QEMU Emulator

[中文]

Espressif maintains a fork of the QEMU emulator with support for ESP32-S3. This fork implements emulation of the CPU, memory, and several peripherals of ESP32-S3. For more information about QEMU for ESP32-S3, see the QEMU README documentation.

idf.py allows for running and debugging applications in QEMU. This is a convenient way to test applications without having to flash them to real hardware.

Prerequisites

To use QEMU with idf.py, you first need to install the above-mentioned fork of QEMU. ESP-IDF provides pre-built binaries for x86_64 and arm64 Linux and macOS, as well as x86_64 Windows. Before you use the pre-built binaries on Linux and macOS platforms please install system dependencies:

  • Ubuntu and Debian:

sudo apt-get install -y libgcrypt20 libglib2.0-0 libpixman-1-0 libsdl2-2.0-0 libslirp0
  • CentOS:

sudo yum install -y --enablerepo=powertools libgcrypt glib2 pixman SDL2 libslirp
  • Arch:

sudo pacman -S --needed libgcrypt glib2 pixman sdl2 libslirp
  • macOS:

brew install libgcrypt glib pixman sdl2 libslirp

Then install the pre-built binaries with the following command:

python $IDF_PATH/tools/idf_tools.py install qemu-xtensa qemu-riscv32

After installing QEMU, make sure it is added to PATH by running . ./export.sh in the IDF directory.

If you are using a different platform, you need to build QEMU from source. Refer to official QEMU documentation for instructions.

Usage

Running an Application

To run an IDF application in QEMU, use the following command:

idf.py qemu monitor

This command builds the application, starts QEMU and opens IDF monitor, and connects IDF Monitor to the emulated UART port. You can see the console output of the application and interact with it. IDF Monitor also provides automatic decoding of panic backtraces and UART core dumps.

Debugging

To debug an application in QEMU, use the following command:

idf.py qemu gdb

This command builds the application, starts QEMU with the GDB server enabled, and opens an interactive GDB session. You can use GDB to debug the application as if it was running on real hardware.

To see console output while debugging in QEMU, use two terminals.

  • In the first terminal, run:

    idf.py qemu --gdb monitor
    

    This command starts QEMU and IDF Monitor, and tells QEMU to wait for a GDB connection.

  • In the second terminal, run:

    idf.py gdb
    

    This command starts an interactive GDB sessions and connects it to QEMU. You can now debug the application, and the console output will be visible in the first terminal.

It is also possible to run QEMU without the IDF Monitor:

idf.py qemu

In this case, the IDF Monitor is not used, and you can interact with QEMU process directly. To switch between the emulated UART console and QEMU console ("QEMU monitor"), use Ctrl-A shortcut. For example, to exit QEMU, press Ctrl-A, then type q and press Enter. You can use the QEMU console to enter commands, such as for inspecting registers and memory.

Graphics Support

QEMU supports a virtual framebuffer device. This device doesn't exist in the real ESP32-S3 hardware, but it can be used to test graphics applications in QEMU.

To launch QEMU with a virtual framebuffer device enabled, use the following command:

idf.py qemu --graphics monitor

When the --graphics option is used, QEMU opens an additional window where the framebuffer contents are displayed.

To use the virtual framebuffer device in your application, you can add the espressif/esp_lcd_qemu_rgb component to your project. This component provides an esp_lcd compatible driver for the virtual framebuffer device.

Efuse Emulation

QEMU supports emulation of eFuses. This can be a convenient way to test security-related features, such as secure boot and flash encryption, without having to perform irreversible operations on real hardware.

You can use idf.py eFuse-related commands to program eFuses. When you run any of these commands together with qemu command, the eFuses are programmed in QEMU, and the qemu_efuse.bin file is updated. For example,

idf.py qemu efuse-burn SPI_BOOT_CRYPT_CNT 1
idf.py qemu efuse-burn-key BLOCK my_flash_encryption_key.bin KEYPURPOSE

For details regarding the BLOCK and KEYPURPOSE, please refer to the Flash Encryption guide.

To dump the eFuse summary, please use the following command:

idf.py qemu efuse-summary

By default, the values of eFuses are read from and written to the qemu_efuse.bin file in the build directory. You can specify a different file using the --efuse-file option. For example,

idf.py qemu --efuse-file my_efuse.bin efuse-burn SPI_BOOT_CRYPT_CNT 1
idf.py qemu --efuse-file my_efuse.bin monitor

Specifying Flash Image

By default, QEMU uses the qemu_flash.bin file in the build directory as the flash image. This file is generated based on the information available about the project from the flash_args file present in the build directory. If you want to use a different flash image file, you can specify it using the --flash-file option. For example,

idf.py qemu --flash-file my_flash.bin monitor

The provided flash image must meet the following requirements for proper emulation:

  • The flash file size matches the value specified by CONFIG_ESPTOOLPY_FLASHSIZE in the project configuration.

  • The flash file includes all required binaries, such as the bootloader, partition table, and application firmware, placed at their respective memory offsets.

Emulating Secure Boot

QEMU supports emulation of secure boot v2 scheme. Please keep CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT enabled to include signed bootloader image into the QEMU image artifact.


Was this page helpful?