question

najab avatar image
najab asked

Booting VenusOS in QEMU

A bit of a random question, hopefully someone will have an answer. I managed to brick a Raspberry Pi 3B+ running Venus OS. The problem is that it's at my parent's house which is an eight-hour flight away!

What I want to do is install VenusOS to a new SD card, configure it so that it speaks to VRM and send it to them, but I don't currently have another RasPi on hand.

Has anyone managed to get VenusOS to boot in QEMU? It doesn't need to speak with any external devices, just be able to access the Internet so that I can set it up in VRM.

I've downloaded the latest image file from git and converted it to vhd format. The command line I've been trying is

qemu-system-arm -machine type=raspi2 -m 2048 -hda venus-image-raspberrypi2.vhd

But I get a blank screen for a minute or two and then this error:

Execution cannot continue; stopping here.

qemu-system-arm: Trying to execute code outside RAM or ROM at 0x3f007000
This usually means one of the following happened:

(1) You told QEMU to execute a kernel for the wrong machine type, and it crashed on startup (eg trying to run a raspberry pi kernel on a versatilepb QEMU machine)
(2) You didn't give QEMU a kernel or BIOS filename at all, and QEMU executed a ROM full of no-op instructions until it fell off the end
(3) Your guest kernel has a bug and crashed by jumping off into nowhere

This is almost always one of the first two, so check your command line and that you are using the right type of kernel for this machine.
If you think option (3) is likely then you can try debugging your guest with the -d debug options; in particular -d guest_errors will cause the log to include a dump of the guest register state at this point.

I'm pretty sure it's option 2 on the list, but I'm not entirely sure how to point it to the correct kernel file (I've never used qemu before) - I can mount the .vhd file in Windows and see the files. I think I might have gone a step too far by converting the drive to .vhd!

@Markus if you see this, you had a thread where you got it working, but it doesn't have the command line or steps taken.

Thanks to all.

Raspberry Pi
3 comments
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

najab avatar image najab commented ·

Some progress (possibly).


I used the instructions and files found here: https://azeria-labs.com/emulate-raspberry-pi-with-qemu/ and here https://github.com/dhruvvyas90/qemu-rpi-kernel and get part way through the boot process using this command:

qemu-system-arm -kernel kernel-qemu-4.19.50-buster -cpu arm1176 -m 256 -M versatilepb -serial stdio -append "root=/dev/vda2 rootfstype=ext4 rw" -drive "driver=raw,file=venus-image-raspberrypi2.wic,id=disk0,if=none,index=0"  -device "virtio-blk-pci,drive=disk0,disable-modern=on,disable-legacy=off"  -no-reboot -dtb versatile-pb-buster.dtb

It now gets fairly far through the boot process but dies after /sbin/init is invoked:

input: AT Raw Set 2 keyboard as /devices/platform/amba/amba:fpga/10006000.kmi/serio0/input/input0
rtc-ds1307 0-0068: setting system clock to 2022-06-09 19:24:00 UTC (1654802640)
uart-pl011 101f1000.uart: no DMA platform data
input: ImExPS/2 Generic Explorer Mouse as /devices/platform/amba/amba:fpga/10007000.kmi/serio1/input/input2
EXT4-fs (vda2): mounted filesystem with ordered data mode. Opts: (null)
VFS: Mounted root (ext4 filesystem) on device 254:2.
devtmpfs: mounted
Freeing unused kernel memory: 196K
This architecture does not have kernel memory protection.
Run /sbin/init as init process
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004

CPU: 0 PID: 1 Comm: init Tainted: G        W         4.19.50+ #1
Hardware name: ARM-Versatile (Device Tree Support)
[<c001d230>] (unwind_backtrace) from [<c00190ac>] (show_stack+0x10/0x14)
[<c00190ac>] (show_stack) from [<c0025f14>] (panic+0xc8/0x240)
[<c0025f14>] (panic) from [<c0028444>] (do_exit+0x950/0x9fc)
[<c0028444>] (do_exit) from [<c0028558>] (do_group_exit+0x3c/0xa4)
[<c0028558>] (do_group_exit) from [<c0031c94>] (get_signal+0xdc/0x624)
[<c0031c94>] (get_signal) from [<c0018868>] (do_signal+0xf0/0x498)
[<c0018868>] (do_signal) from [<c0018df4>] (do_work_pending+0xd4/0xec)
[<c0018df4>] (do_work_pending) from [<c000906c>] (slow_work_pending+0xc/0x20)
Exception stack(0xcf823fb0 to 0xcf823ff8)
3fa0:                                     beab0f10 4b182010 4b181edc 0000000e
3fc0: 000309c4 00000000 00000000 00000000 00000000 00000000 00031388 beab0f0c
3fe0: 00000000 beab0ec8 4b150b90 4b151634 20000010 ffffffff
---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
 ]---
random: crng init done

I think the issue is that I've used a generic Raspbian kernel and DTB files, but I'm not sure where to get them for Venus. The config folder in the VFAT partition of the boot image has the line "kernel=u-boot.bin" but that file seems to be too tiny to be an actual kernel (450KiB as opposed to ~4MiB for the Raspbian kernel).

Any pointers happily accepted.


1 Like 1 ·
najab avatar image najab najab commented ·

Still making slow progress. I mount to open the image file and copied the zImage file from the /boot directory and the dtb file and am now using the command

sudo qemu-system-arm -kernel zImage -cpu arm1176 -m 256 -M raspi2 -drive file=venus-image-raspberrypi2.wic,media=disk,format=raw -append "root=/dev/mmcblk0p2 rootwait panic=1 loglevel=8 console=ttyAMA0,115200" -no-reboot -dtb bcm2710-rpi-3-b-plus.dtb -serial stdio

And it starts booting showing the Victron logo so definite forward movement. However, it seems to be unable to mount the root partition:

[    3.734104] Waiting for root device /dev/mmcblk0p2...
[    3.751288] mmc0: host does not support reading read-only switch, assuming write-enable
[    3.752911] mmc0: new SD card at address 4567
[    3.759844] mmcblk0: mmc0:4567 QEMU! 487 MiB
[    3.787962]  mmcblk0: p1 p2
[    3.790878] mmcblk0: p2 size 899184 extends beyond EOD, truncated
[    3.833508] EXT4-fs (mmcblk0p2): bad geometry: block count 449592 exceeds size of device (449536 blocks)
<some skipped lines>
[    3.846749]  driver: mmcblk
[    3.847397]   b301           44842 mmcblk0p1 599d6851-01
[    3.847445] 
[    3.848042]   b302          449536 mmcblk0p2 599d6851-02
[    3.848060] 
[    3.848727] No filesystem could mount root, tried: 
[    3.848760]  ext4
[    3.849225] 
[    3.849755] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(179,2)

So close, but still not working. :(

1 Like 1 ·
Show more comments
2 Answers
cmock avatar image
cmock answered ·

OK, thanks to the info in this thread, I got it to boot (but not to work completely).

Environment: qemu 7.2.5 on Debian, latest venus-image-large-raspberrypi2 from 2012-12-06.

  • loop-mount partition 1 from the image to extract bcm2709-rpi-2-b.dtb
  • loop-mount partition 2, extract /boot/zImage
  • edit /etc/init.d/watchdog (still in partition 2) and insert "exit 0" after the very first line

The watchdog edit disables the watchdog daemon, because that stopped my emulation.

command-line:

qemu-system-arm -kernel zImage -cpu arm1176 -M raspi2b -drive file=venus.img,media=disk,format=raw -append "root=/dev/mmcblk0p2 rootwait panic=1 loglevel=8 console=ttyAMA0,115200" -no-reboot -dtb bcm2709-rpi-2-b.dtb -serial stdio

This boots up and throws me into a shell in both the serial terminal and the GUI; it's probably missing the network connection...

2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

cmock avatar image
cmock answered ·

OK, didn't get the network to run.

The only option (from the drivers there are in VenusOS) is usb-net, but that seems to be half-broken in qemu, enabling it leads to random oopses and panics.

2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.