On Tue, Jan 20, 2026 at 04:12:27PM +0100, Casey Connolly wrote: > > > On 20/01/2026 11:01, Heinrich Schuchardt wrote: > > On 1/20/26 10:33, Mark Kettenis wrote: > >>> From: Casey Connolly <[email protected]> > >>> Date: Mon, 19 Jan 2026 22:09:25 +0100 > >>> > >>> Hardware watchdogs don't currently get stopped as part of > >>> ExitBootServices, this can result in resets during boot if the OS > >>> doesn't have a driver for the watchdog, or if the driver isn't loaded > >>> in time. > >>> > >>> As with the EFI watchdog, stop any hardware watchdogs as well. > >> > >> This has been discussed before and rejected on the grounds that this > >> defeats the purpose of the watchdog. I think there was some consensus > >> that an OS that doesn't have a driver for the watchdog or doesn't load > >> it in time is broken. Some folks also pointed out that on some > >> platforms it isn't possible to disable the watchdog. > >> > >> Ultimately, I think EFI needs an API to control the hardware watchdog, > >> such that an OS doesn't need a driver. > > > > The hardware watchdog interrupting an OS if it is hanging is intended > > behavior. It is required for recovering from a failed capsule update. > > > > Some watchdog timers have a maximum timeout that is too short for > > booting (e.g. 16s on some Sunxi boards). To avoid resets these options > > are available: > > > > * Set CONFIG_WATCHDOG_AUTOSTART=n. > > * Use device-tree property u-boot,noautostart. > > * Use the `wdt stop` command in PREBOOT. > > Hmm, thanks for the suggestions. I considered doing this in some > platform-specific way, but I don't think it's correct for U-Boot's > default behaviour to leave watchdogs enabled, I haven't gone digging > through the EFI spec but I would imagine it's not EFI compliant either?
We've had some long discussions about this in the past. It's very much intentional that U-Boot leaves watchdogs running. As Heinrich noted (and is a summary of the older threads) some hardware doesn't even let you disable a watchdog. But it otherwise defeats the purpose of one to turn it off. Part of my feedback before was that the EFI spec needs to be addressed if it can't handle this correctly. -- Tom
signature.asc
Description: PGP signature
