boot: zephyr: Add watchdog setup/timeout configurability options

Adds Kconfig options for configuring and setting up the watchdog in
MCUboot which follow the Zephyr watchdog driver requirements, these
options can be changed to restore the previous (invalid) MCUboot
watchdog functionality of setting up a watchdog without installing
any timeouts or can, optionally, be wholly replaced out of tree by
overriding the newly introduced weak functions.

Signed-off-by: Jamie McCrae <[email protected]>

Author: thedjnK

boot/zephyr/Kconfig

@@ -1104,21 +1104,6 @@ config MCUBOOT_UUID_CID
 	  Provide an image class identification scheme to prevent processing
 	  images for a different CPU or device produced by the same vendor.
 
-config BOOT_WATCHDOG_FEED
-	bool "Feed the watchdog while doing swap"
-	default y if WATCHDOG
-	default y if SOC_FAMILY_NORDIC_NRF
-	imply BOOT_WATCHDOG_FEED_NRFX_WDT if SOC_FAMILY_NORDIC_NRF
-	help
-	  Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is
-	  used to feed watchdog while doing time consuming operations.
-
-config BOOT_WATCHDOG_FEED_NRFX_WDT
-	bool "Feed the watchdog using NRFX WDT directly"
-	depends on SOC_FAMILY_NORDIC_NRF
-	# for nRF nrfx based implementation is available
-	imply NRFX_WDT
-
 config BOOT_IMAGE_ACCESS_HOOKS
 	bool "Hooks for overriding MCUboot's native routines"
 	help
@@ -1263,6 +1248,60 @@ config MCUBOOT_STORAGE_MINIMAL_SCRAMBLE
 	  Depending on type of device this may be done by erase of minimal
 	  number of pages or overwrite of part of image.
 
+menu "Watchdog configuration"
+
+config BOOT_WATCHDOG_SETUP_AT_BOOT
+	bool "Setup watchdog on boot"
+	depends on WATCHDOG
+	default y
+	help
+	  Will set the watchdog up at boot, if this option is enabled and
+	  CONFIG_BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT is disabled then this is non-compliant
+	  with the Zephyr watchdog driver interface as no timeouts will be installed but is
+	  left as an option as MCUboot has seemingly done this for 6 years prior and it might be
+	  used in configurations where the watchdog is enabled by other images or directly in
+	  hardware.
+
+	  Note that the in-built watchdog functionality in MCUboot can be replaced with custom
+	  logic by overriding the weak symbol functions `mcuboot_watchdog_setup` and
+	  `mcuboot_watchdog_feed`.
+
+config BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT
+	bool "Install watchdog timeout on boot"
+	depends on BOOT_WATCHDOG_SETUP_AT_BOOT
+	default y
+	help
+	  Will set the watchdog up at boot and install a timeout, note that this watchdog will
+	  then need to be continuously fed from the application once it is booted. The Zephyr
+	  watchdog driver might need special configuration or re-init in the application to
+	  allow the application to feed it.
+
+config BOOT_WATCHDOG_TIMEOUT_MS
+	int "Watchdog timeout (ms)"
+	depends on BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT
+	default 300000
+	help
+	  Will setup a timeout for this duration when MCUboot starts. This defaults to a 5 minute
+	  timeout, which is sufficient for most devices to be able to swap an image an boot the
+	  new application which can initialise itself and feed the watchdog before it times out.
+
+config BOOT_WATCHDOG_FEED
+	bool "Feed the watchdog while doing swap"
+	default y if WATCHDOG
+	default y if SOC_FAMILY_NORDIC_NRF
+	imply BOOT_WATCHDOG_FEED_NRFX_WDT if SOC_FAMILY_NORDIC_NRF
+	help
+	  Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is
+	  used to feed watchdog while doing time consuming operations.
+
+config BOOT_WATCHDOG_FEED_NRFX_WDT
+	bool "Feed the watchdog using NRFX WDT directly"
+	depends on SOC_FAMILY_NORDIC_NRF
+	# for nRF nrfx based implementation is available
+	imply NRFX_WDT
+
+endmenu # "Watchdog configuration"
+
 menu "Defaults"
 	# Items in this menu should not be manually set. These options are for modules/sysbuild to
 	# set as defaults to allow MCUboot's default configuration to be set, but still allow it

boot/zephyr/watchdog.c

@@ -17,19 +17,46 @@
 
 BOOT_LOG_MODULE_DECLARE(mcuboot);
 
+/*
+ * Channel of watchdog that is setup and fed, if CONFIG_BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT is
+ * not set then this will remain at the default of 0 but the driver will not have been set up
+ * which is non-compliant with the Zephyr watchdog driver interface but is left as some drivers
+ * may have a hardware (or previously started watchdog) which the driver will automatically read
+ * the configuration of upon driver init.
+ */
+#if defined(CONFIG_BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT) && DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay)
+static int watchdog_channel = 0;
+#endif
+
 __weak void mcuboot_watchdog_setup(void)
 {
-#if defined(CONFIG_WATCHDOG) && DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay)
+#if defined(CONFIG_BOOT_WATCHDOG_SETUP_AT_BOOT) && DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay)
     const struct device *watchdog_device = DEVICE_DT_GET(DT_ALIAS(watchdog0));
 
     if (device_is_ready(watchdog_device)) {
         int rc;
+#if defined(CONFIG_BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT)
+        struct wdt_timeout_cfg wdt_config = {
+                .flags = WDT_FLAG_RESET_SOC,
+                .window.min = 0U,
+                .window.max = CONFIG_BOOT_WATCHDOG_TIMEOUT_MS,
+        };
 
-        rc = wdt_setup(watchdog_device, 0);
+        rc = wdt_install_timeout(watchdog_device, &wdt_config);
 
-        if (rc != 0) {
-            BOOT_LOG_ERR("Watchdog setup failed: %d", rc);
+        if (rc >= 0) {
+            watchdog_channel = rc;
+#endif
+            rc = wdt_setup(watchdog_device, 0);
+
+            if (rc != 0) {
+                BOOT_LOG_ERR("Watchdog setup failed: %d", rc);
+            }
+#if defined(CONFIG_BOOT_WATCHDOG_INSTALL_TIMEOUT_AT_BOOT)
+        } else {
+            BOOT_LOG_ERR("Watchdog install timeout failed: %d", rc);
         }
+#endif
     }
 #endif
 }
@@ -66,7 +93,7 @@ __weak void mcuboot_watchdog_feed(void)
     const struct device *watchdog_device = DEVICE_DT_GET(DT_ALIAS(watchdog0));
 
     if (device_is_ready(watchdog_device)) {
-        wdt_feed(watchdog_device, 0);
+        wdt_feed(watchdog_device, watchdog_channel);
     }
 #endif
 }