[PATCH 2/2] watchdog: add watchdog behavior configuration
Heinrich Schuchardt
xypron.glpk at gmx.de
Fri Sep 25 15:26:41 CEST 2020
On 25.09.20 15:00, Tom Rini wrote:
> On Fri, Sep 25, 2020 at 01:29:18PM +0200, Heinrich Schuchardt wrote:
>> On 25.09.20 10:36, Wolfgang Denk wrote:
>>> Dear Tom,
>>>
>>> In message <20200924131931.GF14816 at bill-the-cat> you wrote:
>>>>
>>>> I'm talking about the case where we say we've enabled the WDT to
>>>> supervise OS, but then bootefi something and have disabled the watchdog
>>>> (to meet UEFI requirements) but didn't tell the user we've turned off
>>>> the WDT that we had told them is on.
>>>
>>> Any so-called "watchdog" that can be disabled / switched off by
>>> software is not really woth this name. As such, the concept of
>>> disabling a watchdog in software, is misleading at best and should
>>> never ibe implemented.
>>
>> If we want to boot UEFI payloads, we will have to follow the UEFI
>> specification even if we think it is not perfect.
>
> I really really want to know what the UEFI specification says about
> hardware watchdogs. Especially given the push to use a subset of UEFI
> for embedded. Most modern SoCs include a watchdog IP block and it can
> be used for a traditional watchdog and it's also used for reset. Or
> simply must be serviced periodically.
>
The current specification is:
UEFI Specification Version 2.8 (Errata B) (released June 2020)
https://uefi.org/sites/default/files/resources/UEFI%20Spec%202.8B%20May%202020.pdf
Chapter 2.3.7 RISC-V Platforms
p. 40
"The causes of reset could be power-on reset, external hard reset,
brownout detected, watchdog timer elapse, sleep-mode wakeup, etc., which
machine-mode UEFI system firmware has to distinguish."
Chapter 3.1.2 Load Option Processing
p. 70
"If LoadImage() succeeds, the boot manager must enable the watchdog
timer for 5 minutes by using the EFI_BOOT_SERVICES.SetWatchdogTimer()
boot service prior to calling EFI_BOOT_SERVICES.StartImage(). If a boot
option returns control to the boot manager, the boot manager must
disable the watchdog timer with an additional call to the
SetWatchdogTimer() boot service."
Chapter 7.4 EFI_BOOT_SERVICES.ExitBootServices()
p. 222
"On success ... the boot services watchdog timer is disabled."
Chapter 7.5 EFI_BOOT_SERVICES.SetWatchdogTimer()
This chapter describes management of the watchdog timer. You can set any
duration with 1 second resolution. A value of 0 will disable the watchdog.
p. 223
"If the watchdog timer expires, the event is logged by the firmware. The
system may then either reset with the Runtime Service ResetSystem(), or
perform a platform specific action that must eventually cause the
platform to be reset. The watchdog timer is armed before the firmware's
boot manager invokes an EFI boot option. The watchdog must be set to a
period of 5 minutes. The EFI Image may reset or disable the watchdog
timer as needed. If control is returned to the firmware's boot manager,
the watchdog timer must be disabled.The watchdog timer is only used
during boot services. On successful completion of
EFI_BOOT_SERVICES.ExitBootServices() the watchdog timer is disabled."
Appendix R - Glossary
p. 2444
Watchdog Time
An alarm timer that may be set to go off. This can be used to regain
control in cases where a code path in the boot services environment
fails to or is unable to return control by the expected path.
Best regards
Heinrich
More information about the U-Boot
mailing list