If you don’t want to miss my updates, remember to check the public account in the upper right corner and mark it as a star. Take down the stars and give them to me!
QEMU is familiar to anyone involved in embedded development. Recently, it has been widely discussed in various groups, and saying it is a Linux tool is no exaggeration. It is a well-known and open-source emulator (official website: https://www.qemu.org/), capable of running on an X86 PC (it can actually run on your Arm development board, but we won’t discuss that scenario today). It can simulate various CPUs and development boards such as Arm, MIPS, RISC-V, as well as various peripherals like network cards, sound cards, keyboards, sdcard, emmc, usb and more.
You can think of it as a development board that can be summoned at will, running software and operating systems like U-Boot, Linux Kernel, or even Ubuntu.
Sometimes we want to experience the latest mainline U-Boot or Linux Kernel, but find that we don’t have the appropriate board on hand, or the board we have is running an older version of U-Boot and Linux Kernel. In these cases, QEMU can quickly fulfill that wish.
I’m Andy, a Linux kernel developer. I am currently engaged in the porting and optimization of Linux systems on Arm chips and have contributed numerous patches to the u-boot and linux kernel open-source communities. From Cortex-M3 to Arm64, RT-Thread to Linux kernel, hacking is endless fun. Invited by Darwin to share this great article with embedded development enthusiasts, you can follow my public account: HackforFun for more of my articles.
Next, I will guide everyone to experience the power and fun of QEMU: A step-by-step tutorial on running an Arm CPU-based Linux system in Ubuntu using QEMU.
We are installing the Arm version of QEMU. If you directly install it using the command sudo apt install qemu-system-arm on Ubuntu, you will get an older version of QEMU. It’s best to compile it from source.
I found that the default installed QEMU on Ubuntu 18.04 cannot start in graphical mode (without the -nographic parameter).
After successfully compiling according to the above steps, you will get: qemu-system-arm and qemu-system-aarch64.
The former is used to simulate 32-bit Arm CPUs, such as Arm9 / Arm11, Cortex-A7/A9/A15.
The latter is used to simulate 64-bit Arm CPUs, such as Arm Cortex A53, A57.
You can use the command qemu-system-arm -machine help to see the supported development boards:
Many familiar development boards are included, such as i.MX and EXYNOS.
Here we will use the vexpress-a9 development board. The vexpress-a9 is a 4-core Cortex-A9 development board designed by Arm, and both U-Boot and Linux Kernel have full support for this board.
Step 1: Download U-Boot code:
git clone https://gitlab.denx.de/u-boot/u-boot.git
After downloading, you can see the configuration files for this development board in the configs directory:
Step 2: Compile
make vexpress_ca9x4_defconfig make CROSS_COMPILE=arm-linux-gnueabihf- all
The final compilation generates an elf format executable file u-boot and a pure binary file u-boot.bin, of which the elf format executable file u-boot can be started by QEMU.
To start an Arm Linux system, there are generally three essential components: Bootloader, Linux Kernel, and rootfs (root file system).
In the past, creating rootfs was a complicated task: cross-compiling busybox, manually creating standard Linux system directories, and copying the various files and libraries generated by compiling busybox. If additional modules were needed, they would need to be cross-compiled as well. If a certain module depended on other libraries, one would have to figure out how to resolve those dependencies. Finally, device nodes would need to be manually created, and corresponding permissions set. Each step had to be done correctly; otherwise, one might encounter inexplicable issues during startup.
After the emergence of the Buildroot project, as its slogan goes: Making Embedded Linux Easy, building rootfs became much easier. As one of my group friends said:
“Since I started using Buildroot, I have bid farewell to the barbaric life of manual labor. The era of customizing file systems, needing to download source code for any tools, cross-compiling, and being overwhelmed by various library issues is gone forever.”
git clone git://git.buildroot.net/buildroot
The Buildroot code repository only contains a compilation framework by default, so the code size is small and downloads quickly. The various code packages needed to build rootfs are downloaded based on your configuration options during compilation.
Buildroot provides a menuconfig configuration interface similar to mainstream open-source projects like U-Boot and Linux Kernel. You can query the various supported commands by executing make help:
Developers can simply execute the make menuconfig command to select the various components they need and customize their rootfs through this familiar interface:
The first configuration is the Target options:
Most Arm systems are little-endian, so select little endian.
The CPU of this development board is Cortex-A9. We will use Linaro GCC for compilation, and Linaro’s GCC has hardfloat support enabled by default, so select VFP extension and EABIhf.
For information on installing the cross-compilation tool Linaro GCC, refer to the previous article:Once Done with Arm Linux Cross-Compilation.
The first option sets the save path for the final generated configuration file. Buildroot can generate specific defconfig files for different boards, which are saved in the configs directory by default.
After modifying various configurations, execute the make savedefconfig command to generate a new defconfig file:
Before the next compilation, you can directly execute the make ca9_mini_defconfig command to load the existing configuration.
The second option sets the storage path for various third-party packages downloaded by Buildroot, which is by default in the dl directory:
Since I am using the toolchain installed on my computer, we will select External toolchain and Custom toolchain
Then fill in the location of the toolchain installed on your computer in the Toolchain path. If you don’t know the exact location, use the which command to check:
Also, make sure not to write the prefix for Toolchain prefix incorrectly.
Set the version of the toolchain and the kernel version for the kernel headers corresponding to this toolchain:
We can find the version of the toolchain based on the toolchain name or by running arm-linux-gnueabihf-gcc -v command.
How do we find out the kernel version for the kernel headers corresponding to the toolchain?
When we press the h key on this option, we will see the help options below:
It turns out that this version can be found in the version.h file inside the toolchain:
arm-linux-gnueabihf/libc/usr/include/linux/version.h
263680 in hexadecimal corresponds to 0x40600, right-shifting 16 bits gives the version number 4. This explains the 4.0.x version.
Here’s a little tip: When we are configuring with make menuconfig and encounter options we do not understand, we can press h on that option to see useful help information that further explains that option.
Since the console name for the vexpress_a9 kernel startup is ttyAMA0, we also need to configure the TTY Port in the option System configuration->Run a getty(login prompt) after boot to ttyAMA0. Otherwise, you will not be able to enter the console after the file system is mounted.
We will link the compiled rootfs with the Linux Kernel in the form of initramfs. To keep the root file system image as small as possible, we can use lz4 compression for the file system, so the Filesystem images need to be configured as follows:
At this point, a minimal Buildroot configuration is complete.
If you need other commands or tools, you can enable them under Target Packages:
If a certain module you need is not available in Buildroot, you can add it yourself:
For example, by adding the above patch, Buildroot can automatically download and compile https://github.com/rockchip-linux/io.git during compilation.
Exit and execute the make command to start the compilation.
During the Buildroot compilation process, various required packages will be automatically downloaded over the network, so ensure that your internet connection is stable.
After compilation, the output will be as shown in the following image:
git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
The Linux mainline has already supported the vexpress_a9 board:
In this context, ca is an abbreviation for Cortex-a, so ca9 refers to Cortex-A9, and ca15 refers to Cortex-A15.
Copy the previously compiled rootfs.cpio.lz4 from Buildroot to the root directory of the Linux kernel:
cp ../buildroot/output/images/rootfs.cpio.lz4 . make ARCH=arm vexpress_defconfig
Execute the make ARCH=arm menuconfig command to modify some basic configurations:
In the General setup->Initramfs source file option, fill in rootfs.cpio.lz4, which is the rootfs we copied from Buildroot. We will compile it together with the kernel. Of course, the rootfs can also be treated as a separate file and placed in an independent partition for loading, which we can try later.
In the Kernel hacking->printk and dmesg options section, select the first option so that the printed kernel log will include timestamp information, making it more readable.
Exit, save, and then compile:
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- -j8
If you encounter any errors during the compilation of the Linux kernel or U-Boot, you can refer to my previous article:The Compilation of Linux Kernel and U-Boot.
As mentioned earlier, QEMU can simulate peripherals like SD cards. We will place the compiled firmware on a simulated SD card module and allow QEMU to boot the Linux system from this SD card:
◆ Create an SD card image and format it to FAT:
dd if=/dev/zero of=sd.img bs=4096 count=4096 mkfs.vfat sd.img
◆ Copy the compiled kernel zImage and dtb files to sd.img
sudo mount sd.img /mnt/ -o loop, rw sudo cp arch/arm/boot/zImage /mnt/ sudo cp arch/arm/boot/dts/vexpress-v2p-ca9.dtb /mnt/ sudo umount /mnt
sudo qemu-system-arm -M vexpress-a9 -m 512M -kernel ../uboot-imx/u-boot -nographic -sd sd.img
The -M parameter specifies that the board to boot is vexpress-a9.
The -m parameter specifies the memory of this board as 512MB.
The -kernel parameter specifies the program to be executed first when QEMU starts, which we have set to the previously compiled u-boot executable.
The -sd parameter specifies the sd.img we created earlier.
Since we are starting from the command line, we added the nographic parameter.
You can see that u-boot has successfully started and entered the command line. Next, we will start the Linux Kernel.
◆ First, use the fatload command to load the zImage and dtb files from sd.img into the board’s memory:
fatload mmc 0:0 0x62008000 zImage fatload mmc 0:0 0x64008000 vexpress-v2p-ca9.dtb
The addresses 0x62008000 and 0x64008000 correspond to the loading addresses of zImage and dtb files in memory. How are these addresses determined?
In the Linux Kernel, there is a definition:
This textofs definition corresponds to the memory offset address for executing the Linux kernel zImage, with a default offset of 0x8000.
In the u-boot command line, you can enter the bdinfo command to check the starting address of the memory on this development board:
You can see that the starting address of this development board’s memory is actually 0x60000000, so the corresponding starting address for the kernel is: 0x62008000.
The loading address for dtb has no special requirements; generally, it just needs to avoid overlapping with the Linux Kernel Image.
◆ Start the Linux Kernel using the bootz command:
bootz 0x62008000 - 0x64008000
After starting, entering root will give you access to the command line console.
At this point, we have successfully run Arm Linux on QEMU.
Can QEMU Completely Replace Development Boards?
QEMU is an emulator, and it does have certain differences from real development boards:
It cannot fully simulate real hardware behavior and it is challenging to simulate a GPIO for toggling or lighting an LED, or to simulate DRAM, an LCD interface to connect a display…. It seems there are many things it cannot simulate, so what is its use?
Its strengths lie in simulating scenarios that do not involve specific hardware peripherals, such as:
If you want to quickly experience the latest u-boot and Linux kernel, it can run them right away.
If you want to run trendy Linux distributions like Ubuntu or Debian on Arm, it can do that.
If you want to study the boot process of u-boot or Linux kernel, it is also very suitable. Sometimes, when I am porting the Linux kernel on a specific development board and find that a certain process behaves abnormally, I directly use QEMU to run it for comparison.
If you want to understand the file system mounting process, it is very suitable.
If you want to learn Arm assembly, you can run it on QEMU and single-step debug with GDB.
If you want to learn about the Linux device tree, it can be used for experimentation….
Or if you want to compile an open-source project to run on an Arm development board, and cross-compilation is challenging, you might consider running an Arm Ubuntu directly on QEMU, which may be much simpler.
If you have been working with microcontrollers and hardware and want to experience Arm Linux development, trying it out on QEMU is perfect. In the right scenarios, QEMU is a powerful tool that can be summoned at will!
Electric Competition Series | Artificial Intelligence | Graduate School Entrance Exam | Job Hunting
Must-Know Knowledge Points | Graduation Project | Switching Power Supply
We are Nimo, the founder of Darwin, a lady who only talks technology and not romance. The Darwin online education platform aims to serve professionals in the electronics industry, providing training videos that cover popular topics in various niche fields such as embedded systems, FPGA, artificial intelligence, etc. Customized, layered learning content is tailored to different audiences, such as commonly used knowledge points, disassembly assessments, electric competitions/intelligent vehicles/graduate entrance exams, etc. Welcome to follow.
Official website: www.darwinlearns.com
Bilibili: Darwin
QQ group: 786258064
