[thirdparty/systemd.git] / docs / VM_INTERFACE.md

---
title: VM Interface
category: Interfaces
layout: default
SPDX-License-Identifier: LGPL-2.1-or-later
---

# The VM Interface

Also consult [Writing Virtual Machine or Container
Managers](https://systemd.io/WRITING_VM_AND_CONTAINER_MANAGERS).

systemd has a number of interfaces for interacting with virtual machine
managers, when systemd is used inside of a VM. If you work on a VM manager,
please consider supporting the following interfaces.

1. systemd supports passing immutable binary data blobs with limited size and
   restricted access to services via the `ImportCredential=`, `LoadCredential=`
   and `SetCredential=` settings. These credentials may be passed into a system
   via SMBIOS Type 11 vendor strings, see
   [systemd(1)](https://www.freedesktop.org/software/systemd/man/latest/systemd.html)
   for details. This concept may be used to flexibly configure various facets
   ot the guest system. See
   [systemd.system-credentials(7)](https://www.freedesktop.org/software/systemd/man/latest/systemd.system-credentials.html)
   for a list of system credentials implemented by various systemd components.

2. Readiness, information about various system properties and functionality, as
   well as progress of boot may be reported by systemd to a machine manager via
   the `sd_notify()` protocol via `AF_VSOCK` sockets. The address of this
   socket may be configured via the `vmm.notify_socket` system credential. See
   [systemd(1)](https://www.freedesktop.org/software/systemd/man/latest/systemd.html).

3. The
   [systemd-ssh-generator(8)](https://www.freedesktop.org/software/systemd/man/latest/systemd-ssh-generator.html)
   functionality will automatically bind SSH login functionality to `AF_VSOCK`
   port 22, if the system runs in a VM.

4. If not initialized yet the system's
   [machine-id(5)](https://www.freedesktop.org/software/systemd/man/latest/machine-id.html)
   is automatically set to the SMBIOS product UUID if available and invocation
   in an VM environment is detected.

5. The
   [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)
   and
   [`systemd-stub(7)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html)
   components support two SMBIOS Type 11 vendor strings that may be used to
   extend the kernel command line of booted Linux environments:
   `io.systemd.stub.kernel-cmdline-extra=` and
   `io.systemd.boot.kernel-cmdline-extra=`.

Also see
[smbios-type-11(7)](https://www.freedesktop.org/software/systemd/man/latest/smbios-type-11.html)
for a list of supported SMBIOS Type 11 vendor strings.
Commit	Line	Data
34c6b7d9 LP	1	---
	2	title: VM Interface
	3	category: Interfaces
	4	layout: default
	5	SPDX-License-Identifier: LGPL-2.1-or-later
	6	---
	7
	8	# The VM Interface
	9
	10	Also consult [Writing Virtual Machine or Container
	11	Managers](https://systemd.io/WRITING_VM_AND_CONTAINER_MANAGERS).
	12
	13	systemd has a number of interfaces for interacting with virtual machine
	14	managers, when systemd is used inside of a VM. If you work on a VM manager,
	15	please consider supporting the following interfaces.
	16
	17	1. systemd supports passing immutable binary data blobs with limited size and
	18	restricted access to services via the `ImportCredential=`, `LoadCredential=`
	19	and `SetCredential=` settings. These credentials may be passed into a system
	20	via SMBIOS Type 11 vendor strings, see
	21	[systemd(1)](https://www.freedesktop.org/software/systemd/man/latest/systemd.html)
6e0abf5f	22	for details. This concept may be used to flexibly configure various facets
34c6b7d9 LP	23	ot the guest system. See
	24	[systemd.system-credentials(7)](https://www.freedesktop.org/software/systemd/man/latest/systemd.system-credentials.html)
	25	for a list of system credentials implemented by various systemd components.
	26
	27	2. Readiness, information about various system properties and functionality, as
	28	well as progress of boot may be reported by systemd to a machine manager via
	29	the `sd_notify()` protocol via `AF_VSOCK` sockets. The address of this
	30	socket may be configured via the `vmm.notify_socket` system credential. See
	31	[systemd(1)](https://www.freedesktop.org/software/systemd/man/latest/systemd.html).
	32
	33	3. The
	34	[systemd-ssh-generator(8)](https://www.freedesktop.org/software/systemd/man/latest/systemd-ssh-generator.html)
	35	functionality will automatically bind SSH login functionality to `AF_VSOCK`
	36	port 22, if the system runs in a VM.
	37
	38	4. If not initialized yet the system's
	39	[machine-id(5)](https://www.freedesktop.org/software/systemd/man/latest/machine-id.html)
	40	is automatically set to the SMBIOS product UUID if available and invocation
	41	in an VM environment is detected.
	42
	43	5. The
	44	[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)
	45	and
	46	[`systemd-stub(7)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html)
	47	components support two SMBIOS Type 11 vendor strings that may be used to
	48	extend the kernel command line of booted Linux environments:
	49	`io.systemd.stub.kernel-cmdline-extra=` and
	50	`io.systemd.boot.kernel-cmdline-extra=`.
	51
	52	Also see
	53	[smbios-type-11(7)](https://www.freedesktop.org/software/systemd/man/latest/smbios-type-11.html)
	54	for a list of supported SMBIOS Type 11 vendor strings.