[PATCH v3 0/6] Improved sysreset/watchdog uclass integration

Tue Nov 9 16:09:40 CET 2021

On 09/11/2021 14:34, Heinrich Schuchardt wrote:
> On 11/9/21 15:26, Andre Przywara wrote:
>> On Tue, 9 Nov 2021 08:50:37 -0500
>> Tom Rini <trini at konsulko.com> wrote:
>>
>> Hi,
>>
>>> On Tue, Nov 09, 2021 at 09:00:05AM +0100, Heinrich Schuchardt wrote:
>>>
>>> [snip]
>>
>> thanks for that ;-)
>>
>>>>> I am still puzzled about this, if I read the UEFI spec correctly, the
>>>>> 5 minutes watchdog timer is for EFI applications using boot services?
>>>>> So grub, for instance. But the description of ExitBootServices
>>>>> tells me
>>>>> that the: "boot services watchdog timer is disabled"?
>>>>> So it should not affect Linux booting (after the EFI stub is done)?
>>>>
>>>> Currently we only disable the software watchdog (efi_tpl =
>>>> TPL_HIGH_LEVEL;)
>>>> We should call wdt_stop_all() too. I will create a patch for that.
>>>
>>> Lets use this as a chance to bring up the issue with the relevant part
>>> of the UEFI forum.  Turning off a running watchdog is a bad idea in
>>> places where Arm is pushing SystemReady IR (and I would argue other
>>> specs as well, but..).
>>
>> I think architecturally you have no other chance than turning it
>> off at boot. You do not know what your payload is (Linux? BSD? Xen?
>> homebrew kernel?), which watchdog it is using, or if it's using one at
>> all
>> (no driver). Also for instance sunxi has typically two watchdogs, which
>> one is it that needs petting?
>> And even an opt-in from the EFI application (the kernel's EFI stub)
>> sounds
>> hard, as the Linux EFI stub for instance has no insight into the watchdog
>> configuration, so can't say whether we have a driver or whether that
>> would work (because of a missing firmware table).
>>
>> But it indeed sounds like a rather generic problem, and there might
>> indeed
>> be a solution generic enough for UEFI.
>>
>> Do you have anything in mind?
>>
>> Cheers,
>> Andre
>>
>
> Hello Grant, hello Ozog,
>
> according to the UEFI spec the watchdog should be shut down in
> ExitBootServices(). In an IoT scenario this may not always make sense.
> E.g. if A/B boot fails you want to reset the board to its previous state.
>
> Is this something to discuss in the EBBR context?
> Is there any requirement in SystemReady ES?

There is no requirement in ES as far as I'm aware. Yes, it makes sense
to discuss this w.r.t the EBBR spec. I agree that the watchdog should
not be turned off at EBS() time for most IR class platforms.

g.

>
> Best regards
>
> Heinrich

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.