diff mbox series

[isar-cip-core,3/3] x86: Harden watchdog settings

Message ID 47f5c4c4904d2759cee134f4cd150c1c38fa8cf2.1688630668.git.jan.kiszka@siemens.com (mailing list archive)
State Accepted
Headers show
Series Service watchdog in initramfs-crypto-hook, harden watchdog settings | expand

Commit Message

Jan Kiszka July 6, 2023, 8:04 a.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

These ensure that the watchdog is only starting to be services by
systemd, not yet by the kernel itself right after probing. This is
needed in order to catch lock-ups in the initramfs userspace.

While at it, turn the iTCO - where used - into no-way-out mode, making
things even more robust.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
 wic/x86-efibootguard.wks.in                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 5c411161..12fa45f0 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -7,4 +7,4 @@  part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}
 part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
 part /var  --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var  --fstype=ext4 --label var  --align 1024 --size 2G
 
-bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk panic=5"
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 panic=5"
diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
index 24b43873..38ad4117 100644
--- a/wic/x86-efibootguard.wks.in
+++ b/wic/x86-efibootguard.wks.in
@@ -11,4 +11,4 @@  part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}
 part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024  --size 1G --extra-space=100M 
 part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024  --size 2G --extra-space=100M
 
-bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 "