[PATCH 2/2] watchdog: add watchdog behavior configuration

Wolfgang Denk wd at denx.de
Sat Sep 26 10:45:31 CEST 2020 

Dear Heinrich,

In message <81e467f1-aff3-a54d-5f7e-3b8f5390f410 at gmx.de> you wrote:
>
> Chapter 2.3.7 RISC-V Platforms
>
> p. 40
> "The causes of reset could be power-on reset, external hard reset,
> brownout detected, watchdog timer elapse, sleep-mode wakeup, etc., which
> machine-mode UEFI system firmware has to distinguish."

This is possible only if the hardware actually supports such
distinction.  In many cases of actual hardware I've seen a watchdog
reset is just the same as an external hard reset, and brownout
detection does not exist.

 p. 70
> "If LoadImage() succeeds, the boot manager must enable the watchdog
> timer for 5 minutes by using the EFI_BOOT_SERVICES.SetWatchdogTimer()
> boot service prior to calling EFI_BOOT_SERVICES.StartImage(). If a boot
> option returns control to the boot manager, the boot manager must
> disable the watchdog timer with an additional call to the
> SetWatchdogTimer() boot service."
>
> Chapter 7.4 EFI_BOOT_SERVICES.ExitBootServices()
>
> p. 222
> "On success ... the boot services watchdog timer is disabled."
>
> Chapter 7.5 EFI_BOOT_SERVICES.SetWatchdogTimer()
>
> This chapter describes management of the watchdog timer. You can set any
> duration with 1 second resolution. A value of 0 will disable the watchdog.

To me this makes clear that what they are talking about is not a
hardware watchdog, which may not offer such flexibility, but a
software layer (driver) that provides such an API to the underlying
hardware.  Again depending on the capabilities of the actual
hardware.

> p. 223
> "If the watchdog timer expires, the event is logged by the firmware. The

And what if the hardware cannot detect this, for example because the
watchdog is an external chip that just pulls the external reset
line?

> ... The watchdog must be set to a
> period of 5 minutes. ...

Again: here "watchdog" can only mean some software component. Many
hardware watchdogs do not allow for such long timeouts at all.

> Appendix R - Glossary
>
> p. 2444
> Watchdog Time
> An alarm timer that may be set to go off. This can be used to regain
> control in cases where a code path in the boot services environment
> fails to or is unable to return control by the expected path.

Again this does not sound as if they were talking about a specific
hardware watchdog.  All this is about software services only, it
seem.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Egotist: A person of low taste, more interested in  himself  than  in
me.                                                  - Ambrose Bierce

More information about the U-Boot mailing list