[PATCH 1/1] efi_loader: stop watchdogs in ExitBootServices()

[Michael Walle]

Am 2021-11-09 15:46, schrieb Mark Kettenis:
>> From: Michael Walle <michael at walle.cc>
>> Date: Tue,  9 Nov 2021 15:20:17 +0100
>> 
>> > The UEFI specification requires for ExitBootServices() that "the boot
>> > services watchdog timer is disabled". We already disable the software
>> > watchdog. We should additionally disable the hardware watchdogs.
>> 
>> What about watchdogs that cannot be stopped? IIRC the IMX SoCs are
>> like that.
> 
> You have to hope that your OS takes control of the watchdog quickly
> enough for the machine not to reset in between.  Strictly speaking
> such a platform can not be fully compliant with the UEFI standard.  In
> practice this doesn't really matter as the OS has to do this quickly
> enough if you're using a non-UEFI bootpath anyway.
> 
> Maybe somebody who cares enough can get the UEFI standard amended to
> handle this scenario.  Maybe an interface can be added to the standard
> to provide more control over the watchdog such that the timeout can be
> set to a larger value before ExitBootServices() gets called.  And add
> a way to keep the watchdog enabled on SoCs where it can be disabled.
> Last time this issue came up, someone pointed out that a watchdog that
> can be turned off isn't a proper watchdog.  And indeed, turning the
> watchdog off when ExitBootServices() gets called means there is a time
> window where the watchdog isn't running and where the OS could hang
> forever.

Yeah there was already a disussion [1] about this very specific topic.
I just noticed there was another one this week.

Anyway, I was just wondering that is just _tries_ to disable it. Or
if you want to put it another way: the error is just ignored and the
user will then wonder why the board will do a reset (or not if
he's lucky).

-michael

[1] 
https://lore.kernel.org/u-boot/20200923164527.26894-1-michael@walle.cc/