pagename = "qemu-simtecbast" pagedesc = "QEMU - An open source processor emulator (Simtec BAST System Emulation)" >>

An open source processor emulator (Simtec BAST System Emulation)

Bazaar-NG Branch
http://bazaar.launchpad.net/~dsilvers/qemu/simtecbast
Archive version
Knit
Software assumptions
Bazaar-NG (bzr), GCC (3.4), Make, SDL dev libraries. (apt-get build-dep qemu)
Please note that QEMU is an open source processor emulator written for the most part by Fabrice Bellard. It has its own homepage and is not my own project. The QEMU ARM emulation was written by Paul Brook. Some of the work undertaken in producing this system port was sponsored by Simtec Electronics.

The Simtec BAST is a real board you can buy. Block diagram of the BAST with the parts unimplemented in the emulator greyed out. The Simtec BAST is a Samsung S3C2410A based development board. It has a 266MHz ARM 920T core and various peripherals including serial, ethernet and IDE. It is, in essence, a low-powered motherboard which you can fit into a mini-itx case and get an ARM development system up and running.

The QEMU Simtec BAST port which I have been working on provides the following: S3C2410X memory map, including interrupt controller, GPIO, I2C, Serial ports, USB (OHCI), RTC, clock control, SRAM block and sdram controller. (Some of those are stub implementations to keep Linux happy). A Davicom DM9000 Ethernet emulation, Simtec BAST compatible IDE ports, read-only NOR flash and the DM9000's integrated MII PHY. This is enough to get Linux up and running on the emulation with full serial console and working network and disk (indeed it's enough to boot Simtec's proprietary bootloader, although it's important to note that you don't need that to load Linux).

 
REMEMBER: This software is to be considered alpha quality at best. It has many known bugs and goodness knows how many unknown ones. Do not entrust critical data to this but please please have a go and let us know if you run into issues. You can email us at: dsilvers@debian.org and vince@debian.org
 
Known problems with the port as of 2007-04-17 are:

Releases of qemu-simtecbast made so far (more recent first):

If you wish to get the development version of qemu-bast then follow these instructions:

# Assuming you have bzr, gcc, gpg, libsdl etc all installed and set up...
$ bzr get http://bazaar.launchpad.net/~dsilvers/qemu/simtecbast qemu-simtecbast
$ cd qemu-simtecbast
$ ./configure --target-list=arm-softmmu --cc=gcc-3.4 --host-cc=gcc-3.4
$ make
# ... time passes as qemu is built. If all goes well you'll see the following executables:
# ./qemu-img
# arm-softmmu/qemu-system-arm

If you wish to get a released version, please simply fetch the tarball from a release directory linked above and unpack it and continue from the configure line.

To make use of the system emulation you need two things, firstly a Linux kernel and secondly a filesystem to boot. Since an example HD image was over 100M after I bzip2'd it I figured I'd tell you how to make one instead.

QEMU can use a copy-on-write type block device which essentially allocates blocks as it uses them. Unfortunately you can't loopback mount such a beast and I've not got the Debian installer working on the system emulation yet. As such you have to prepare a boggy-standard dd'd block device and I suggest you make a small one to debootstrap onto and once you have a system going properly, you can use qemu-img to prepare a nice copy-on-write drive and transfer the data in your emulated system like you would move HD on any normal box. As such, please ensure you have lots of free disk space (I recommend at least a 200M initial bootstrap drive) and then follow these intructions. I personally use sudo, you can simply use 'su' if you don't want, like or trust sudo.

Firstly we need to fetch and/or build a kernel for your shiny nascent emulated ARM box. The easiest way to do this is to grab the kernel from Simtec's website. Having fetched it we can test that we can at least start a kernel.

# For this I assume you have wget, tar, bzip2, qemu-system-arm all present
$ cd /lotsofspace
$ wget http://www.simtec.co.uk/products/SWLINUX/files/s3c24xx-linux-2.6.18-simtec3.tar.bz2
# Downloads nice pre-built kernel for us
$ tar xfj s3c24xx-linux-2.6.18-simtec3.tar.bz2
# Time passes during unpack
$ $QEMU/arm-softmmu/qemu-system-arm -M simtecbast -kernel linux-2.6.18-simtec3/vmlinuz-2.6.18-simtec3 -append "console=ttySAC0,115200" -nographic
# Now you should see qemu start linux and eventually complain that it lacks a root device
# Press Control+A and then 'x' to exit qemu

Now that we know we have a working emulator, let's start to get a HDD image together.

# I assume you have mkfs.ext3, etc all present and working.
$ cd /lotsofspace
$ dd if=/dev/zero of=arm-hda.img bs=10240 count=20480
# Time passes, depending on your available RAM, etc more or less of it :-)
# If you don't have /dev/loop0 you might need to modprobe loop
# Make the filesystem
$ mkfs.ext3 arm-hda.img
# (it asks if you're sure as it's not a block device, say yes)
# Turn off fscks
$ tune2fs -c 0 -i 0 arm-hda.img
# Mount it somewhere
$ mkdir $(pwd)/rootfs
$ sudo mount -o loop $(pwd)/arm-hda.img $(pwd)/rootfs

For the next stage, I assume that $ROOT is the path to where you want your system to be installed. If you are using a disk image like above, that'll be the "$(pwd)/rootfs" from the last mount.

# For this section I assume $ROOT, the presence of debootstrap, and a mirror.
$ sudo debootstrap --foreign --arch arm --include=ssh sid $ROOT http://www.uk.debian.org/debian/
$ cd $ROOT/dev
# For some reason, debootstrap leaves you without /dev/console
$ sudo mknod console c 5 1
# Also, we need the ttySAC* nodes for the S3C2410 serial ports
$ sudo mknod ttySAC0 c 204 64
$ sudo mknod ttySAC1 c 204 65
$ sudo mknod ttySAC2 c 204 66
$ cd $ROOT
# If you didn't unpack a kernel from Simtec, do your own thing here
$ sudo cp -a $UNPACK/linux-2.4.18-simtec3/lib .
$ cd ..
# If this was a mounted loop, unmount it
$ sudo umount $ROOT

We now have to get the system booted so that we can finish the debootstrap.

# I assume $QEMU $HDAIMG and $KERN
# Note the root is /dev/hda (no partition number)
# If you care, later you can make a qcow image and do it properly from within qemu
$ $QEMU -M simtecbast -nographic -hda $HDAIMG -kernel $KERN -append "root=/dev/hda console=ttySAC0,115200 rw init=/bin/sh"
# Qemu starts, loads linux, runs a while and eventually leaves you with a shell prompt.
# From now on, this interaction is on the newly started serial console
% mount -t proc none /proc
% mount -t sysfs none /sys
% PATH=/bin:/sbin:/usr/bin:/usr/sbin
% export PATH
# This will take at least 30 minutes on a 3.2GHz P4 which is what I test on.
# The creation of the SSH keys should give you a good indication of how fast the emulated box
# will be at raw CPU intensive tasks.
% /debootstrap/debootstrap --second-stage
# Wait for a reasonable period of time while it sets up your shiny new system
% cd /etc
% echo ttySAC0 >> securetty
% echo T0:23:respawn:/sbin/getty -L ttySAC0 115200 vt100 >> inittab
# Debootstrap irritatingly sets the hostname to that of the host even on foreign bootstraps.
# So we reset it now.
% echo my-arm-box > hostname
# If /etc/apt/sources.list isn't right, you may want to poke at it now using 'vi'
# Debootstrap takes the mirror from your host, not the mirror on the cmdline so
# If your machine uses a different mirror you will need to fix it up.
# We need to set up fstab so that the system can boot.
% cat > /etc/fstab <<EOF
/dev/hda / ext3 defaults,errors=remount-ro 0 1
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
EOF
# Now we have a mostly done system, let's see how it does
# And now the classic "I can shutdown cleanly, honest"
% sync;sync;sync
# Press Control-A and then 'x' to exit qemu

And finally you can try booting your shiny new box 

# I assume $QEMU $HDAIMG and $KERN
$ $QEMU -M simtecbast -nographic -hda $HDAIMG -kernel $KERN -append "root=/dev/hda console=ttySAC0,115200 ro"
# Qemu starts and we see the system booting...
# When it boots, log in as root and do 'shutdown -h now'
# When you reach the 'Shutdown: hda' message you can exit qemu

Now you have a working image and kernel, I suggest you back it up, write a script to launch your machine, etc, and once you're ready to continue we'll look at ssh. In order to continue you need to pay careful attention to when the kernel starts. It will try to start an AX88780 (ASIX NIC) which will fail but is likely to consume 'eth0' so your DM9000 (the emulation we support) is likely to be eth1, just pay attention to the kernel boot messages and you'll be fine.

First boot your shiny new box and then set up the /etc/network/interfaces file in the following way.

# The prompt here is your emulated system logged in as root
% cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet dhcp
EOF
# Once that's done, bring up the lo
% ifup lo
# and eth1 interfaces and watch it "just work".
% ifup eth1
Internet Systems Consortium DHCP Client V3.0.4
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

eth1: link up, 10Mbps, half-duplex, lpa 0x0400
Listening on LPF/eth1/00:31:2d:78:81:01
Sending on   LPF/eth1/00:31:2d:78:81:01
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 10.0.2.2
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPACK from 10.0.2.2
bound to 10.0.2.15 -- renewal in 42212 seconds.

What this has done is use QEMU's internal magical DHCP server (it has a magical named too) to give you an IP. QEMU then does some skanky nasty hackery to translate the IP traffic you do into real-world IP traffic without needing root on your box. Just try an apt-get update go on. Also, since we installed ssh you can ssh out. The final coup-de-grace is to be able to ssh in. For that, you need to shut down the emulator box cleanly then exit qemu. Then add to the commandline -redir tcp:2222::22 and restart the emulator. Now if you ssh to port 2222 on your local machine, bingo a way into the emulator remotely.

<<