>>> OK, just missed my first review comment. But we can sort out read/in >>> error handling while factoring out those helpers in-tree. >>> >>> Applied to next. >>> >> Arsalan: >> Appreciate that! Thanks! >> > >Some update after trying out the driver on my new R1505G. The good news: > > - efibootguard detects and configures the watchdog correctly > > - the upstream kernel driver picks up the watchdog - if not, the system > resets after the timeout > Arsalan: I noticed that the other day. The kernel was picking sp5100 driver + our amd_wdt kernel module to get things working. Without the amd_wdt kernel module OR the amdfch_wdt efibootguard driver, the WDT won't work.
>The bad ones: > > - there is no lock-down of the watchdog, and a distro kernel will > simply turn it off until some watchdog service may pick it up again > Arsalan: Yes you're right. However, the kernel driver sp5100 has this nowayout functionality implemented though. Probably a software implementation. So user should be able to enable nowayout using kernel module args. Right? > - the upstream driver only works after efibootguard enabled the > watchdog - likely fixable, though, and likely the reason why the > misunderstanding arose that the kernel does not support this > hardware > >Did you check the specifications for a potential hw-assisted locking / >no-way-out mode? Not having that significantly decreases the value of >this watchdog unfortunately. > Arsalan: I had a conversation with AMD requesting from them the WDT docs, WDT name and upstream status. They said that their team is working on upstreaming this amdfch_wdt driver as we speak. They will not be able to share the docs. They suggested this name "amdfch_wdt" for this WDT. They said that you can use the current code for the driver that AMD has shared with Mentor, and you can merge the latest code once publicly available. The code is expected to be available in Q4 2020. Since I could not get hands on the design docs or manuals for this WDT, unfortunately we would not be able to implement the HW-assisted nowayout at the moment. But workarounds exist! And having this amdfch_wdt implementation in the efibootguard has enough value for now, than not having it at all. >It could be partially mitigated by changing the kernel driver to detect >a running watchdog and avoid turning it off unless explicitly requested. >That what w83627hf_wdt.c does e.g. I have that one on my board as well, >and it also lacks any lock-down support. > Arsalan: I did fix this by removing that line in the amd_wdt kernel module that stops the wdt. With that workaround, things worked fine! -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/1599469709290.68421%40mentor.com.
