FPD WDT can be used to reset the APU or the FPD. PMU firmware error management module can configure the error action to be taken when the FPD WDT error occurs. PMU firmware implemented a recovery mechanism for FPD WDT error. This mechanism is disabled by default. The same can be enabled by defining ENABLE_RECOVERY build flag.
The EM module in PMU firmware sets FPD WDT error action as ‘system reset’ when recovery mechanism is not enabled. In this case, PMU firmware doesn't initialize and configure the FPD WDT. It is left for Linux driver to initialize and start the WDT if required. When WDT expires, system restart happens.
When ENABLE_RECOVERY flag is defined and FSBL runs on APU, PMU firmware sets FPD WDT error action as ‘interrupt to PMU’ and registers a handler to be called when this error occurs. In this case, when PMU firmware comes up, it initializes and starts the WDT. It also initializes and sets the timer mode of TTC to interval mode.
PMU firmware configures FPD WDT expiry time to 60 seconds. And if WDT error occurs, PMU firmware gets an interrupt and it calls the registered handler. PMU firmware has a restart tracker structure to track the restart phase and other information for a master. APU and RPU are the masters currently using this structure. Following are its members:
|Master||Master whose restart cycle is to be tracked|
|RestartState||Track different phases in restart cycle|
|RestartScope||Restart scope upon FPD WDT error interrupt|
|WdtBaseAddress||Base address for WDT assigned to this master|
|WdtTimeout||Timeout value for WDT|
|ErrorId||Error Id corresponding to the WDT|
|WdtPtr||Pointer to WDT for this master|
|WdtResetId||Wdt reset ID|
|TtcDeviceId||TTC timer device ID|
|TtcPtr||Pointer to TTC for this master|
|TtcTimeout||Timeout to notify master for event|
|TtcResetId||Reset line ID for TTC|
When WDT error occurs, WDT error handler is called and PMU firmware performs the following:
- It checks if master is APU and error ID is FPD WDT. Then, it checks if restart state is in progress or not. If restart state is not in progress, then it changes the restart state to in progress.
- Later, it restarts the WDT so that the PMU firmware knows when the WDT error is not due to APU application.
- Then, it idles APU by sending an IPI to TF-A through timer interrupt TTC3_0.
Note: This is only true for Linux, and not for bare metal where there is no TF-A.
- If the first restart attempt fails, then PMU firmware escalates restart to either
system-reset or PS-only reset if
ENABLE_ESCALATIONflag is defined. If
ENABLE_ESCALATIONis not defined, PMU firmware restarts the APU. Otherwise, PMU firmware performs the following:
- First, PMU firmware checks if PL is configured or not.
- If PL is configured, PMU firmware initiates PS-only restart. Otherwise, it initiates system-reset.