[PATCH 1/1] efi_loader: stop watchdogs in ExitBootServices()
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue Nov 9 18:30:41 CET 2021
On 11/9/21 15:54, Michael Walle wrote:
> Am 2021-11-09 15:46, schrieb Mark Kettenis:
>>> From: Michael Walle <michael at walle.cc>
>>> Date: Tue, 9 Nov 2021 15:20:17 +0100
>>>
>>> > The UEFI specification requires for ExitBootServices() that "the boot
>>> > services watchdog timer is disabled". We already disable the software
>>> > watchdog. We should additionally disable the hardware watchdogs.
>>>
>>> What about watchdogs that cannot be stopped? IIRC the IMX SoCs are
>>> like that.
>>
>> You have to hope that your OS takes control of the watchdog quickly
>> enough for the machine not to reset in between. Strictly speaking
>> such a platform can not be fully compliant with the UEFI standard. In
>> practice this doesn't really matter as the OS has to do this quickly
>> enough if you're using a non-UEFI bootpath anyway.
>>
>> Maybe somebody who cares enough can get the UEFI standard amended to
>> handle this scenario. Maybe an interface can be added to the standard
>> to provide more control over the watchdog such that the timeout can be
>> set to a larger value before ExitBootServices() gets called. And add
>> a way to keep the watchdog enabled on SoCs where it can be disabled.
>> Last time this issue came up, someone pointed out that a watchdog that
>> can be turned off isn't a proper watchdog. And indeed, turning the
>> watchdog off when ExitBootServices() gets called means there is a time
>> window where the watchdog isn't running and where the OS could hang
>> forever.
>
> Yeah there was already a disussion [1] about this very specific topic.
> I just noticed there was another one this week.
>
> Anyway, I was just wondering that is just _tries_ to disable it. Or
> if you want to put it another way: the error is just ignored and the
> user will then wonder why the board will do a reset (or not if
> he's lucky).
Stopping the boot process here would not make sense.
Writing out messages from U-Boot while an EFI binary is running is
possible but may mess up the user's screen if the EFI application has
some graphical output. I prefer to keep this silent.
Best regards
Heinrich
>
> -michael
>
> [1] https://lore.kernel.org/u-boot/20200923164527.26894-1-michael@walle.cc/
More information about the U-Boot
mailing list