vmnet-shared,id=str[,isolated=on|off][,nat66-prefix=addr]\n"
2895 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n"
2900 "-netdev vmnet-bridged,id=str,ifname=name[,isolated=on|off]\n"
2905 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
2908 "-nic [tap|bridge|"
2922 "af-xdp|"
2925 "vhost-user|"
2928 "vmnet-host|vmnet-shared|vmnet-bridged|"
2931 " initialize an on-board / default host NIC (using MAC address\n"
2933 "-nic none use it alone to have zero network devices (the default is to\n"
2937 "-net nic[,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n"
2938 " configure or create an on-board (or machine default) NIC and\n"
2939 " connect it to hub 0 (please use -nic unless you need a hub)\n"
2940 "-net ["
2953 "af-xdp|"
2956 "vmnet-host|vmnet-shared|vmnet-bridged|"
2960 " (use the -netdev option if possible instead)\n", QEMU_ARCH_ALL)
2962 ``-nic [tap|bridge|user|l2tpv3|vde|netmap|af-xdp|vhost-user|socket][,...][,mac=macaddr][,model=mn]``
2963 This option is a shortcut for configuring both the on-board
2966 ``-netdev`` options below. The guest NIC model can be set with
2970 The following two example do exactly the same, to show how ``-nic``
2973 .. parsed-literal::
2975 |qemu_system| -netdev user,id=n1,ipv6=off -device e1000,netdev=n1,mac=52:54:98:76:54:32
2976 |qemu_system| -nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32
2978 ``-nic none``
2984 ``-netdev user,id=id[,option][,option][,...]``
2998 top-most bits. Default is 10.0.2.0/24.
3001 Specify the guest-visible address of the host. Default is the
3004 ``ipv6-net=addr[/int]``
3008 as the number of valid top-most bits (default is 64).
3010 ``ipv6-host=addr``
3011 Specify the guest-visible IPv6 address of the host. Default is
3021 Specifies the client hostname reported by the built-in DHCP
3025 Specify the first of the 16 IPs the built-in DHCP server can
3030 Specify the guest-visible address of the virtual nameserver. The
3034 ``ipv6-dns=addr``
3035 Specify the guest-visible address of the IPv6 virtual
3040 Provides an entry for the domain-search list sent by the
3041 built-in DHCP server. More than one domain suffix can be
3049 .. parsed-literal::
3051 |qemu_system| -nic user,dnssearch=mgmt.example.org,dnssearch=example.org
3054 Specifies the client domain name reported by the built-in DHCP
3058 When using the user mode network stack, activate a built-in TFTP
3062 The built-in TFTP server is read-only; it does not implement any
3065 ``tftp-server-name=name``
3078 .. parsed-literal::
3080 |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \\
3081 -netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0
3084 When using the user mode network stack, activate a built-in SMB
3104 ``hostfwd=[tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport``
3108 (default first address given by the built-in DHCP server). By
3116 .. parsed-literal::
3119 |qemu_system| -nic user,hostfwd=tcp:127.0.0.1:6001-:6000
3121 xterm -display :1
3126 .. parsed-literal::
3129 |qemu_system| -nic user,hostfwd=tcp::5555-:23
3135 ``guestfwd=[tcp]:server:port-dev``; \ ``guestfwd=[tcp]:server:port-cmd:command``
3144 .. parsed-literal::
3148 |qemu_system| -nic user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321
3154 .. parsed-literal::
3158 |qemu_system| -nic 'user,id=n1,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321'
3160 ``-netdev tap,id=id[,fd=h][,ifname=name][,script=file][,downscript=dfile][,br=bridge][,helper=helpe…
3166 ``/etc/qemu-ifup`` and the default network deconfigure script is
3167 ``/etc/qemu-ifdown``. Use ``script=no`` or ``downscript=no`` to
3173 ``/path/to/qemu-bridge-helper`` and the default bridge device is
3181 .. parsed-literal::
3184 |qemu_system| linux.img -nic tap
3186 .. parsed-literal::
3191 -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \\
3192 -netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1
3194 .. parsed-literal::
3198 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3199 -netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper"
3201 ``-netdev bridge,id=id[,br=bridge][,helper=helper]``
3206 ``/path/to/qemu-bridge-helper`` and the default bridge device is
3211 .. parsed-literal::
3215 |qemu_system| linux.img -netdev bridge,id=n1 -device virtio-net,netdev=n1
3217 .. parsed-literal::
3221 |qemu_system| linux.img -netdev bridge,br=qemubr0,id=n1 -device virtio-net,netdev=n1
3223 ``-netdev socket,id=id[,fd=h][,listen=[host]:port][,connect=host:port]``
3233 .. parsed-literal::
3237 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3238 -netdev socket,id=n1,listen=:1234
3241 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
3242 -netdev socket,id=n2,connect=127.0.0.1:1234
3244 ``-netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]]``
3254 ``ethN=mcast``), see http://user-mode-linux.sf.net.
3260 .. parsed-literal::
3264 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3265 -netdev socket,id=n1,mcast=230.0.0.1:1234
3268 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\
3269 -netdev socket,id=n2,mcast=230.0.0.1:1234
3272 -device e1000,netdev=n3,mac=52:54:00:12:34:58 \\
3273 -netdev socket,id=n3,mcast=230.0.0.1:1234
3277 .. parsed-literal::
3281 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3282 -netdev socket,id=n1,mcast=239.192.168.1:1102
3288 .. parsed-literal::
3291 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\
3292 -netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4
3294 …-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,n…
3309 ``keep-alive=on|off``
3310 enable keep-alive when connecting to this socket. Not supported for passive sockets.
3321 ``reconnect-ms=milliseconds``
3327 .. parsed-literal::
3331 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3332 … -netdev stream,id=net0,server=on,addr.type=inet,addr.host=localhost,addr.port=1234
3335 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3336 …-netdev stream,id=net0,server=off,addr.type=inet,addr.host=localhost,addr.port=1234,reconnect-ms=5…
3338 ``-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|o…
3353 ``reconnect-ms=milliseconds``
3357 Example (using passt as a replacement of -netdev user):
3359 .. parsed-literal::
3366 -device virtio-net,netdev=net0 \\
3367 -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket
3371 .. parsed-literal::
3375 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3379 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3380 … -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/qemu0,reconnect-ms=5000
3382 ``-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=millise…
3388 ``addr.str=file-descriptor``
3391 ``reconnect-ms=milliseconds``
3395 ``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.h…
3406 .. parsed-literal::
3410 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3411 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3414 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3415 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3418 -device virtio-net,netdev=net0,mac=52:54:00:12:34:58 \\
3419 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234
3421 ``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str…
3427 ``local.str=file-descriptor``
3430 ``-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.hos…
3442 .. parsed-literal::
3446 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3447 …-netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1234,remote.type=inet,remote…
3450 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3451 …-netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1235,remote.type=inet,remote…
3453 ``-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]``
3465 .. parsed-literal::
3469 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\
3470 …-netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu0,remote.type=unix,remote.path=/tmp/qemu1
3473 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\
3474 …-netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu1,remote.type=unix,remote.path=/tmp/qemu0
3476 ``-netdev dgram,id=str,local.type=fd,local.str=file-descriptor``
3480 ``local.str=file-descriptor``
3483 ``-netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsess…
3519 Force a 'cut-down' L2TPv3 with no counter as in
3520 draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00
3530 the bridge br-lan on the remote Linux host 1.2.3.4:
3532 .. parsed-literal::
3542 brctl addif br-lan vmtunnel0
3546 # launch QEMU instance - if your network has reorder or is very lossy add ,pincounter
3548 |qemu_system| linux.img -device e1000,netdev=n1 \\
3549 …-netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp=on,srcport=16384,dstport=16384,rxsession=0xffffff…
3551 ``-netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]``
3560 .. parsed-literal::
3563 vde_switch -F -sock /tmp/myswitch
3565 |qemu_system| linux.img -nic vde,sock=/tmp/myswitch
3567 ``-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off][,queues=n][,start-queue=m…
3570 XDP program can be forced with 'mode', defaults to best-effort,
3573 defaults to 1. Traffic arriving on non-configured device queues will
3576 .. parsed-literal::
3579 ethtool -L eth0 combined 4
3581 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3582 -netdev af-xdp,id=n1,ifname=eth0,queues=4
3584 'start-queue' option can be specified if a particular range of queues
3592 .. parsed-literal::
3595 ethtool -L eth0 combined 1
3597 # note: drivers may require non-empty key/mask pair.
3598 ethtool -N eth0 flow-type ether \\
3600 ethtool -N eth0 flow-type ether \\
3603 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3604 -netdev af-xdp,id=n1,ifname=eth0,queues=1,start-queue=1
3607 should be set to 'on' and 'sock-fds' provided with file descriptors for
3611 .. parsed-literal::
3613 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\
3614 -netdev af-xdp,id=n1,ifname=eth0,queues=3,inhibit=on,sock-fds=15:16:17
3616 ``-netdev vhost-user,chardev=id[,vhostforce=on|off][,queues=n]``
3617 Establish a vhost-user netdev, backed by a chardev id. The chardev
3618 should be a unix domain socket backed one. The vhost-user uses a
3621 non-MSIX guests, the feature can be forced with vhostforce. Use
3623 multiqueue vhost-user.
3629 qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
3630 -numa node,memdev=mem \
3631 -chardev socket,id=chr0,path=/path/to/socket \
3632 -netdev type=vhost-user,id=net0,chardev=chr0 \
3633 -device virtio-net-pci,netdev=net0
3635 ``-netdev vhost-vdpa[,vhostdev=/path/to/dev][,vhostfd=h]``
3636 Establish a vhost-vdpa netdev.
3643 ``-netdev hubport,id=id,hubid=hubid[,netdev=nd]``
3651 ``-net nic[,netdev=nd][,macaddr=mac][,model=type] [,name=name][,addr=addr][,vectors=v]``
3652 Legacy option to configure or create an on-board (or machine
3661 can specify the number v of MSI-X vectors that the card should have;
3663 disable MSI-X. If no ``-net`` option is specified, a single NIC is
3665 Use ``-net nic,model=help`` for a list of available devices for your
3668 ``-net user|tap|bridge|socket|l2tpv3|vde[,...][,name=name]``
3670 the same ``-netdev`` option) and connect it to the emulated hub 0
3679 "-chardev help\n"
3680 "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3681 …"-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off]\…
3682 …" [,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect-ms=millisec…
3683 " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n"
3684 …"-chardev socket,id=id,path=path[,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][…
3686 "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n"
3689 "-chardev msmouse,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3690 "-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]\n"
3692 "-chardev ringbuf,id=id[,size=size][,logfile=PATH][,logappend=on|off]\n"
3693 …"-chardev file,id=id,path=path[,input-path=input-file][,mux=on|off][,logfile=PATH][,logappend=on|o…
3694 "-chardev pipe,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3696 "-chardev console,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3697 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3699 "-chardev pty,id=id[,path=path][,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3700 "-chardev stdio,id=id[,mux=on|off][,signal=on|off][,logfile=PATH][,logappend=on|off]\n"
3703 "-chardev braille,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3707 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3710 "-chardev parallel,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n"
3713 "-chardev spicevmc,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n"
3714 "-chardev spiceport,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n"
3722 ``-chardev backend,id=id[,mux=on|off][,options]``
3729 Use ``-chardev help`` to print all available chardev backend types.
3736 front-ends. Specify ``mux=on`` to enable this mode. A multiplexer is
3750 -chardev stdio,mux=on,id=char0 \
3751 -mon chardev=char0,mode=readline \
3752 -serial chardev:char0 \
3753 -serial chardev:char0
3762 -chardev stdio,mux=on,id=char0 \
3763 -mon chardev=char0,mode=readline \
3764 -parallel chardev:char0 \
3765 -chardev tcp,...,mux=on,id=char1 \
3766 -serial chardev:char1 \
3767 -serial chardev:char1
3775 multiplexed character backends; for instance ``-serial mon:stdio``
3777 the QEMU monitor, and ``-nographic`` also multiplexes the console
3791 ``-chardev null,id=id``
3795 …-chardev socket,id=id[,TCP options or unix options][,server=on|off][,wait=on|off][,telnet=on|off][…
3796 Create a two-way stream socket, which can be either a TCP or a unix
3812 ``reconnect-ms`` sets the timeout for reconnecting on non-server
3817 ``tls-creds`` requests enablement of the TLS protocol for
3820 ``-object tls-creds`` argument.
3822 ``tls-auth`` provides the ID of the QAuthZ authorization object
3860 ``-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr][,localport=localport][,ipv4=on|off…
3878 ``-chardev msmouse,id=id``
3882 ``-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]``
3892 ``-chardev ringbuf,id=id[,size=size]``
3896 ``-chardev file,id=id,path=path[,input-path=input-path]``
3903 If ``input-path`` is specified, this is the path of a second file
3904 which will be used for input. If ``input-path`` is not specified,
3907 Note that ``input-path`` is not supported on Windows hosts.
3909 ``-chardev pipe,id=id,path=path``
3910 Create a two-way connection to the guest. The behaviour differs
3924 ``-chardev console,id=id``
3930 ``-chardev serial,id=id,path=path``
3938 ``-chardev pty,id=id[,path=path]``
3939 Create a new pseudo-terminal on the host and connect to it.
3954 ``-chardev stdio,id=id[,signal=on|off]``
3958 includes exiting QEMU with the key sequence Control-c. This option
3961 ``-chardev braille,id=id``
3965 ``-chardev parallel,id=id,path=path``
3975 ``-chardev spicevmc,id=id,debug=debug,name=name``
3984 ``-chardev spiceport,id=id,debug=debug,name=name``
4001 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n"
4003 " use cancel-path to provide path to TPM's cancel sysfs entry; if\n"
4005 "-tpmdev emulator,id=id,chardev=dev\n"
4011 ``-tpmdev backend,id=id[,options]``
4013 ``-tpmdev`` option creates the TPM backend and requires a
4014 ``-device`` option that specifies the TPM frontend interface model.
4016 Use ``-tpmdev help`` to print all available TPM backend types.
4020 ``-tpmdev passthrough,id=id,path=path,cancel-path=cancel-path``
4021 (Linux-host only) Enable access to the host's TPM using the
4028 ``cancel-path`` specifies the path to the host TPM device's sysfs
4030 ``cancel-path`` is optional and by default QEMU will search for the
4040 the TPM again and may therefore not show a TPM-specific menu that
4053 -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0
4055 Note that the ``-tpmdev`` id is ``tpm0`` and is referenced by
4058 ``-tpmdev emulator,id=id,chardev=dev``
4059 (Linux-host only) Enable access to a TPM emulator using Unix domain
4069 …-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm…
4080 - specify a firmware and let it control finding a kernel
4081 - specify a firmware and pass a hint to the kernel to boot
4082 - direct kernel image boot
4083 - manually load files into the guest's address space
4101 For x86 machines and some other architectures ``-bios`` will generally
4103 more strict ``-pflash`` option needs an image that is sized for the
4106 Please see the :ref:`system-targets-ref` section of the manual for
4112 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL)
4114 ``-bios file``
4119 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL)
4121 ``-pflash file``
4141 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL)
4143 ``-kernel bzImage``
4149 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL)
4151 ``-append cmdline``
4156 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL)
4159 ``-initrd file``
4162 ``-initrd "file1 arg=foo,file2"``
4169 ``-initrd "bzImage earlyprintk=xen,,keep root=/dev/xvda1,initrd.img"``
4177 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL)
4179 ``-dtb file``
4193 ``-device loader,addr=<addr>,data=<data>,data-len=<data-len>[,data-be=<data-be>][,cpu-num=<cpu-num>…
4196 tweaks the DTB so a hypervisor loaded via ``-kernel`` can find where
4199 ``-device guest-loader,addr=<addr>[,kernel=<path>,[bootargs=<arguments>]][,initrd=<path>]``
4208 "-compat [deprecated-input=accept|reject|crash][,deprecated-output=accept|hide]\n"
4210 "-compat [unstable-input=accept|reject|crash][,unstable-output=accept|hide]\n"
4214 ``-compat [deprecated-input=@var{input-policy}][,deprecated-output=@var{output-policy}]``
4217 ``deprecated-input=accept`` (default)
4219 ``deprecated-input=reject``
4221 ``deprecated-input=crash``
4223 ``deprecated-output=accept`` (default)
4225 ``deprecated-output=hide``
4230 ``-compat [unstable-input=@var{input-policy}][,unstable-output=@var{output-policy}]``
4233 ``unstable-input=accept`` (default)
4235 ``unstable-input=reject``
4237 ``unstable-input=crash``
4239 ``unstable-output=accept`` (default)
4241 ``unstable-output=hide``
4248 "-fw_cfg [name=]<name>,file=<file>\n"
4250 "-fw_cfg [name=]<name>,string=<str>\n"
4254 ``-fw_cfg [name=]name,file=file``
4259 ``-fw_cfg [name=]name,string=str``
4274 -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin
4281 "-serial dev redirect the serial port to char device 'dev'\n",
4284 ``-serial dev``
4292 You can use ``-serial none`` to suppress the creation of default
4339 Use a named character device defined with the ``-chardev``
4369 ``-serial udp::4555`` and nc as: ``nc -u -l -p 4555``. Any time
4375 the same source port each time by using something like ``-serial
4385 -serial udp::4555@:4556
4388 -u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T
4393 ``tcp:[host]:port[,server=on|off][,wait=on|off][,nodelay=on|off][,reconnect-ms=milliseconds]``
4400 option disables the Nagle buffering algorithm. The ``reconnect-ms``
4408 -serial tcp:192.168.0.2:4444
4411 -serial tcp::4444,server=on
4414 -serial tcp:192.168.0.100:4444,server=on,wait=off
4418 options work the same as if you had specified ``-serial tcp``.
4423 you do it with Control-] and then type "send break" followed by
4430 ``unix:path[,server=on|off][,wait=on|off][,reconnect-ms=milliseconds]``
4432 works the same as if you had specified ``-serial tcp`` except
4438 sequence of Control-a and then pressing c. dev\_string should be
4443 ``-serial mon:telnet::4444,server=on,wait=off``
4459 "-parallel dev redirect the parallel port to char device 'dev'\n",
4462 ``-parallel dev``
4471 Use ``-parallel none`` to disable all parallel ports.
4475 "-monitor dev redirect the monitor to char device 'dev'\n",
4478 ``-monitor dev``
4481 in non graphical mode. Use ``-monitor none`` to disable the default
4485 "-qmp dev like -monitor but opens in 'control' mode\n",
4488 ``-qmp dev``
4489 Like ``-monitor`` but opens in 'control' mode. For example, to make
4492 -qmp tcp:localhost:4444,server=on,wait=off
4495 flexibility use the ``-mon`` option and an accompanying ``-chardev``.
4498 DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \
4499 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n",
4502 ``-qmp-pretty dev``
4503 Like ``-qmp`` but uses pretty JSON formatting.
4507 "-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL)
4509 ``-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]``
4513 (QMP; a JSON RPC-style protocol).
4521 -chardev socket,id=mon1,host=localhost,port=4444,server=on,wait=off \
4522 -mon chardev=mon1,mode=control,pretty=on
4524 enables the QMP monitor on localhost port 4444 with pretty-printing.
4528 "-debugcon dev redirect the debug console to char device 'dev'\n",
4531 ``-debugcon dev``
4540 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL)
4542 ``-pidfile file``
4548 "--preconfig pause QEMU before machine is initialized (experimental)\n",
4551 ``--preconfig``
4554 affect machine initialization. Use QMP command 'x-exit-preconfig' to
4556 if -S isn't used or pause the second time if -S is used). This
4561 "-S freeze CPU at startup (use 'c' to start execution)\n",
4564 ``-S``
4569 "-overcommit [mem-lock=on|off][cpu-pm=on|off]\n"
4571 " mem-lock=on|off controls memory lock support (default: off)\n"
4572 " cpu-pm=on|off controls cpu power management (default: off)\n",
4575 ``-overcommit mem-lock=on|off``
4577 ``-overcommit cpu-pm=on|off``
4581 Locking qemu and guest memory can be enabled via ``mem-lock=on``
4583 overcommitted and reduces the worst-case latency for guest.
4587 guest) can be enabled via ``cpu-pm=on`` (disabled by default). This
4594 "-gdb dev accept gdb connection on 'dev'. (QEMU defaults to starting\n"
4595 " the guest without waiting for gdb to connect; use -S too\n"
4599 ``-gdb dev``
4602 execution -- if you want QEMU to not start the guest until you
4604 also pass the ``-S`` option to QEMU.
4608 -gdb tcp::3117
4615 .. parsed-literal::
4617 (gdb) target remote | exec |qemu_system| -gdb stdio ...
4621 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n",
4624 ``-s``
4625 Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234
4630 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n",
4633 ``-d item1[,...]``
4634 Enable logging of specified items. Use '-d help' for a list of log
4639 "-D logfile output log to logfile (default stderr)\n",
4642 ``-D logfile``
4647 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n",
4650 ``-dfilter range1[,...]``
4652 The filter spec can be either start+size, start-size or start..end
4658 -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000
4666 "-seed number seed the pseudo-random number generator\n",
4669 ``-seed number``
4670 Force the guest to use a deterministic pseudo-random number
4676 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
4679 ``-L path``
4682 To list all the data directories, use ``-L help``.
4685 DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \
4686 "-enable-kvm enable KVM full virtualization support\n",
4690 ``-enable-kvm``
4695 DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid,
4696 "-xen-domid id specify xen guest domain id\n",
4698 DEF("xen-attach", 0, QEMU_OPTION_xen_attach,
4699 "-xen-attach attach to existing xen domain\n"
4702 DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict,
4703 "-xen-domid-restrict restrict set of available xen operations\n"
4708 ``-xen-domid id``
4711 ``-xen-attach``
4717 DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \
4718 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL)
4720 ``-no-reboot``
4724 DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \
4725 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL)
4727 ``-no-shutdown``
4734 "-action reboot=reset|shutdown\n"
4736 "-action shutdown=poweroff|pause\n"
4738 "-action panic=pause|shutdown|exit-failure|none\n"
4740 "-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n"
4744 ``-action event=action``
4747 same behaviors that are modified by the ``-no-reboot`` and ``-no-shutdown``
4752 ``-action panic=none``
4753 ``-action reboot=shutdown,shutdown=pause``
4754 ``-device i6300esb -action watchdog=pause``
4759 "-loadvm [tag|id]\n" \
4763 ``-loadvm file``
4769 "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
4772 ``-daemonize``
4780 DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \
4781 "-option-rom rom load a file, rom, into the option ROM space\n",
4784 ``-option-rom file``
4790 "-rtc [base=utc|localtime|<datetime>][,clock=host|rt|vm][,driftfix=none|slew]\n" \
4795 ``-rtc [base=utc|localtime|datetime][,clock=host|rt|vm][,driftfix=none|slew]``
4798 required for correct date in MS-DOS or Windows. To start at a
4800 ``2006-06-17T16:01:21`` or ``2006-06-17``. The default base is UTC.
4818 Windows guest and will re-inject them.
4822 …"-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=<filename>[,rrsnaps…
4826 " record-and-replay mode\n", QEMU_ARCH_ALL)
4828 ``-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=filename[,rrsnapsho…
4872 DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \
4873 "-watchdog-action reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" \
4877 ``-watchdog-action action``
4882 ``inject-nmi`` (inject a NMI into the guest), ``pause`` (pause the
4889 ``-watchdog-action shutdown`` is not recommended for production use.
4893 ``-device i6300esb -watchdog-action pause``
4898 "-echr chr set terminal escape character instead of ctrl-a\n",
4901 ``-echr numeric_ascii_value``
4904 the ``-nographic`` option. ``0x01`` is equal to pressing
4905 ``Control-a``. You can select a different character from the ascii
4906 control keys where 1 through 26 map to Control-a through Control-z.
4908 escape character to Control-t.
4910 ``-echr 0x14``; \ ``-echr 20``
4915 "-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]\n" \
4916 "-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]\n" \
4917 "-incoming unix:socketpath\n" \
4920 "-incoming fd:fd\n" \
4921 "-incoming file:filename[,offset=offset]\n" \
4922 "-incoming exec:cmdline\n" \
4925 "-incoming defer\n" \
4929 ``-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]``
4931 ``-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]``
4934 ``-incoming unix:socketpath``
4937 ``-incoming fd:fd``
4940 ``-incoming file:filename[,offset=offset]``
4944 ``-incoming exec:cmdline``
4948 ``-incoming defer``
4954 DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \
4955 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL)
4957 ``-only-migratable``
4963 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL)
4965 ``-nodefaults``
4968 device, VGA adapter, floppy and CD-ROM drive and others. The
4969 ``-nodefaults`` option will disable all those default devices.
4974 "-runas user change to user id user just before starting the VM\n" \
4979 ``-runas user``
4982 ``-run-with user=...`` instead.
4985 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
4986 "-prom-env variable=value\n"
4990 ``-prom-env variable=value``
4995 qemu-system-sparc -prom-env 'auto-boot?=false' \
4996 -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
5000 qemu-system-ppc -prom-env 'auto-boot?=false' \
5001 -prom-env 'boot-device=hd:2,\yaboot' \
5002 -prom-env 'boot-args=conf=hd:2,\yaboot.conf'
5005 "-semihosting semihosting mode\n",
5009 ``-semihosting``
5010 Enable :ref:`Semihosting` mode (ARM, M68K, Xtensa, MIPS, RISC-V only).
5016 See the -semihosting-config option documentation for further
5019 DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
5020 …"-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg…
5025 ``-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg…
5026 Enable and configure :ref:`Semihosting` (ARM, M68K, Xtensa, MIPS, RISC-V
5047 bare-metal test case code).
5051 multiple times to build up a list. The old-style
5052 ``-kernel``/``-append`` method of passing a command line is
5054 ``--semihosting-config arg`` and the ``-kernel``/``-append`` are
5058 DEF("old-param", 0, QEMU_OPTION_old_param,
5059 "-old-param old param mode\n", QEMU_ARCH_ARM)
5061 ``-old-param``
5066 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \
5081 ``-sandbox arg[,obsolete=string][,elevateprivileges=string][,spawn=string][,resourcecontrol=string]…
5099 "-readconfig <file>\n"
5102 ``-readconfig file``
5108 DEF("no-user-config", 0, QEMU_OPTION_nouserconfig,
5109 "-no-user-config\n"
5110 " do not load default user-provided config files at startup\n",
5113 ``-no-user-config``
5114 The ``-no-user-config`` option makes QEMU not load any of the
5115 user-provided config files on sysconfdir.
5119 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
5123 ``-trace [[enable=]pattern][,events=file][,file=file]``
5124 .. include:: ../qemu-option-trace.rst.inc
5128 "-plugin [file=]<file>[,<argname>=<argvalue>]\n"
5132 ``-plugin file=file[,argname=argvalue]``
5144 DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL)
5147 DEF("run-with", HAS_ARG, QEMU_OPTION_run_with,
5148 "-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]\n"
5150 " async-teardown=on enables asynchronous teardown (Linux only)\n"
5153 " user=uid:gid ditto, but use specified user-ID and group-ID instead\n",
5156 ``-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]``
5159 ``async-teardown=on`` enables asynchronous teardown. A new process called
5172 in combination with -runas.
5184 "-msg [timestamp[=on|off]][,guest-name=[on|off]]\n"
5187 " guest-name=on enables guest name prefix but only if\n"
5188 " -name guest option is set (default: off)\n",
5191 ``-msg [timestamp[=on|off]][,guest-name[=on|off]]``
5197 ``guest-name=on|off``
5198 Prefix messages with guest name but only if -name guest option is set
5202 DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate,
5203 "-dump-vmstate <file>\n"
5205 " Use the scripts/vmstate-static-checker.py file to\n"
5210 ``-dump-vmstate file``
5211 Dump json-encoded vmstate information for current machine type to
5215 DEF("enable-sync-profile", 0, QEMU_OPTION_enable_sync_profile,
5216 "-enable-sync-profile\n"
5220 ``-enable-sync-profile``
5226 "-perfmap generate a /tmp/perf-${pid}.map file for perf\n",
5229 ``-perfmap``
5235 "-jitdump generate a jit-${pid}.dump file for perf\n",
5238 ``-jitdump``
5249 "-object TYPENAME[,PROP1=VALUE1,...]\n"
5256 ``-object typename[,prop1=value1,...]``
5261 …``-object memory-backend-file,id=id,size=size,mem-path=dir,share=on|off,discard-data=on|off,merge=…
5266 reference this memory region in other parameters, e.g. ``-numa``,
5267 ``-device nvdimm``, etc.
5272 The ``mem-path`` provides the path to either a shared memory or
5277 allows a co-operating external process to access the QEMU memory
5285 Setting the ``discard-data`` boolean option to on indicates that
5288 ``discard-data`` is only an optimization, and QEMU might not
5301 The ``host-nodes`` option binds the memory range to a list of
5321 QEMU mmap(2) ``mem-path``, and accepts common suffixes, eg
5322 ``2M``. Some backend store specified by ``mem-path`` requires an
5333 by ``mem-path`` is in host persistent memory that can be
5337 ``mem-path`` (e.g. in vNVDIMM label emulation and live
5338 migration). Also, we will map the backend-file with MAP\_SYNC
5340 ``mem-path`` in case of host crash or a power failure. MAP\_SYNC
5342 4.15) and the filesystem of ``mem-path`` mounted with DAX
5346 read-only or read-write (default).
5362 …``-object memory-backend-ram,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size…
5365 ``-m`` option that is traditionally used to define guest RAM.
5366 Please refer to ``memory-backend-file`` for a description of the
5369 …``-object memory-backend-memfd,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=si…
5372 using vhost-user). The memory is allocated with memfd and
5375 The ``seal`` option creates a sealed-file, that will block
5389 Please refer to ``memory-backend-file`` for a description of the
5394 …``-object memory-backend-shm,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size…
5397 using vhost-user).
5399 ``memory-backend-shm`` is a more portable and less featureful version
5400 of ``memory-backend-memfd``. It can then be used in any POSIX system,
5403 Please refer to ``memory-backend-file`` for a description of the
5410 ``-object iommufd,id=id[,fd=fd]``
5415 vfio-pci of vdpa) will use to connect with the iommufd backend.
5417 The ``fd`` parameter is an optional pre-opened file descriptor
5422 ``-object rng-builtin,id=id``
5426 ``virtio-rng`` device. By default, the ``virtio-rng`` device
5429 ``-object rng-random,id=id,filename=/dev/random``
5433 ``virtio-rng`` device. The ``filename`` parameter specifies
5437 ``-object rng-egd,id=id,chardev=chardevid``
5441 entropy backend from the ``virtio-rng`` device. The ``chardev``
5445 ``-object tls-creds-anon,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off``
5452 ``verify-peer`` is enabled (the default) then once the handshake
5454 is a no-op for anonymous credentials.
5458 dh-params.pem providing diffie-hellman parameters to use for the
5465 ``-object tls-creds-psk,id=id,endpoint=endpoint,dir=/path/to/keys/dir[,username=username]``
5466 Creates a TLS Pre-Shared Keys (PSK) credentials object, which
5477 file can most easily be created using the GnuTLS ``psktool``
5480 For server endpoints, dir may also contain a file dh-params.pem
5481 providing diffie-hellman parameters to use for the TLS server.
5488 …``-object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir,priority=priority,verify-pe…
5495 ``verify-peer`` is enabled (the default) then once the handshake
5502 dh-params.pem providing diffie-hellman parameters to use for the
5511 must be stored in PEM format, in filenames ca-cert.pem,
5512 ca-crl.pem (optional), server-cert.pem (only servers),
5513 server-key.pem (only servers), client-cert.pem (only clients),
5514 and client-key.pem (only clients).
5516 For the server-key.pem and client-key.pem files which contain
5523 priority used by gnutls. This can be useful if the system
5528 this through this parameter. Its format is a gnutls priority
5530 https://gnutls.org/manual/html_node/Priority-Strings.html.
5532 ``-object tls-cipher-suites,id=id,priority=priority``
5542 priority used by gnutls. This can be useful if the system
5547 this through this parameter. Its format is a gnutls priority
5549 https://gnutls.org/manual/html_node/Priority-Strings.html.
5552 The tls-cipher-suites object exposes the ordered list of permitted
5556 guest-side TLS.
5558 In the following example, the priority at which the host-side policy
5560 Given that QEMU uses GNUTLS, ``priority=@SYSTEM`` may be used to
5561 refer to /etc/crypto-policies/back-ends/gnutls.config.
5563 .. parsed-literal::
5566 -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \\
5567 -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0
5569 …``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,positi…
5610 …``-object filter-mirror,id=id,netdev=netdevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][…
5611 filter-mirror on netdev netdevid,mirror net packet to
5613 filter-mirror will mirror packet with vnet\_hdr\_len.
5615 …``-object filter-redirector,id=id,netdev=netdevid,indev=chardevid,outdev=chardevid,queue=all|rx|tx…
5616 filter-redirector on netdev netdevid,redirect filter's net
5618 filter.if it has the vnet\_hdr\_support flag, filter-redirector
5620 filter-redirector we need to differ outdev id from indev id, id
5624 …``-object filter-rewriter,id=id,netdev=netdevid,queue=all|rx|tx,[vnet_hdr_support][,position=head|…
5625 Filter-rewriter is a part of COLO project.It will rewrite tcp
5631 usage: colo secondary: -object
5632 filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 -object
5633 filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 -object
5634 filter-rewriter,id=rew0,netdev=hn0,queue=all
5636 …``-object filter-dump,id=id,netdev=dev[,file=filename][,maxlen=len][,position=head|tail|id=<id>][,…
5642 …``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread…
5643 Colo-compare gets packet from primary\_in chardevid and
5646 primary packet to out\_dev, else it will notify COLO-framework to do
5652 colo-compare hold the packet. The expired\_scan\_cycle=@var{ms}
5657 notify Xen colo-frame to do checkpoint.
5659 COLO-compare must be used with the help of filter-mirror,
5660 filter-redirector and filter-rewriter.
5667 -netdev tap,id=hn0,vhost=off
5668 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
5669 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off
5670 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off
5671 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off
5672 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
5673 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off
5674 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
5675 -object iothread,id=iothread1
5676 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
5677 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
5678 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
5679 …-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,ioth…
5682 -netdev tap,id=hn0,vhost=off
5683 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
5684 -chardev socket,id=red0,host=3.3.3.3,port=9003
5685 -chardev socket,id=red1,host=3.3.3.3,port=9004
5686 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
5687 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
5693 -netdev tap,id=hn0,vhost=off
5694 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
5695 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off
5696 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off
5697 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off
5698 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
5699 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off
5700 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
5701 -chardev socket,id=notify_way,host=3.3.3.3,port=9009,server=on,wait=off
5702 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
5703 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
5704 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
5705 -object iothread,id=iothread1
5706 …-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,noti…
5709 -netdev tap,id=hn0,vhost=off
5710 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
5711 -chardev socket,id=red0,host=3.3.3.3,port=9003
5712 -chardev socket,id=red1,host=3.3.3.3,port=9004
5713 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
5714 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
5717 read the colo-compare git log.
5719 ``-object cryptodev-backend-builtin,id=id[,queues=queues]``
5723 ``virtio-crypto`` device. The queues parameter is optional,
5727 .. parsed-literal::
5731 -object cryptodev-backend-builtin,id=cryptodev0 \\
5732 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
5735 ``-object cryptodev-vhost-user,id=id,chardev=chardevid[,queues=queues]``
5736 Creates a vhost-user cryptodev backend, backed by a chardev
5738 reference this cryptodev backend from the ``virtio-crypto``
5740 The vhost-user uses a specifically defined protocol to pass
5744 vhost-user, the default of queues is 1.
5746 .. parsed-literal::
5750 -chardev socket,id=chardev0,path=/path/to/socket \\
5751 -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \\
5752 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\
5755 ``-object secret,id=id,data=string,format=raw|base64[,keyid=secretid,iv=string]``
5757 ``-object secret,id=id,file=filename,format=raw|base64[,keyid=secretid,iv=string]``
5766 valid UTF-8 characters, so base64 is recommended for sending
5773 associated with a secret using the AES-256-CBC cipher. Use of
5776 defined secret that contains the AES-256 decryption key. This
5777 key should be 32-bytes long and be base64 encoded. The iv
5780 encrypted string of the 16-byte IV.
5784 .. parsed-literal::
5786 # |qemu_system| -object secret,id=sec0,data=letmein,format=raw
5790 # printf "letmein" > mypasswd.txt # QEMU\_SYSTEM\_MACRO -object
5793 For greater security, AES-256-CBC should be used. To illustrate
5803 # openssl rand -base64 32 > key.b64
5804 # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"')
5812 # openssl rand -base64 16 > iv.b64
5813 # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"')
5822 openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
5828 .. parsed-literal::
5831 -object secret,id=secmaster0,format=base64,file=key.b64 \\
5832 -object secret,id=sec0,keyid=secmaster0,format=base64,\\
5835 …-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,han…
5841 bit (aka the C-bit) is utilized to mark if a memory page is
5842 protected. The ``cbitpos`` is used to provide the C-bit
5843 position. The C-bit position is Host family dependent hence user
5847 physical address space. The ``reduced-phys-bits`` is used to
5849 Similar to C-bit, the value is Host family dependent. On EPYC,
5852 The ``sev-device`` provides the device file to use for
5869 The ``dh-cert-file`` and ``session-file`` provides the guest
5870 owner's Public Diffie-Hillman key defined in SEV spec. The PDH
5875 The ``kernel-hashes`` adds the hashes of given kernel/initrd/
5877 boot with -kernel. The default is off. (Since 6.2)
5881 .. parsed-literal::
5885 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\
5886 -machine ...,memory-encryption=sev0 \\
5889 ``-object authz-simple,id=id,identity=string``
5902 .. parsed-literal::
5906 …-object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,…
5912 ``-object authz-listfile,id=id,filename=path,refresh=on|off``
5946 As with the ``authz-simple`` object, the format of the identity
5953 .. parsed-literal::
5957 -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\
5960 ``-object authz-pam,id=id,service=string``
5972 .. parsed-literal::
5976 -object authz-pam,id=auth0,service=qemu-vnc \\
5980 ``/etc/pam.d/qemu-vnc`` that contains:
5994 …``-object iothread,id=id,poll-max-ns=poll-max-ns,poll-grow=poll-grow,poll-shrink=poll-shrink,aio-m…
6002 reference this IOThread from ``-device ...,iothread=id``.
6006 The ``query-iothreads`` QMP command lists IOThreads and reports
6018 The ``poll-max-ns`` parameter is the maximum number of
6022 The ``poll-grow`` parameter is the multiplier used to increase
6026 The ``poll-shrink`` parameter is the divisor used to decrease
6030 The ``aio-max-batch`` parameter is the maximum number of requests
6034 The IOThread parameters can be modified at run-time using the
6035 ``qom-set`` command (where ``iothread1`` is the IOThread's
6040 (qemu) qom-set /objects/iothread1 poll-max-ns 100000