Am 2021-11-09 15:46, schrieb Mark Kettenis:
From: Michael Walle <mich...@walle.cc>
Date: Tue, 9 Nov 2021 15:20:17 +0100
> The UEFI specification requires for ExitBootServices() that "the boot
> services watchdog timer is disabled". We already disable the software
> watchdog. We should additionally disable the hardware watchdogs.
What about watchdogs that cannot be stopped? IIRC the IMX SoCs are
like that.
You have to hope that your OS takes control of the watchdog quickly
enough for the machine not to reset in between. Strictly speaking
such a platform can not be fully compliant with the UEFI standard. In
practice this doesn't really matter as the OS has to do this quickly
enough if you're using a non-UEFI bootpath anyway.
Maybe somebody who cares enough can get the UEFI standard amended to
handle this scenario. Maybe an interface can be added to the standard
to provide more control over the watchdog such that the timeout can be
set to a larger value before ExitBootServices() gets called. And add
a way to keep the watchdog enabled on SoCs where it can be disabled.
Last time this issue came up, someone pointed out that a watchdog that
can be turned off isn't a proper watchdog. And indeed, turning the
watchdog off when ExitBootServices() gets called means there is a time
window where the watchdog isn't running and where the OS could hang
forever.
Yeah there was already a disussion [1] about this very specific topic.
I just noticed there was another one this week.
Anyway, I was just wondering that is just _tries_ to disable it. Or
if you want to put it another way: the error is just ignored and the
user will then wonder why the board will do a reset (or not if
he's lucky).
-michael
[1]
https://lore.kernel.org/u-boot/20200923164527.26894-1-mich...@walle.cc/
