Jump to: navigation, search


OpenRISC is an open source processor architecture. While instruction sets like x86 are proprietary and owned by a single company, OpenRISC is free. Its main use is as a processor on embedded systems.

Build Directions

 ./configure --target-list='or1k-softmmu or1k-linux-user' && make

Full system emulation

To boot linux you can run the following. If you are starting out you can download the OpenRISC test image from Testing/System_Images. The test image may be gzipped, so be sure to gunzip it first.

 gunzip or1k-linux-5.0.gz
 qemu-system-or1k -cpu or1200 -M or1k-sim -kernel or1k-linux-5.0 -serial stdio -nographic -monitor none

Multicore emulation

OpenRISC Linux and QEMU also have support for running with multiple CPU cores. This can be done with the -smp argument as seen in the following commands:

 gunzip or1k-linux-5.0-smp.gz
 qemu-system-or1k -cpu or1200 -M or1k-sim -kernel or1k-linux-5.0-smp -serial stdio -nographic -monitor none -smp cpus=2

Networking emulation

The or1k-sim will wire in an opencore_eth device at address 0x92000000 which can be used when the qemu -net option is provided. This device is supported by the Linux kernel's ethoc Ethernet driver.

The below options can be added to the qemu command line to enable networking.

 -net nic -net tap,ifname=tap0,script=no,downscript=no

Qemu has a default set of networking setup scripts you can use which will create a tunnel device for you, these have been disabled with the above script and downscript command line options. If we disable the qemu startup commands we will need to create our own tun and tap0 devices which can be done with the below commands.

Note, this sets up the tap0 device to be on the network. This matches the static setup found in the test image.

 echo "Setup tun device for QEmu networking, (may need sudo)..." 
 # Make the tap0 dev node if it doesn't exist
 if [ ! -e /dev/net/tap0 ]; then
     sudo true
     sudo mknod /dev/net/tap0 c 10 200
     sudo chown $(whoami) /dev/net/tap0
 # Check that the tap0 network interface exists
 if [ ! -e /sys/class/net/tap0 ]; then
     sudo true
     if sudo which openvpn > /dev/null; then
         sudo openvpn --mktun --dev tap0 --user $(whoami)
     elif sudo which tunctl > /dev/null; then
         sudo tunctl -t tap0 -u $(whoami)
         echo "Unable to find tool to create tap0 device!"
         exit 1
 # Check the tap0 device if configure and up
 if sudo which ifconfig > /dev/null; then
     if ! ifconfig tap0 | grep -q "UP" || ! ifconfig tap0 | grep -q "$IPRANGE.100"; then
         sudo true
         sudo ifconfig tap0 $IPRANGE.100 netmask up
 elif sudo which ip > /dev/null; then
     if ! ip addr show tap0 | grep -q "UP" || ! ip addr show tap0 | grep -q "$IPRANGE.100"; then
         sudo true
         sudo ip addr add $IPRANGE.100/24 dev tap0
         sudo ip link set dev tap0 up
     echo "Unable to find tool to configure tap0 address"
     exit 1

User mode emulation

Using QEMU user mode emulation we can run and debug OpenRISC binaries on your host linux.

 $ cat main.c
 #include <stdio.h>
 int main() {
    printf ("hello\n");
    return 0;
 $ or1k-linux-musl-gcc main.c
 # Here $LDPATH/lib/ is linked to or1k-linux-musl/lib/
 $ qemu-or1k -L $LDPATH ./a.out 

Debugging Tips

For debugging QEMU can listen on a gdb stub port with the below options. Note, you can also use -S with the -gdb option to have QEMU wait for a gdb client connection before starting the boot process.

 -gdb tcp::10001

To get good traces you can also add the following, this will output trace info to the file trace.txt

 -D trace.txt -d in_asm,exec,int,op_opt


Linux booting up Linux command line execution

User mode



Maintainer: Stafford Horne