2020-02-16 12:01 AM
Hello,
I am working with STM32F4 family.
I want to add WDT mechanism to my application as a "safety belt"
I already have devices released for customers, so my question is :
Is it safe to add the WDT mechanism to my application but not to the bootloader?
from few tests I have made, it is working fine , but, just to be sure,
after SW reset the WDT mechanism is disabled. am I right?
2020-02-16 05:09 AM
Having a watchdog enabled is safer than having none.
You must carefully determine the worst-case time for petting the watchdog and find a good place in your app where petting is useful.
There is an option byte bit defining whether the IWDG automatically starts at HW reset or not.
You should check this and study the chapter in the reference manual. If this flag is set, you are right.
Some more general remarks:
When using the watchdog, you might want to check the RCC clock control & status register (RCC_CSR) early after reset, possibly in the bootloader.
If unsusual boot behaviour is detected (e.g. a number of watchdog resets in a row), the bootloader may react (fallback to a known good app or flashing a red LED or ... depending on your application.
Ideally, the watchog should be already running at the end of the bootloader to safeguard the transition from bootloader to app code.