Several days ago the QEMU project announced the launch of the new version 10.1, which comes loaded with a large number of improvements and various new features that enhance this virtualization tool with increasingly solid support for Intel TDX, AMD SEV-SNP, emerging architectures such as RISC-V and experimental environments such as WebAssembly.
QEMU 10.1, one of the most significant advancements coming, is in the area of ​​security. Now, VFIO adds initial support for guest environments that use memory encryption, opening the door to device forwarding on systems protected with Intel TDX (Trusted Domain Extensions) and AMD SEV-SNP (Secure Nested Paging). This enhancement strengthens resistance to host-based tampering and analysis, a key step toward protecting sensitive virtual machines.
In addition, the emulator x86 integrates full support for Intel TDX and allows you to boot protected machines using the IGVM format, unifying security capabilities with those of AMD SEV-SNP.
Another new feature in QEMU 10.1 is the live migration (one of the pillars of QEMU in high availability environments), since It is now possible to use multifd in postcopy mode, which speeds up the process of moving a virtual machine to the destination host while memory blocks are transferred in the background.
Also notable is the improved pre-copying to reduce downtime, and the addition of RDMA migration support over IPv6, expanding compatibility on modern high-speed networks.
QEMU 10.1 introduces a new command in your guest agent, called guest-get-load, which allows you to check the load average on Windows virtual machines. This feature improves the monitoring capabilities of virtualized systems without the need for external tools.
In the graphic field, virtio-gpu adds support for name substitution in EDID, which makes it easier to identify screens in virtual environments and improves the visual experience in complex configurations.
Advances in ARM, RISC-V and LoongArch
Support for alternative architectures continues to grow. In ARM, motherboards were added , the Analog Devices max78000fthr, Meta catalina-bmc and NVIDIA gb200-bmc, along with the emulation of new extensions CPU (FEAT_SME2, ​​FEAT_SME_F16F16, FEAT_SVE2p1, among others). Additionally, the virtual virt platform now supports nested virtualization with KVM, CXL support, and hot-plugging of PCI devices via ACPI.
In the ecosystem RISC-V, QEMU implements the Kunminghu processor emulation and Ziccif extension for atomic instructions, while LoongArch has incorporated emulation of the irqchip interrupt controller at the kernel level.
Another striking advance is the Experimental support for compiling QEMU to WebAssembly (WASM) using Emscripten, which opens the door to running the emulator directly in web browsers.
Among the additional changes, the following stand out: Removal of support for Debian 11 as a host system, reflecting the transition to more up-to-date and maintained environments.
Of the other changes that stand out:
Fixed write checks in pmpcfg in Smepmp MML mode
Endless translation loop on big endian systems fixed.
KVM CSR Fixes
sstc extension fixes
Fix zama16b order in isa_edata_arr
Corrections in profile management
Expand PMP region up to 64
Added missing named functions
RDMA live migration begins to support IPv6
Fix missing TB output stream for ldff_trans
Fixed migration error when aia is set to aplic-imsic
Added riscv_hwprobe entry to the Linux user strace list
Fixed exception type when VU accesses supervisor CSRs
Restrict mideleg/medeleg/medelegh access to hearts in S mode
Restrict midelegh access to hearts in S mode
The use of the built-in AES implementation has been removed for any application other than the TCG instruction emulator. Any other use of AES requires QEMU to be compiled with gcrypt, nettle, or gnutls as the cryptographic providers.
If you are interested in knowing more about it, you can check the details in the full list of changes in the following link