# QEMU Plans and Ideas

01110101 01110010

(10 01111001

J0011

0.0111001

en en 100101

00 01101100 0111100

101 01110101 01110010 013

01101110 01101101

10011 00100000 01110100 0

100101 01110010 011

0110 01100101 01110 01100100 00100000 0110111

11 01101110 00100000 011

Linaro

Presented to HPP Arch council meeting: 2022-04-19

### HPP QEMU POR

- Generic HPP QEMU machine
  - $\circ$  default : 4x A53 + 2x M3 + 2x R5
  - $\circ$  command line options to change to M33 or M55
  - MMR based run/stop per core
  - Mailbox IPC HW
  - Selectable boot core
- Does not include adding new cores but should be updated as new cores are available. Core of interest are:
  - R82 & R55
  - Armv8.4 A, Armv9.1 A
- All cores running in TCG
- All cores are Arm based



#### Idea File



### Idea: Asymmetric core performance

- Have different performance levels for different cores
  - BIG.little, 3 GHz A core + 50 MHz M core
- Two levels of difficulty
  - All cores in TCG
  - $\circ$  ~ Some cores in KVM and others in TCG ~
- Today's icount option is not really suitable
  - Disables multicore simulation, only has factor of 2 scaling that applies to all cores
- TCG only
  - Add new instruction count throttle option per core
- TCG + KVM
  - Requires advances in co-existence or advances in multiprocess QEMU
- Pros: Idea promoted by Francois based on conversations with AWS and others
  - Provide a good Automotive simulation
  - Allow some ballpark BIG.little simulation
- Cons:
  - Is the BIG.little good enough?
  - RTOS & control cores tend to run from timer events, is CPU performance important?



#### Idea: Better Generic SOC Simulation

- Create a better generic SOC model
  - Target for vendor neutral demos and examples systems
  - Keep low level firmware honest
  - Modeling a real SOC gets very complex but current models like virt are too simple
- DDR should not work before it is initialized or while in self refresh
  - For ECC DDR, reading a location before it is written should cause a fault
- Peripherals should not work without power and clocks
  - Allow the full power framework to be tested in the abstract
- Peripherals should have firewalls just like real SOCs
  - Firewalls are not just for memory; already exists on for QEMU MCU targets
- A real eMMC emulation
  - and/or secure SPI, UFS
- A eFUSE model
  - Allow the full device commissioning & security flow to be tested
- This is definitinity nice to have, is it more?



## Thank you

110 01111001

11

01110101 01110010

10011 00100000 01110100 0110111

110111 01101000 011001

00100000

