Watchdog timer hardware requirements for Windows

This hardware reference specification is for engineers who design watchdog timer hardware to operate with the Microsoft Windows Server 2003 operating system.

Conventions

The following conventions are used in this specification.

  • Windows Server 2003. Refers to the Microsoft Windows Server 2003 operating system, including any add-on capabilities and any later versions of the operating system.
  • X86-based system. Refers to a 32-bit microprocessor system based on the Intel Architecture instruction set, capable of running a 32-bit version of Windows Server 2003.

In this specification, features are described as Required or Recommended, as follows:

  • Required. These basic hardware features must be implemented to comply with this hardware reference specification.
  • Recommended. These features add functionality that is supported by Windows Server 2003, but the features are not required for compliance with this hardware reference specification.

Watchdog timer requirements

This section defines specific requirements for watchdog timer capabilities that are provided in a Windows Server 2003 appliance.

  1. Server system includes hardware watchdog timer

    Recommended

    We recommend that systems that run Windows Server 2003 provide a hardware watchdog timer. The watchdog timer hardware counts down from a configurable value and resets or shuts down the system if the count reaches zero. Operating system services periodically restart the timer so that if the operating system, drivers, or services stop functioning, the server system is automatically restarted or shut down.

  2. Watchdog timer hardware meets requirements, if present

    Required

    If a hardware watchdog timer is implemented in a system that runs Windows Server 2003, the hardware must provide the following capabilities:

    1. Operating States. The watchdog timer hardware must support two main operating states, Disabled and Enabled.

      In the Disabled state, the countdown must be stopped and cannot be started by the operating system.

      In the Enabled state, the watchdog timer must support two sub-states, which are Running and Stopped:

      • In the Enabled\Stopped state, the timer must not count down.
      • In the Enabled\Running state, the counter works normally, counting down to zero once triggered.

      All states must be visible to the operating system.

    2. Enabled/Disabled Transition Mechanism. A mechanism for transitioning between the Enabled and Disabled states must be provided. This mechanism must be independent of the operating system; for example, by using either a hardware jumper or a BIOS configuration setting.

    3. Stopped/Running Transition Mechanism. The watchdog timer hardware must provide a mechanism to the operating system for transitioning the hardware between the Enabled\Stopped and Enabled\Running states.

    4. Initial Enabled Sub-state Configuration Mechanism. [Recommended] A mechanism should be provided to configure the initial Enabled\Stopped or Enabled\Running sub-state. If provided, the mechanism must be configurable by using the BIOS setup. If the mechanism is not provided and the watchdog is enabled, the initial configuration must be set to the Enabled\Stopped sub-state.

      We highly recommend that systems provide this mechanism to protect against boot failures. If this mechanism is not provided, the system cannot automatically recover if the system hangs before the operating system enables the watchdog timer driver.

      Note  When it is configured to start in the Enabled\Running state, the BIOS must not trigger the watchdog to start counting until immediately before the BIOS turns control over to the operating system or, in the case of a network boot, to the PXE boot code.

       

    5. Initial Countdown Time Interval Configuration Mechanism. [Recommended] A mechanism should be provided to configure the initial countdown time, which can be configured by using the BIOS setup.

      Note  When the system is powered on, the watchdog's default countdown time interval should be set to a value that is greater than 2 minutes + 2*Tb, where Tb is the time from when the watchdog is started until the Master Boot Record is executed from the disk. This affords enough time for the operating system to boot and take control of the watchdog timer hardware.

       

    6. Countdown Time Range Configuration Method. The watchdog timers hardware must provide to the operating system a method for setting the countdown time to a range of values from 1 second to 511 seconds, with a granularity of one second. This enables the operating system to shut down or restart without the possibility of a watchdog reset occurring during shut down. A wider range of countdown values is allowed, from 1 ms to 65,535 seconds.

    7. Shutdown/Restart Request Mechanism. The watchdog timer hardware must provide a mechanism for the operating system to request to either shut down or restart the machine when the countdown reaches zero. Shutdown is equivalent to a power off by holding the power button for more than four seconds. Restart is equivalent to a system reset (that is, pressing the reset button).

    8. Watchdog Fired Bit. The watchdog timer hardware must provide a bit that indicates that the current restart was caused by the watchdog timer counter reaching zero. The operating system must be able to read and write to this bit. The bit is cleared by a power cycle or by the operating system, and must remain cleared on any restart that is not triggered by the watchdog expiring.

    9. Counter Restart after POST. If the timer is configured to be enabled and running at system boot, the watchdog timer counter must be triggered after the BIOS POST to ensure that the operating system has time to load and boot before the counter reaches zero.

    10. Control/Status Register. The timer must provide a control/status register that conforms to the format in the following table:

      Watchdog Control/Status Register (32 bits)

      Bit Attribute Description
      31-8 RO Reserved. Read as zero.
      7 WO Watchdog Trigger: Setting this bit triggers the watchdog to start a new count interval, counting down from the value that was last written to the Watchdog Count Register. This bit is always read as zero. Setting this bit has no effect if the watchdog is disabled or stopped.
      6-4 RO Reserved. Read as zero.
      3 RO Watchdog Disable: This bit reflects the state of the watchdog timer hardware.

      0=Enable

      1=Disable

      2 R/W Watchdog Action: This bit determines the action to be taken when the watchdog timer expires.

      0=system reset

      1=system power off

      The bit is only valid when the watchdog is enabled.

      1 R/W Watchdog Fired: When set, the watchdog timer expired and caused the current restart. The bit is cleared by writing a 1 to bit 1 in the Watchdog Control register. Writing a 0 has no effect.

      The bit is cleared by a power cycle or by the operating system and it must remain cleared for any restart that is not caused by the watchdog timer firing.

      The bit is only valid when the watchdog is enabled.

      0 R/W Run/Stop Watchdog: This bit is used to control or indicate whether the watchdog is in the Enabled\Running and Enabled\Stopped states.

      1=Watchdog is in the Enabled\Running state

      0=Watchdog is in the Enabled\Stopped state

      If the watchdog is in the Enabled\Stopped state and a 1 is written to bit 0, the watchdog moves to the running state but a count interval is not started until a 1 is written to bit 7.

      If the watchdog is in the Enabled\Running state, writing a 1 to bit 0 has no effect. The bit is only valid when the watchdog is enabled.

       

    11. Count Register. The timer must provide a count register that conforms to the format in the following table.

      Watchdog Count Register (32 bits)

      Bit Attribute Description
      16-31 RO Reserved. Read as zero.
      0-15 R/W Watchdog count data: This defines the countdown time for the counter. A value of zero is reserved. The units are defined in the Units field in the Watchdog Resource Table (WDRT). The maximum value is defined in the Max Count field in the WDRT.

      Reading this register results in the current counter value.

      Writing to the register has no effect until a one is written to the watchdog trigger bit of the Watchdog Control/Status Register.

      These bits are only valid when the watchdog is enabled.

       

    12. Write Complete. Writes to the registers must complete in a single bus clock cycle to avoid race conditions.

  3. Watchdog timer firmware meets requirements, if present

    Required

    If a hardware watchdog timer is implemented in Windows Server 2003, the firmware must provide the following fixed resource table, as defined in the Advanced Configuration and Power Interface (ACPI) Specification, Version 2.0.

    Watchdog Resource Table (WDRT)

    Field Byte length Byte offset Description
    Header Signature 4 0x0 WDRT. Signature for the Watchdog Resource Table.
    Length 4 0x4 Length, in bytes, of entire WDRT.
    Revision 1 0x8 1
    Checksum 1 0x9 Entire table must sum to zero.
    OEMID 6 0xA OEM ID.
    OEM Table ID 8 0x10 For the WDRT, the table ID is the manufacturer model ID.
    OEM Revision 4 0x18 OEM revision of the WDRT for the supplied OEM Table ID.
    Creator ID 4 0x1C Vendor ID of the utility that created the table. For the DSDT, RSDT, SSDT, and PSDT tables, this is the ID for the ASL Compiler.
    Creator Revision 4 0x20 Revision of the utility that created the table. For the DSDT, RSDT, SSDT, and PSDT tables, this is the revision for the ASL Compiler.
    Control Register Address 12 0x24 The address of the Watchdog Control register described using the Generic Address Structure as defined in section 5.2.3.1 of the ACPI 2.0 Specification.
    Note  

    Only System Memory address spaces are allowed (Address_Space_ID= 0).

     
    Count Register Address 12 0x30 The base address of the Watchdog Count register described using the Generic Address Structure as defined in section 5.2.3.1 of the ACPI 2.0 Specification.
    Note  

    Only System Memory address spaces are allowed (Address_Space_ID= 0.

     
    PCI Device ID 2 0x3C Must be 0xFFFF if it is not a PCI device.
    PCI Vendor ID 2 0x3E Must be 0xFFFF if it is not a PCI device.
    PCI Bus Number 1 0x40 PCI Bus Number if table describes a PCI device. Must be 0x00 if it is not a PCI device.
    PCI Device Number 1 0x41 PCI Slot Number if table describes a PCI device. Must be 0x00 if it is not a PCI device.
    PCI Function Number 1 0x42 PCI Function Number if table describes a PCI device. Must be 0x00 if it is not a PCI device.
    PCI segment 1 0x43 PCI segment number. For systems that have fewer than 255 PCI buses, this number must be 0.
    Max Count 2 0x44 Contains the maximum counter value that this watchdog implementation supports.
    Note  

    Max Count must be >=511 and <= 65,535.

     
    Units 1 0x46 Contains the units of the Max Count and Watchdog Count register.

    0x0=1 seconds/count

    0x1=100 milliseconds/count

    0x2=10 milliseconds/count

     

Microsoft Developer Network (MSDN) Professional Subscription

Microsoft Windows Platform Development

Windows hardware certification

Advanced Configuration and Power Interface Specification

Windows Compatibility Center

 

 

Send comments about this topic to Microsoft