[PATCH 1/1] efi_loader: stop watchdogs in ExitBootServices()

Michael Walle michael at walle.cc
Tue Feb 7 16:29:01 CET 2023


>>>>> Honestly, not really? Some good number of SoCs will start the 
>>>>> watchdog
>>>>> in ROM and these are also the ones that don't allow you to turn it 
>>>>> off.
>>>> 
>>>> I hope not, that sounds really risky. How would you debug such a 
>>>> platform?
>>> 
>>> _Every single_ custom piece of industrial (as opposed to 
>>> consumer-grade)
>>> hardware I've worked on as a consultant has had an external,
>>> always-running, gpio-petted watchdog. It's simply just something that
>>> the hardware designers include, and in some cases that's even due to
>>> certification requirements. So an always-running, 
>>> cannot-be-turned-off,
>>> watchdog is a real thing, in real hardware, and if specs don't 
>>> account
>>> for that, well, the spec is just paper, and we can ignore it.
>> 
>> I agree. But on the other hand, you cannot assume or force the OS to
>> have a watchdog driver in the general case - which is as I understand
>> it - one goal of EFI.
>> 
>> Obviously, there are watchdogs that can be disabled and some which
>> cannot. I don't want to argue about the advantages and disadvantages.
>> 
>> For watchdogs which cannot be turned off, we can't really do anything
>> anyway after the handoff to the OS - except increasing its timeout if
>> thats possible.
>> 
>> For watchdogs that can be disabled (and are enabled in u-boot of 
>> course),
>> there seems to be two use-cases:
>>   (1) embedded EFI boot, that is you know exactly what you are 
>> booting, i.e.
>>       self compiled kernel with a watchdog driver
>>   (2) booting a general OS via EFI, think of a debian boot CD for 
>> example.
>> 
>> I agree, that for (1) the watchdog shouldn't be disabled. For (2) you
>> cannot assume the booting OS has a driver for the watchdog, let it be 
>> an
>> older version of a distribution which just haven't the SoC watchdog 
>> driver
>> enabled or maybe because there is no driver for it at all (yet).
>> 
>> Is there a way, to have the watchdog disabled for case (2) while also
>> having the possibity to use bootm/booti/bootz and keep the watchdog
>> enabled? Basically I want the following:
>> 
>> (1) board boots with watchdog enabled
>> (2) u-boot services watchdog
>> (3a) booting embedded linux with booti (watchdog enabled) or
>> (3b) booting generic OS with bootefi (watchdog disabled)
>> 
>> The missing case is booting an embedded linux with bootefi, which
>> would be nice to have. But I don't really see it as a use-case for
>> our board.
>> 
>> -michael
> 
> For SUNXI boards disabling CONFIG_WATCHDOG_AUTOSTART solved the
> problem with the very short maximum expiration time of the watchdog.

I can't follow you here. What "very short maximum expiration time"?
With CONFIG_WATCHDOG_AUTOSTART disabled, the watchdog won't be kicked
by u-boot, right? wdt->running will never be set to true and
wdt_cyclic() will be a noop.

-michael


More information about the U-Boot mailing list