On 1/20/26 16:12, Casey Connolly wrote:
On 20/01/2026 11:01, Heinrich Schuchardt wrote:
On 1/20/26 10:33, Mark Kettenis wrote:
From: Casey Connolly <[email protected]>
Date: Mon, 19 Jan 2026 22:09:25 +0100
Hardware watchdogs don't currently get stopped as part of
ExitBootServices, this can result in resets during boot if the OS
doesn't have a driver for the watchdog, or if the driver isn't loaded
in time.
As with the EFI watchdog, stop any hardware watchdogs as well.
This has been discussed before and rejected on the grounds that this
defeats the purpose of the watchdog. I think there was some consensus
that an OS that doesn't have a driver for the watchdog or doesn't load
it in time is broken. Some folks also pointed out that on some
platforms it isn't possible to disable the watchdog.
Ultimately, I think EFI needs an API to control the hardware watchdog,
such that an OS doesn't need a driver.
The hardware watchdog interrupting an OS if it is hanging is intended
behavior. It is required for recovering from a failed capsule update.
Some watchdog timers have a maximum timeout that is too short for
booting (e.g. 16s on some Sunxi boards). To avoid resets these options
are available:
* Set CONFIG_WATCHDOG_AUTOSTART=n.
* Use device-tree property u-boot,noautostart.
* Use the `wdt stop` command in PREBOOT.
Hmm, thanks for the suggestions. I considered doing this in some
platform-specific way, but I don't think it's correct for U-Boot's
default behaviour to leave watchdogs enabled, I haven't gone digging
through the EFI spec but I would imagine it's not EFI compliant either?
I can totally understand why it would be desirable to leave the watchdog
enabled, but I think boards that want/need that should have to opt-in
rather than it being the upstream default.
Would you be ok with adding a new config option:
CONFIG_WATCHDOG_LEAVE_ENABLED or something along those lines? I'd rather
avoid adding platform-specific workarounds to U-Boot's default behaviour
like this.>
Why does CONFIG_WATCHDOG_AUTOSTART=n not work for your specific hardware?
Best regards
Heinrich
Best regards
Heinrich
Signed-off-by: Casey Connolly <[email protected]>
---
Changes in v2:
* Fix compilation when CONFIG_WATCHDOG is disabled.
---
lib/efi_loader/efi_boottime.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/
efi_boottime.c
index ddc935d22409..c34616db578a 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -21,8 +21,9 @@
#include <time.h>
#include <u-boot/crc.h>
#include <usb.h>
#include <watchdog.h>
+#include <wdt.h>
#include <asm/global_data.h>
#include <linux/libfdt_env.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -2263,8 +2264,10 @@ static efi_status_t EFIAPI
efi_exit_boot_services(efi_handle_t image_handle,
efi_update_table_header_crc32(&systab.hdr);
/* Give the payload some time to boot */
efi_set_watchdog(0);
+ if (CONFIG_IS_ENABLED(WDT))
+ wdt_stop_all();
schedule();
out:
if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) {
if (ret != EFI_SUCCESS)
--
2.52.0
