ESPHome 2026.1.4
Loading...
Searching...
No Matches
safe_mode.cpp
Go to the documentation of this file.
1#include "safe_mode.h"
2
3#include "esphome/core/application.h"
4#include "esphome/core/hal.h"
5#include "esphome/core/log.h"
6#include "esphome/core/util.h"
7
8#include <cerrno>
9#include <cinttypes>
10#include <cstdio>
11
12#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
13#include <esp_ota_ops.h>
14#endif
15
16namespace esphome::safe_mode {
17
18static const char *const TAG = "safe_mode";
19
20void SafeModeComponent::dump_config() {
21 ESP_LOGCONFIG(TAG,
22 "Safe Mode:\n"
23 " Successful after: %" PRIu32 "s\n"
24 " Invoke after: %u attempts\n"
25 " Duration: %" PRIu32 "s",
26 this->safe_mode_boot_is_good_after_ / 1000, // because milliseconds
27 this->safe_mode_num_attempts_,
28 this->safe_mode_enable_time_ / 1000); // because milliseconds
29#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
30 const char *state_str;
31 if (this->ota_state_ == ESP_OTA_IMG_NEW) {
32 state_str = "not supported";
33 } else if (this->ota_state_ == ESP_OTA_IMG_PENDING_VERIFY) {
34 state_str = "supported";
35 } else {
36 state_str = "support unknown";
37 }
38 ESP_LOGCONFIG(TAG, " Bootloader rollback: %s", state_str);
39#endif
40
41 if (this->safe_mode_rtc_value_ > 1 && this->safe_mode_rtc_value_ != SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
42 auto remaining_restarts = this->safe_mode_num_attempts_ - this->safe_mode_rtc_value_;
43 if (remaining_restarts) {
44 ESP_LOGW(TAG, "Last reset too quick; invoke in %" PRIu32 " restarts", remaining_restarts);
45 } else {
46 ESP_LOGW(TAG, "SAFE MODE IS ACTIVE");
47 }
48 }
49
50#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
51 const esp_partition_t *last_invalid = esp_ota_get_last_invalid_partition();
52 if (last_invalid != nullptr) {
53 ESP_LOGW(TAG,
54 "OTA rollback detected! Rolled back from partition '%s'\n"
55 "The device reset before the boot was marked successful",
56 last_invalid->label);
57 }
58#endif
59}
60
61float SafeModeComponent::get_setup_priority() const { return setup_priority::AFTER_WIFI; }
62
63void SafeModeComponent::loop() {
64 if (!this->boot_successful_ && (millis() - this->safe_mode_start_time_) > this->safe_mode_boot_is_good_after_) {
65 // successful boot, reset counter
66 ESP_LOGI(TAG, "Boot seems successful; resetting boot loop counter");
67 this->clean_rtc();
68 this->boot_successful_ = true;
69#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
70 // Mark OTA partition as valid to prevent rollback
71 esp_ota_mark_app_valid_cancel_rollback();
72#endif
73 // Disable loop since we no longer need to check
74 this->disable_loop();
75 }
76}
77
78void SafeModeComponent::set_safe_mode_pending(const bool &pending) {
79 uint32_t current_rtc = this->read_rtc_();
80
81 if (pending && current_rtc != SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
82 ESP_LOGI(TAG, "Device will enter on next boot");
83 this->write_rtc_(SafeModeComponent::ENTER_SAFE_MODE_MAGIC);
84 }
85
86 if (!pending && current_rtc == SafeModeComponent::ENTER_SAFE_MODE_MAGIC) {
87 ESP_LOGI(TAG, "Safe mode pending has been cleared");
88 this->clean_rtc();
89 }
90}
91
95
96bool SafeModeComponent::should_enter_safe_mode(uint8_t num_attempts, uint32_t enable_time,
97 uint32_t boot_is_good_after) {
98 this->safe_mode_start_time_ = millis();
99 this->safe_mode_enable_time_ = enable_time;
100 this->safe_mode_boot_is_good_after_ = boot_is_good_after;
101 this->safe_mode_num_attempts_ = num_attempts;
102 this->rtc_ = global_preferences->make_preference<uint32_t>(233825507UL, false);
103
104#if defined(USE_ESP32) && defined(USE_OTA_ROLLBACK)
105 // Check partition state to detect if bootloader supports rollback
106 const esp_partition_t *running = esp_ota_get_running_partition();
107 esp_ota_get_state_partition(running, &this->ota_state_);
108#endif
109
110 uint32_t rtc_val = this->read_rtc_();
111 this->safe_mode_rtc_value_ = rtc_val;
112
113 bool is_manual = rtc_val == SafeModeComponent::ENTER_SAFE_MODE_MAGIC;
114
115 if (is_manual) {
116 ESP_LOGI(TAG, "Manual mode");
117 } else {
118 ESP_LOGCONFIG(TAG, "Unsuccessful boot attempts: %" PRIu32, rtc_val);
119 }
120
121 if (rtc_val < num_attempts && !is_manual) {
122 // increment counter
123 this->write_rtc_(rtc_val + 1);
124 return false;
125 }
126
127 this->clean_rtc();
128
129 if (!is_manual) {
130 ESP_LOGE(TAG, "Boot loop detected");
131 }
132
133 this->status_set_error();
134 this->set_timeout(enable_time, []() {
135 ESP_LOGW(TAG, "Timeout, restarting");
136 App.reboot();
137 });
138
139 // Delay here to allow power to stabilize before Wi-Fi/Ethernet is initialised
140 delay(300); // NOLINT
141 App.setup();
142
143 ESP_LOGW(TAG, "SAFE MODE IS ACTIVE");
144
145#ifdef USE_SAFE_MODE_CALLBACK
146 this->safe_mode_callback_.call();
147#endif
148
149 return true;
150}
151
152void SafeModeComponent::write_rtc_(uint32_t val) {
153 this->rtc_.save(&val);
154 global_preferences->sync();
155}
156
157uint32_t SafeModeComponent::read_rtc_() {
158 uint32_t val;
159 if (!this->rtc_.load(&val))
160 return 0;
161 return val;
162}
163
164void SafeModeComponent::clean_rtc() {
165 // Save without sync - preferences will be written at shutdown or by IntervalSyncer.
166 // This avoids blocking the loop for 50+ ms on flash write. If the device crashes
167 // before sync, the boot wasn't really successful anyway and the counter should
168 // remain incremented.
169 uint32_t val = 0;
170 this->rtc_.save(&val);
171}
172
177
178} // namespace esphome::safe_mode
esphome::Application::setup
void setup()
Set up all the registered components. Call this at the end of your setup() function.
Definition application.cpp:86
esphome::Component::set_timeout
ESPDEPRECATED("Use const char* or uint32_t overload instead. Removed in 2026.7.0", "2026.1.0") void set_timeout(const std voi set_timeout)(const char *name, uint32_t timeout, std::function< void()> &&f)
Set a timeout function with a unique name.
Definition component.h:445
esphome::Component::disable_loop
void disable_loop()
Disable this component's loop.
Definition component.cpp:300
esphome::ESPPreferenceObject::save
bool save(const T *src)
Definition preferences.h:21
esphome::ESPPreferences::sync
virtual bool sync()=0
Commit pending writes to flash.
esphome::ESPPreferences::make_preference
virtual ESPPreferenceObject make_preference(size_t length, uint32_t type, bool in_flash)=0
esphome::safe_mode::SafeModeComponent::read_rtc_
uint32_t read_rtc_()
Definition safe_mode.cpp:157
esphome::safe_mode::SafeModeComponent::should_enter_safe_mode
bool should_enter_safe_mode(uint8_t num_attempts, uint32_t enable_time, uint32_t boot_is_good_after)
Definition safe_mode.cpp:96
esphome::safe_mode::SafeModeComponent::safe_mode_enable_time_
uint32_t safe_mode_enable_time_
The time safe mode should remain active for.
Definition safe_mode.h:43
esphome::safe_mode::SafeModeComponent::on_safe_shutdown
void on_safe_shutdown() override
Definition safe_mode.cpp:173
esphome::safe_mode::SafeModeComponent::loop
void loop() override
Definition safe_mode.cpp:63
esphome::safe_mode::SafeModeComponent::boot_successful_
bool boot_successful_
set to true after boot is considered successful
Definition safe_mode.h:47
esphome::safe_mode::SafeModeComponent::safe_mode_start_time_
uint32_t safe_mode_start_time_
stores when safe mode was enabled
Definition safe_mode.h:45
esphome::safe_mode::SafeModeComponent::safe_mode_boot_is_good_after_
uint32_t safe_mode_boot_is_good_after_
The amount of time after which the boot is considered successful.
Definition safe_mode.h:42
esphome::safe_mode::SafeModeComponent::get_setup_priority
float get_setup_priority() const override
Definition safe_mode.cpp:61
esphome::safe_mode::SafeModeComponent::ota_state_
esp_ota_img_states_t ota_state_
Definition safe_mode.h:50
esphome::safe_mode::SafeModeComponent::safe_mode_rtc_value_
uint32_t safe_mode_rtc_value_
Definition safe_mode.h:44
esphome::safe_mode::SafeModeComponent::dump_config
void dump_config() override
Definition safe_mode.cpp:20
esphome::safe_mode::SafeModeComponent::set_safe_mode_pending
void set_safe_mode_pending(const bool &pending)
Set to true if the next startup will enter safe mode.
Definition safe_mode.cpp:78
esphome::safe_mode::SafeModeComponent::clean_rtc
void clean_rtc()
Definition safe_mode.cpp:164
esphome::safe_mode::SafeModeComponent::write_rtc_
void write_rtc_(uint32_t val)
Definition safe_mode.cpp:152
esphome::safe_mode::SafeModeComponent::rtc_
ESPPreferenceObject rtc_
Definition safe_mode.h:53
esphome::safe_mode::SafeModeComponent::get_safe_mode_pending
bool get_safe_mode_pending()
Definition safe_mode.cpp:92
esphome::safe_mode::SafeModeComponent::ENTER_SAFE_MODE_MAGIC
static const uint32_t ENTER_SAFE_MODE_MAGIC
a magic number to indicate that safe mode should be entered on next boot
Definition safe_mode.h:58
esphome::safe_mode::SafeModeComponent::safe_mode_callback_
CallbackManager< void()> safe_mode_callback_
Definition safe_mode.h:55
esphome::safe_mode::SafeModeComponent::safe_mode_num_attempts_
uint8_t safe_mode_num_attempts_
Definition safe_mode.h:48
val
mopeka_std_values val[4]
Definition mopeka_std_check.h:8
esphome::safe_mode
Definition automation.h:9
esphome::setup_priority::AFTER_WIFI
const float AFTER_WIFI
For components that should be initialized after WiFi is connected.
Definition component.cpp:88
esphome::global_preferences
ESPPreferences * global_preferences
Definition preferences.cpp:213
esphome::delay
void IRAM_ATTR HOT delay(uint32_t ms)
Definition core.cpp:26
esphome::millis
uint32_t IRAM_ATTR HOT millis()
Definition core.cpp:25
esphome::App
Application App
Global storage of Application pointer - only one Application can exist.
Definition application.cpp:673
safe_mode.h
Generated by doxygen 1.12.0