On 27.03.25 10:45, 'Storm, Christian' via EFI Boot Guard wrote: > Hi Jan, > >>>>> In an update scenario, if ustate was just switched from >>>>> INSTALLED=1 to TESTING=2 but the kernel image to be tested >>>>> is not present, reboot to trigger a fallback into the >>>>> original boot path. >>>> >>>> And why do we want or even need this? >>>> >>>> Looks to me like an optimization that will accelerate the reset which >>>> would otherwise have to wait for the watchdog to fire. >>> >>> In a perfect world with perfect firmware shipped, this will just spare you >>> a few seconds waiting for the watchdog to kick in, so a small optimization, >>> you're totally right. However, the assumption of perfectness unfortunately >>> doesn't hold :) >>> >> >> Well, if your watchdog should not work, then a missing or otherwise not >> loading kernel file is only one of the many issues that will leave the >> device stuck in an error state. >> >>> >>>> But your vague description may suggest you are actually fixing a critical >>>> bug. >>> >>> It's a bug, namely on aarch64 + U-Boot with flawed code+configuration where >>> the watchdog is indefinitely fed by U-Boot, so never kicking in, and EFI >>> Boot Guard's error_exit() calling BS→Exit() after having waited a bit >>> results in being dropped to back to U-Boot. >> >> That is a bug - of your U-Boot configuration. U-Boot MUST NOT feed the >> watchdog. >> >>> This patch is a fix to not get dropped back to U-Boot in the particular >>> case described in the commit message. >>> While it's not strictly needed, see your argument above, it does help in >>> exactly this situation and spares you a few seconds on top. >> >> I can only recommend to study our meta-iot2050 for a working reference >> for which your change is really what it is: an optimization ;) > > Yes, understood, acknowledged, and has already been addressed. Anyway, I > think we should consider this patch for merging as it is a (simple) > optimization which is generally applicable, hence it is relevant to upstream > EFI Boot Guard. Incidentally, it also fixes a specific bug which is not > relevant for upstream EFI Boot Guard but may help in considering merging this > patch. >
Then please reword the description accordingly. Jan -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/efibootguard-dev/486fb638-d8a6-4f6d-b8a8-b2bbec996bba%40siemens.com.
