🠛
QuantaVirt ›
Configuration Reference
Configuration Reference
QV-CFG-001
Rev 1.0 — January 2026
Complete reference for QuantaVirt VM configuration files. VMs are defined using JSON configuration files that specify CPU topology, memory allocation, storage devices, network interfaces, PQC settings, and boot behavior. All fields are documented with types, defaults, and valid ranges.
Configuration Overview #
VM configuration files are stored in /var/lib/quantavirt/configs/ by default. The configuration is a JSON document validated against the QuantaVirt schema at VM creation time. Configuration files can be created manually, generated by the CLI wizard (quantavirt vm create --interactive), or exported from the GUI.
# Validate a config without creating the VM
quantavirt vm validate --config /path/to/vm.json
# Create VM from config
quantavirt vm create --config /path/to/vm.json
# Export running VM config
quantavirt vm export ubuntu-server --output ubuntu-server.jsonVM Configuration Schema #
Top-level structure of a VM configuration document:
Field Type Required Default Description
namestring ✅ — Unique VM name (1–64 chars, [a-zA-Z0-9_-]) descriptionstring ""Human-readable description uuidstring Auto-generated UUID v4 — auto-generated if omitted cpuobject ✅ — CPU topology and features memoryobject ✅ — Memory allocation and policy devicesobject ✅ — Storage, network, graphics, USB, PCI devices bootobject See below Boot order, firmware type, kernel boot pqcobject See below PQC subsystem configuration migrationobject See below Live migration settings securityobject See below Confidential computing (SEV-SNP/TDX)
CPU Configuration #
Field Type Default Range Description
cpu.countinteger 1 1 – 256 Number of virtual CPUs cpu.modelstring "host"See models CPU model: "host" (passthrough), "qemu64", "EPYC", etc. cpu.featuresarray []— CPUID feature flags: "+aes", "-avx512f", "+rdrand" cpu.topology.socketsinteger 1 1 – 8 Number of CPU sockets presented to guest cpu.topology.coresinteger = count 1 – 128 Cores per socket (count = sockets × cores × threads) cpu.topology.threadsinteger 1 1 – 2 Threads per core (SMT) cpu.pinarray null— vCPU-to-pCPU mapping: [{"vcpu":0,"pcpu":2}] cpu.weightinteger 256 1 – 65535 Scheduler weight (proportional CPU share) cpu.capinteger 0 0 – 100 CPU cap (% of one pCPU); 0 = uncapped cpu.numa_nodeinteger null0 – N Preferred NUMA node for memory and CPU placement
Memory Configuration #
Field Type Default Description
memory.sizestring — RAM allocation: "512M", "2G", "64G". Required. memory.hugepagesboolean falseUse 2MB hugepages for guest RAM (reduces TLB misses) memory.hugepage_sizestring "2M"Hugepage size: "2M" or "1G" memory.balloonboolean falseEnable VirtIO memory balloon (dynamic memory reclaim) memory.max_sizestring = size Maximum memory for hotplug (must be ≥ size) memory.preallocboolean falsePre-allocate all memory pages at VM creation memory.encryptedboolean falseEnable memory encryption (SEV/TDX required)
Storage Devices #
Storage devices are defined in the devices.storage array. Each entry defines a block device presented to the guest.
Field Type Default Description
typestring — Controller: "virtio-blk", "nvme", "ahci", "ide" pathstring — Path to disk image or block device formatstring Auto-detect Image format: "raw", "qcow2", "encrypted" readonlyboolean falsePresent device as read-only mediastring "disk"Media type: "disk" or "cdrom" boot_indexinteger nullBoot priority (lower = higher priority) cachestring "writeback"Cache mode: "none", "writeback", "writethrough", "directsync" iostring "native"I/O backend: "native" (AIO), "threads" queuesinteger 1 Number of I/O queues (VirtIO multi-queue) encryptedboolean falseEnable PQC encryption (ML-KEM wrapped AES-256-GCM) discardboolean falseEnable TRIM/discard support (qcow2 sparse reclaim)
Network Devices #
Field Type Default Description
typestring — NIC type: "virtio-net", "e1000", "e1000e" networkstring "default"Virtual network name to attach to macstring "auto"MAC address — "auto" generates 52:54:00:xx:xx:xx modelstring = type Guest-visible NIC model (for driver matching) queuesinteger 1 Multi-queue count (VirtIO-net; typically = vCPU count) vhostboolean trueUse vhost-net/vhost-user acceleration offloadobject All enabled TCP/UDP checksum offload, TSO, GSO, GRO mtuinteger 1500 Maximum transmission unit (bytes) pqc_tunnelboolean falseEncrypt all traffic with PQC tunnel (ML-KEM + AES-GCM)
Graphics & Console #
Field Type Default Description
devices.console.typestring "virtio-console"Serial console: "virtio-console", "serial" (16550) devices.graphics.typestring "none"GPU: "virtio-gpu", "none" devices.graphics.vnc.listenstring "127.0.0.1"VNC listen address devices.graphics.vnc.portinteger Auto (5900+) VNC port number devices.graphics.vnc.passwordstring nullVNC password (optional, max 8 chars) devices.graphics.virglboolean trueEnable Virgl 3D acceleration (VirtIO-GPU only)
Boot Configuration #
Field Type Default Description
boot.orderarray ["disk"]Boot device priority: "disk", "cdrom", "network" boot.uefiboolean trueUEFI firmware (OVMF); false = SeaBIOS boot.secure_bootboolean falseEnable UEFI Secure Boot (requires uefi: true) boot.kernelstring nullDirect kernel boot — path to vmlinuz boot.initrdstring nullInitramfs path (for direct kernel boot) boot.cmdlinestring nullKernel command line (for direct kernel boot)
PQC Configuration #
Field Type Default Description
pqc.enabledboolean trueEnable PQC subsystem for this VM pqc.backendstring "auto"Backend: "auto", "quac100", "software" pqc.attestation.enabledboolean falseEnable ML-DSA signed attestation reports pqc.attestation.algorithmstring "ML-DSA-65"Signature algorithm: "ML-DSA-44", "ML-DSA-65", "ML-DSA-87" pqc.storage_encryption.enabledboolean falseEncrypt storage with PQC key wrapping pqc.storage_encryption.kemstring "ML-KEM-768"KEM for key wrapping: "ML-KEM-512", "ML-KEM-768", "ML-KEM-1024" pqc.storage_encryption.aeadstring "AES-256-GCM"AEAD cipher: "AES-256-GCM", "ChaCha20-Poly1305"
Hypervisor-Level Settings #
These settings are configured via kernel parameters (boot command line) or the global configuration file /etc/quantavirt/quantavirt.conf, not per-VM JSON.
Setting File Field / Boot Param Default Description
Default scheduler scheduler / sched=credit2Global vCPU scheduler Hugepage pool hugepages / hugepages=autoPre-allocate hugepages API listener api.listen / api=unixManagement API: unix socket or tcp:addr:port Log level logging.level / loglevel=infoHypervisor log verbosity VM storage path storage.default_path/var/lib/quantavirtDefault directory for VM images and configs QUAC 100 mode pqc.quac100 / quac100=autoQUAC 100 detection: auto, on, off
Complete Examples #
Minimal Linux Server
{
"name": "minimal-linux",
"cpu": { "count": 1 },
"memory": { "size": "512M" },
"devices": {
"storage": [{ "type": "virtio-blk", "path": "/var/lib/quantavirt/images/minimal.qcow2" }],
"network": [{ "type": "virtio-net", "network": "default" }],
"console": { "type": "virtio-console" }
}
}High-Performance Database Server
{
"name": "db-server",
"cpu": {
"count": 16,
"model": "host",
"topology": { "sockets": 2, "cores": 4, "threads": 2 },
"pin": [{"vcpu":0,"pcpu":0},{"vcpu":1,"pcpu":1}],
"numa_node": 0
},
"memory": { "size": "64G", "hugepages": true, "hugepage_size": "1G", "prealloc": true },
"devices": {
"storage": [
{ "type": "virtio-blk", "path": "/dev/nvme0n1p4", "format": "raw", "cache": "none", "io": "native", "queues": 16 }
],
"network": [
{ "type": "virtio-net", "network": "internal", "queues": 16, "vhost": true, "mtu": 9000 }
]
}
}PQC-Secured Confidential VM
{
"name": "confidential-vm",
"cpu": { "count": 4, "model": "EPYC" },
"memory": { "size": "8G", "encrypted": true },
"devices": {
"storage": [
{ "type": "virtio-blk", "path": "/var/lib/quantavirt/images/confidential.qcow2", "encrypted": true }
],
"network": [
{ "type": "virtio-net", "network": "secure", "pqc_tunnel": true }
]
},
"pqc": {
"enabled": true,
"backend": "quac100",
"attestation": { "enabled": true, "algorithm": "ML-DSA-87" },
"storage_encryption": { "enabled": true, "kem": "ML-KEM-1024", "aead": "AES-256-GCM" }
},
"security": {
"type": "sev-snp",
"policy": { "debug": false, "migrate": false, "single_socket": true }
}
}