ESPHome 2026.3.0-dev
Loading...
Searching...
No Matches
safe_mode.cpp
Go to the documentation of this file.
1#include "safe_mode.h"
2
3#include "esphome/core/application.h"
4#include "esphome/core/hal.h"
5#include "esphome/core/log.h"
6#include "esphome/core/util.h"
7
8#include <cerrno>
9#include <cinttypes>
10#include <cstdio>
11
12#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
13#include <esp_ota_ops.h>
14#include <esp_system.h>
15#endif
16
17namespace esphome::safe_mode {
18
19static const char *const TAG = "safe_mode";
20
21void SafeModeComponent::dump_config() {
22 ESP_LOGCONFIG(TAG,
23 "Safe Mode:\n"
24 " Successful after: %" PRIu32 "s\n"
25 " Invoke after: %u attempts\n"
26 " Duration: %" PRIu32 "s",
27 this->safe_mode_boot_is_good_after_ / 1000, // because milliseconds
28 this->safe_mode_num_attempts_,
29 this->safe_mode_enable_time_ / 1000); // because milliseconds
30#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
31 const char *state_str;
32 if (this->ota_state_ == ESP_OTA_IMG_NEW) {
33 state_str = "not supported";
34 } else if (this->ota_state_ == ESP_OTA_IMG_PENDING_VERIFY) {
35 state_str = "supported";
36 } else {
37 state_str = "support unknown";
38 }
39 ESP_LOGCONFIG(TAG, " Bootloader rollback: %s", state_str);
40#endif
41
42 if (this->safe_mode_rtc_value_ > 1 && this->safe_mode_rtc_value_ != SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
43 auto remaining_restarts = this->safe_mode_num_attempts_ - this->safe_mode_rtc_value_;
44 if (remaining_restarts) {
45 ESP_LOGW(TAG, "Last reset too quick; invoke in %" PRIu32 " restarts", remaining_restarts);
46 } else {
47 ESP_LOGW(TAG, "SAFE MODE IS ACTIVE");
48 }
49 }
50
51#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
52 const esp_partition_t *last_invalid = esp_ota_get_last_invalid_partition();
53 if (last_invalid != nullptr) {
54 ESP_LOGW(TAG, "OTA rollback detected! Rolled back from partition '%s'", last_invalid->label);
55 ESP_LOGW(TAG, "The device reset before the boot was marked successful");
56 if (esp_reset_reason() == ESP_RST_BROWNOUT) {
57 ESP_LOGW(TAG, "Last reset was due to brownout - check your power supply!");
58 ESP_LOGW(TAG, "See https://esphome.io/guides/faq.html#brownout-detector-was-triggered");
59 }
60 }
61#endif
62}
63
64float SafeModeComponent::get_setup_priority() const { return setup_priority::AFTER_WIFI; }
65
66void SafeModeComponent::mark_successful() {
67 this->clean_rtc();
68 this->boot_successful_ = true;
69#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
70 // Mark OTA partition as valid to prevent rollback
71 esp_ota_mark_app_valid_cancel_rollback();
72#endif
73 // Disable loop since we no longer need to check
74 this->disable_loop();
75}
76
77void SafeModeComponent::loop() {
78 if (!this->boot_successful_ && (millis() - this->safe_mode_start_time_) > this->safe_mode_boot_is_good_after_) {
79 // successful boot, reset counter
80 ESP_LOGI(TAG, "Boot seems successful; resetting boot loop counter");
81 this->mark_successful();
82 }
83}
84
85void SafeModeComponent::set_safe_mode_pending(const bool &pending) {
86 uint32_t current_rtc = this->read_rtc_();
87
88 if (pending && current_rtc != SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
89 ESP_LOGI(TAG, "Device will enter on next boot");
90 this->write_rtc_(SafeModeComponent::ENTER_SAFE_MODE_MAGIC);
91 }
92
93 if (!pending && current_rtc == SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
94 ESP_LOGI(TAG, "Safe mode pending has been cleared");
95 this->clean_rtc();
96 }
97}
98
102
103bool SafeModeComponent::should_enter_safe_mode(uint8_t num_attempts, uint32_t enable_time,
104 uint32_t boot_is_good_after) {
105 this->safe_mode_start_time_ = millis();
106 this->safe_mode_enable_time_ = enable_time;
107 this->safe_mode_boot_is_good_after_ = boot_is_good_after;
108 this->safe_mode_num_attempts_ = num_attempts;
109 this->rtc_ = global_preferences->make_preference<uint32_t>(RTC_KEY, false);
110
111#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
112 // Check partition state to detect if bootloader supports rollback
113 const esp_partition_t *running = esp_ota_get_running_partition();
114 esp_ota_get_state_partition(running, &this->ota_state_);
115#endif
116
117 uint32_t rtc_val = this->read_rtc_();
118 this->safe_mode_rtc_value_ = rtc_val;
119
120 bool is_manual = rtc_val == SafeModeComponent::ENTER_SAFE_MODE_MAGIC;
121
122 if (is_manual) {
123 ESP_LOGI(TAG, "Manual mode");
124 } else {
125 ESP_LOGCONFIG(TAG, "Unsuccessful boot attempts: %" PRIu32, rtc_val);
126 }
127
128 if (rtc_val < num_attempts && !is_manual) {
129 // increment counter
130 this->write_rtc_(rtc_val + 1);
131 return false;
132 }
133
134 this->clean_rtc();
135
136 if (!is_manual) {
137 ESP_LOGE(TAG, "Boot loop detected");
138 }
139
140 this->status_set_error();
141 this->set_timeout(enable_time, []() {
142 ESP_LOGW(TAG, "Timeout, restarting");
143 App.reboot();
144 });
145
146 // Delay here to allow power to stabilize before Wi-Fi/Ethernet is initialised
147 delay(300); // NOLINT
148 App.setup();
149
150 ESP_LOGW(TAG, "SAFE MODE IS ACTIVE");
151
152#ifdef USE_SAFE_MODE_CALLBACK
153 this->safe_mode_callback_.call();
154#endif
155
156 return true;
157}
158
159void SafeModeComponent::write_rtc_(uint32_t val) {
160 this->rtc_.save(&val);
161 global_preferences->sync();
162}
163
164uint32_t SafeModeComponent::read_rtc_() {
165 uint32_t val;
166 if (!this->rtc_.load(&val))
167 return 0;
168 return val;
169}
170
171void SafeModeComponent::clean_rtc() {
172 // Save without sync - preferences will be written at shutdown or by IntervalSyncer.
173 // This avoids blocking the loop for 50+ ms on flash write. If the device crashes
174 // before sync, the boot wasn't really successful anyway and the counter should
175 // remain incremented.
176 uint32_t val = 0;
177 this->rtc_.save(&val);
178}
179
184
185} // namespace esphome::safe_mode
esphome::Application::setup
void setup()
Reserve space for components to avoid memory fragmentation.
Definition application.cpp:88
esphome::Component::set_timeout
ESPDEPRECATED("Use const char* or uint32_t overload instead. Removed in 2026.7.0", "2026.1.0") void set_timeout(const std voi set_timeout)(const char *name, uint32_t timeout, std::function< void()> &&f)
Set a timeout function with a unique name.
Definition component.h:443
esphome::Component::disable_loop
void disable_loop()
Disable this component's loop.
Definition component.cpp:300
esphome::ESPPreferenceObject::save
bool save(const T *src)
Definition preferences.h:21
esphome::ESPPreferences::sync
virtual bool sync()=0
Commit pending writes to flash.
esphome::ESPPreferences::make_preference
virtual ESPPreferenceObject make_preference(size_t length, uint32_t type, bool in_flash)=0
esphome::safe_mode::SafeModeComponent::read_rtc_
uint32_t read_rtc_()
Definition safe_mode.cpp:164
esphome::safe_mode::SafeModeComponent::should_enter_safe_mode
bool should_enter_safe_mode(uint8_t num_attempts, uint32_t enable_time, uint32_t boot_is_good_after)
Definition safe_mode.cpp:103
esphome::safe_mode::SafeModeComponent::safe_mode_enable_time_
uint32_t safe_mode_enable_time_
The time safe mode should remain active for.
Definition safe_mode.h:48
esphome::safe_mode::SafeModeComponent::on_safe_shutdown
void on_safe_shutdown() override
Definition safe_mode.cpp:180
esphome::safe_mode::SafeModeComponent::loop
void loop() override
Definition safe_mode.cpp:77
esphome::safe_mode::SafeModeComponent::mark_successful
void mark_successful()
Definition safe_mode.cpp:66
esphome::safe_mode::SafeModeComponent::boot_successful_
bool boot_successful_
set to true after boot is considered successful
Definition safe_mode.h:52
esphome::safe_mode::SafeModeComponent::safe_mode_start_time_
uint32_t safe_mode_start_time_
stores when safe mode was enabled
Definition safe_mode.h:50
esphome::safe_mode::SafeModeComponent::safe_mode_boot_is_good_after_
uint32_t safe_mode_boot_is_good_after_
The amount of time after which the boot is considered successful.
Definition safe_mode.h:47
esphome::safe_mode::SafeModeComponent::get_setup_priority
float get_setup_priority() const override
Definition safe_mode.cpp:64
esphome::safe_mode::SafeModeComponent::ota_state_
esp_ota_img_states_t ota_state_
Definition safe_mode.h:55
esphome::safe_mode::SafeModeComponent::safe_mode_rtc_value_
uint32_t safe_mode_rtc_value_
Definition safe_mode.h:49
esphome::safe_mode::SafeModeComponent::dump_config
void dump_config() override
Definition safe_mode.cpp:21
esphome::safe_mode::SafeModeComponent::set_safe_mode_pending
void set_safe_mode_pending(const bool &pending)
Set to true if the next startup will enter safe mode.
Definition safe_mode.cpp:85
esphome::safe_mode::SafeModeComponent::clean_rtc
void clean_rtc()
Definition safe_mode.cpp:171
esphome::safe_mode::SafeModeComponent::write_rtc_
void write_rtc_(uint32_t val)
Definition safe_mode.cpp:159
esphome::safe_mode::SafeModeComponent::rtc_
ESPPreferenceObject rtc_
Definition safe_mode.h:58
esphome::safe_mode::SafeModeComponent::get_safe_mode_pending
bool get_safe_mode_pending()
Definition safe_mode.cpp:99
esphome::safe_mode::SafeModeComponent::ENTER_SAFE_MODE_MAGIC
static const uint32_t ENTER_SAFE_MODE_MAGIC
a magic number to indicate that safe mode should be entered on next boot
Definition safe_mode.h:63
esphome::safe_mode::SafeModeComponent::safe_mode_callback_
CallbackManager< void()> safe_mode_callback_
Definition safe_mode.h:60
esphome::safe_mode::SafeModeComponent::safe_mode_num_attempts_
uint8_t safe_mode_num_attempts_
Definition safe_mode.h:53
val
mopeka_std_values val[4]
Definition mopeka_std_check.h:8
esphome::safe_mode
Definition automation.h:6
esphome::safe_mode::RTC_KEY
constexpr uint32_t RTC_KEY
RTC key for storing boot loop counter - used by safe_mode and preferences backends.
Definition safe_mode.h:15
esphome::setup_priority::AFTER_WIFI
constexpr float AFTER_WIFI
For components that should be initialized after WiFi is connected.
Definition component.h:41
esphome::global_preferences
ESPPreferences * global_preferences
Definition preferences.cpp:204
esphome::delay
void HOT delay(uint32_t ms)
Definition core.cpp:27
esphome::millis
uint32_t IRAM_ATTR HOT millis()
Definition core.cpp:25
esphome::App
Application App
Global storage of Application pointer - only one Application can exist.
safe_mode.h
Generated by doxygen 1.12.0