Watchdog and proper shutdown

    I'd like to enable runtime watchdog on efusA9 with custom built Linux using Yocto. But when the watchdog is enabled (with nowayout disabled), as confirmed by this kernel and systemd output:


    Code
    1. imx2-wdt 20bc000.wdog: timeout 60 sec (nowayout=0)
    2. [...]
    3. systemd[1]: Hardware watchdog 'imx2+ watchdog', version 0
    4. systemd[1]: Set hardware watchdog to 30s.

    the shutdown stops to work. The board is restarted after 128 seconds. Kernel informs about it at the end of shutdown (issued using poweroff)

    Code
    1. imx2-wdt 20bc000.wdog: Device shutdown: Expect reboot!
    2. [...]
    3. reboot: Restarting system
    4. [wait 128 seconds]
    5. [standard boot follows]

    I'm testing on two systems with following versions:
    Linux 4.1.15+f+s-v3.1, systemd 234
    Linux 4.9.88-F+S, systemd 241


    Relevant watchdog settings in the kernel:

    Code
    1. CONFIG_IMX2_WDT=y
    2. # CONFIG_WATCHDOG_NOWAYOUT is not set

    Is there anything missing or wrongly configured? Thank you.

    I think this is intended behavior. Let me explain.


    When a board is shut down with poweroff, all filesystems are unmounted and all drivers are stopped. Then the system issues a special "Wait for Interrupt" instruction and the SoC will drive a power-off signal. However only a few of our new PicoCore boards are actually capable of shutting down the power as a result to this signal, and this also needs help from the baseboard to actually cut off the power supply. Most F&S boards can not do this, the efusA9 being one of them. So in these cases, the board simply remains in the "Wait for Interrupt" state. If the watchdog is not used, then this state will remain forever, unless you have some other interrupt source active. However if the watchdog is active, then it can not be switched off again. This means the watchdog will trigger an interrupt after some time, which is after 128 seconds in our case (the maximum delay that is possible with the i.MX6 watchdog hardware). If the board would be powered off, then you would never see this interrupt. But as it isn't powered off, the system properly reacts to this interrupt an reboots.


    So if you really want to stop the board, you have to make sure that the board is actually powered off, for example by switching your power supply with a GPIO. Otherwise you will always have a reboot if you have the watchdog active.


    Your F&S Support Team

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

    Quote

    However if the watchdog is active, then it can not be switched off again.

    From highlevel point of view the hardware enforces 'nowayout'. I guess that it is a limitation (?) of i.MX6 SoC. The watchdog might have implement safe stop mechanism (e.g. unlock sequence or password protected write to its registers).


    Anyway, thanks for the explanation. It helped me to confirm the behaviour.