> From: Casey Connolly <[email protected]> > Date: Mon, 19 Jan 2026 22:09:25 +0100 > > Hardware watchdogs don't currently get stopped as part of > ExitBootServices, this can result in resets during boot if the OS > doesn't have a driver for the watchdog, or if the driver isn't loaded > in time. > > As with the EFI watchdog, stop any hardware watchdogs as well.
This has been discussed before and rejected on the grounds that this defeats the purpose of the watchdog. I think there was some consensus that an OS that doesn't have a driver for the watchdog or doesn't load it in time is broken. Some folks also pointed out that on some platforms it isn't possible to disable the watchdog. Ultimately, I think EFI needs an API to control the hardware watchdog, such that an OS doesn't need a driver. > Signed-off-by: Casey Connolly <[email protected]> > --- > Changes in v2: > * Fix compilation when CONFIG_WATCHDOG is disabled. > > --- > lib/efi_loader/efi_boottime.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c > index ddc935d22409..c34616db578a 100644 > --- a/lib/efi_loader/efi_boottime.c > +++ b/lib/efi_loader/efi_boottime.c > @@ -21,8 +21,9 @@ > #include <time.h> > #include <u-boot/crc.h> > #include <usb.h> > #include <watchdog.h> > +#include <wdt.h> > #include <asm/global_data.h> > #include <linux/libfdt_env.h> > > DECLARE_GLOBAL_DATA_PTR; > @@ -2263,8 +2264,10 @@ static efi_status_t EFIAPI > efi_exit_boot_services(efi_handle_t image_handle, > efi_update_table_header_crc32(&systab.hdr); > > /* Give the payload some time to boot */ > efi_set_watchdog(0); > + if (CONFIG_IS_ENABLED(WDT)) > + wdt_stop_all(); > schedule(); > out: > if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { > if (ret != EFI_SUCCESS) > -- > 2.52.0 > >
