1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <log/log.h>
38 #include <sys/types.h>
39 #include <sys/stat.h>
40 #include <signal.h>
41 #include <time.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <dirent.h>
45 #include <ctype.h>
46 #include <cutils/properties.h>
47 #include <stdlib.h>
48 #include <termios.h>
49 #include <string.h>
50 #include <stdbool.h>
51 #include <sys/socket.h>
52 #include <unistd.h>
53 #include "bt_hci_bdroid.h"
54 #include "bt_vendor_qcom.h"
55 #include "hci_uart.h"
56 #include "hw_rome.h"
57
58 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt"
59
60 #ifdef __cplusplus
61 }
62 #endif
63
64 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
65
66 int read_vs_hci_event(int fd, unsigned char* buf, int size);
67
68 /******************************************************************************
69 ** Variables
70 ******************************************************************************/
71 FILE *file;
72 unsigned char *phdr_buffer;
73 unsigned char *pdata_buffer = NULL;
74 patch_info rampatch_patch_info;
75 int chipset_ver = 0;
76 unsigned char gTlv_type;
77 unsigned char gTlv_dwndCfg;
78 static unsigned int wipower_flag = 0;
79 static unsigned int wipower_handoff_ready = 0;
80 char *rampatch_file_path = NULL;
81 char *nvm_file_path = NULL;
82 char *fw_su_info = NULL;
83 unsigned short fw_su_offset =0;
84 extern char enable_extldo;
85 unsigned char wait_vsc_evt = TRUE;
86 bool patch_dnld_pending = FALSE;
87 int dnld_fd = -1;
88
89 /******************************************************************************
90 ** Extern variables
91 ******************************************************************************/
92
93 /*****************************************************************************
94 ** Functions
95 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)96 int do_write(int fd, unsigned char *buf,int len)
97 {
98 int ret = 0;
99 int write_offset = 0;
100 int write_len = len;
101 do {
102 ret = write(fd,buf+write_offset,write_len);
103 if (ret < 0)
104 {
105 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
106 return -1;
107 } else if (ret == 0) {
108 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
109 return 0;
110 } else {
111 if (ret < write_len) {
112 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
113 strerror(errno));
114 write_len = write_len - ret;
115 write_offset = ret;
116 } else {
117 ALOGV("Write successful");
118 break;
119 }
120 }
121 } while(1);
122 return len;
123 }
124
get_vs_hci_event(unsigned char * rsp)125 int get_vs_hci_event(unsigned char *rsp)
126 {
127 int err = 0;
128 unsigned char paramlen = 0;
129 unsigned char EMBEDDED_MODE_CHECK = 0x02;
130 FILE *btversionfile = 0;
131 unsigned int soc_id = 0;
132 unsigned int productid = 0;
133 unsigned short patchversion = 0;
134 char build_label[255];
135 int build_lbl_len;
136 unsigned short buildversion = 0;
137
138 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
139 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
140 else {
141 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
142 err = -EIO;
143 goto failed;
144 }
145
146 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
147 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
148 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
149
150 /* Check the status of the operation */
151 switch ( rsp[CMD_RSP_OFFSET] )
152 {
153 case EDL_CMD_REQ_RES_EVT:
154 ALOGI("%s: Command Request Response", __FUNCTION__);
155 switch(rsp[RSP_TYPE_OFFSET])
156 {
157 case EDL_PATCH_VER_RES_EVT:
158 case EDL_APP_VER_RES_EVT:
159 ALOGI("\t Current Product ID\t\t: 0x%08x",
160 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
161 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
162 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
163 rsp[PATCH_PROD_ID_OFFSET] ));
164
165 /* Patch Version indicates FW patch version */
166 ALOGI("\t Current Patch Version\t\t: 0x%04x",
167 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
168 rsp[PATCH_PATCH_VER_OFFSET] )));
169
170 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
171 ALOGI("\t Current ROM Build Version\t: 0x%04x", buildversion =
172 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
173 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
174
175 /* In case rome 1.0/1.1, there is no SOC ID version available */
176 if (paramlen - 10)
177 {
178 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
179 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
180 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
181 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
182 rsp[PATCH_SOC_VER_OFFSET] ));
183 }
184
185 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) {
186 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid);
187 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion);
188 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", buildversion);
189 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id);
190 fclose(btversionfile);
191 }else {
192 ALOGI("Failed to dump SOC version info. Errno:%d", errno);
193 }
194 /* Rome Chipset Version can be decided by Patch version and SOC version,
195 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
196 used for SOC as combination for BT host driver */
197 chipset_ver = (buildversion << 16) |(soc_id & 0x0000ffff);
198
199 break;
200 case EDL_TVL_DNLD_RES_EVT:
201 case EDL_CMD_EXE_STATUS_EVT:
202 switch (err = rsp[CMD_STATUS_OFFSET])
203 {
204 case HCI_CMD_SUCCESS:
205 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
206 break;
207 case PATCH_LEN_ERROR:
208 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
209 "SET REQ cmd", __FUNCTION__);
210 break;
211 case PATCH_VER_ERROR:
212 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
213 "SET REQ cmd", __FUNCTION__);
214 break;
215 case PATCH_CRC_ERROR:
216 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
217 break;
218 case PATCH_NOT_FOUND:
219 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
220 break;
221 case TLV_TYPE_ERROR:
222 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
223 break;
224 default:
225 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
226 break;
227 }
228 break;
229 case HCI_VS_GET_BUILD_VER_EVT:
230 build_lbl_len = rsp[5];
231 memcpy (build_label, &rsp[6], build_lbl_len);
232 *(build_label+build_lbl_len) = '\0';
233
234 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
235 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) {
236 fprintf(btversionfile, "Bluetooth Contoller SU Build info : %s\n", build_label);
237 fclose(btversionfile);
238 } else {
239 ALOGI("Failed to dump FW SU build info. Errno:%d", errno);
240 }
241 break;
242 }
243 break;
244
245 case NVM_ACCESS_CODE:
246 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
247 err = HCI_CMD_SUCCESS;
248 break;
249 case EDL_SET_BAUDRATE_RSP_EVT:
250 /* Rome 1.1 has bug with the response, so it should ignore it. */
251 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
252 {
253 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
254 rsp[CMD_STATUS_OFFSET]);
255 err = -1;
256 }
257 break;
258 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
259 /* Query charging command has below return values
260 0 - in embedded mode not charging
261 1 - in embedded mode and charging
262 2 - hadofff completed and in normal mode
263 3 - no wipower supported on mtp. so irrepective of charging
264 handoff command has to be sent if return values are 0 or 1.
265 These change include logic to enable generic BT turn on sequence.*/
266 if (rsp[4] < EMBEDDED_MODE_CHECK)
267 {
268 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
269 wipower_handoff_ready = rsp[4];
270 wipower_flag = 1;
271 }
272 break;
273 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
274 /*TODO: rsp code 00 mean no charging
275 this is going to change in FW soon*/
276 if (rsp[4] == NON_WIPOWER_MODE)
277 {
278 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
279 }
280 break;
281 case HCI_VS_GET_ADDON_FEATURES_EVENT:
282 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
283 {
284 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
285 property_set("persist.bluetooth.a4wp", "true");
286 }
287 break;
288 case HCI_VS_STRAY_EVT:
289 /* WAR to handle stray Power Apply EVT during patch download */
290 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
291 if (patch_dnld_pending && dnld_fd != -1)
292 {
293 unsigned char rsp[HCI_MAX_EVENT_SIZE];
294 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
295 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
296 }
297 else
298 {
299 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
300 err = -1;
301 }
302 break;
303 default:
304 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
305 err = -1;
306 break;
307 }
308
309 failed:
310 return err;
311 }
312
313
314 /*
315 * Read an VS HCI event from the given file descriptor.
316 */
read_vs_hci_event(int fd,unsigned char * buf,int size)317 int read_vs_hci_event(int fd, unsigned char* buf, int size)
318 {
319 int remain, r;
320 int count = 0, i;
321
322 if (size <= 0) {
323 ALOGE("Invalid size arguement!");
324 return -1;
325 }
326
327 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
328
329 /* The first byte identifies the packet type. For HCI event packets, it
330 * should be 0x04, so we read until we get to the 0x04. */
331 /* It will keep reading until find 0x04 byte */
332 while (1) {
333 r = read(fd, buf, 1);
334 if (r <= 0)
335 return -1;
336 if (buf[0] == 0x04)
337 break;
338 }
339 count++;
340
341 /* The next two bytes are the event code and parameter total length. */
342 while (count < 3) {
343 r = read(fd, buf + count, 3 - count);
344 if ((r <= 0) || (buf[1] != 0xFF )) {
345 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
346 return -1;
347 }
348 count += r;
349 }
350
351 /* Now we read the parameters. */
352 if (buf[2] < (size - 3))
353 remain = buf[2];
354 else
355 remain = size - 3;
356
357 while ((count - 3) < remain) {
358 r = read(fd, buf + count, remain - (count - 3));
359 if (r <= 0)
360 return -1;
361 count += r;
362 }
363
364 /* Check if the set patch command is successful or not */
365 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
366 return -1;
367
368 return count;
369 }
370
371 /*
372 * For Hand-Off related Wipower commands, Command complete arrives first and
373 * the followd with VS event
374 *
375 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)376 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
377 {
378 int ret = 0;
379 int err = 0;
380
381 /* Send the HCI command packet to UART for transmission */
382 ret = do_write(fd, cmd, size);
383 if (ret != size) {
384 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
385 goto failed;
386 }
387
388 /* Wait for command complete event */
389 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
390 if ( err < 0) {
391 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
392 goto failed;
393 }
394
395 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
396 failed:
397 return ret;
398 }
399
400
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)401 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
402 {
403 int ret = 0;
404
405 /* Send the HCI command packet to UART for transmission */
406 ret = do_write(fd, cmd, size);
407 if (ret != size) {
408 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
409 goto failed;
410 }
411
412 if (wait_vsc_evt) {
413 /* Check for response from the Controller */
414 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
415 ret = -ETIMEDOUT;
416 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
417 goto failed;
418 }
419 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
420 }
421
422 failed:
423 return ret;
424 }
425
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)426 void frame_hci_cmd_pkt(
427 unsigned char *cmd,
428 int edl_cmd, unsigned int p_base_addr,
429 int segtNo, int size
430 )
431 {
432 int offset = 0;
433 hci_command_hdr *cmd_hdr;
434
435 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
436
437 cmd_hdr = (void *) (cmd + 1);
438
439 cmd[0] = HCI_COMMAND_PKT;
440 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
441 cmd_hdr->plen = size;
442 cmd[4] = edl_cmd;
443
444 switch (edl_cmd)
445 {
446 case EDL_PATCH_SET_REQ_CMD:
447 /* Copy the patch header info as CMD params */
448 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
449 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
450 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
451 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
452 break;
453 case EDL_PATCH_DLD_REQ_CMD:
454 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
455 p_base_addr += offset;
456 cmd_hdr->plen = (size + 6);
457 cmd[5] = (size + 4);
458 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
459 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
460 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
461 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
462 memcpy(&cmd[10], (pdata_buffer + offset), size);
463
464 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
465 __FUNCTION__, size);
466 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
467 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
468 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
469 break;
470 case EDL_PATCH_ATCH_REQ_CMD:
471 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
472 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
473 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
474 break;
475 case EDL_PATCH_RST_REQ_CMD:
476 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
477 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
478 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
479 break;
480 case EDL_PATCH_VER_REQ_CMD:
481 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
482 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
483 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
484 break;
485 case EDL_PATCH_TLV_REQ_CMD:
486 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
487 /* Parameter Total Length */
488 cmd[3] = size +2;
489
490 /* TLV Segment Length */
491 cmd[5] = size;
492 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
493 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
494 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
495 memcpy(&cmd[6], (pdata_buffer + offset), size);
496 break;
497 case EDL_GET_BUILD_INFO:
498 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
499 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
500 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
501 break;
502 default:
503 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
504 }
505 }
506
rome_extract_patch_header_info(unsigned char * buf)507 void rome_extract_patch_header_info(unsigned char *buf)
508 {
509 int index;
510
511 /* Extract patch id */
512 for (index = 0; index < 4; index++)
513 rampatch_patch_info.patch_id |=
514 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
515
516 /* Extract (ROM and BUILD) version information */
517 for (index = 0; index < 2; index++)
518 rampatch_patch_info.patch_ver.rom_version |=
519 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
520
521 for (index = 0; index < 2; index++)
522 rampatch_patch_info.patch_ver.build_version |=
523 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
524
525 /* Extract patch base and entry addresses */
526 for (index = 0; index < 4; index++)
527 rampatch_patch_info.patch_base_addr |=
528 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
529
530 /* Patch BASE & ENTRY addresses are same */
531 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
532
533 /* Extract total length of the patch payload */
534 for (index = 0; index < 4; index++)
535 rampatch_patch_info.patch_length |=
536 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
537
538 /* Extract the CRC checksum of the patch payload */
539 for (index = 0; index < 4; index++)
540 rampatch_patch_info.patch_crc |=
541 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
542
543 /* Extract patch control value */
544 for (index = 0; index < 4; index++)
545 rampatch_patch_info.patch_ctrl |=
546 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
547
548 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
549 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
550 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
551 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
552 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
553 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
554 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
555
556 }
557
rome_edl_set_patch_request(int fd)558 int rome_edl_set_patch_request(int fd)
559 {
560 int size, err;
561 unsigned char cmd[HCI_MAX_CMD_SIZE];
562 unsigned char rsp[HCI_MAX_EVENT_SIZE];
563
564 /* Frame the HCI CMD to be sent to the Controller */
565 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
566 -1, PATCH_HDR_LEN + 1);
567
568 /* Total length of the packet to be sent to the Controller */
569 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
570
571 /* Send HCI Command packet to Controller */
572 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
573 if ( err != size) {
574 ALOGE("Failed to set the patch info to the Controller!");
575 goto error;
576 }
577
578 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
579 if ( err < 0) {
580 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
581 goto error;
582 }
583 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
584 error:
585 return err;
586 }
587
rome_edl_patch_download_request(int fd)588 int rome_edl_patch_download_request(int fd)
589 {
590 int no_of_patch_segment;
591 int index = 1, err = 0, size = 0;
592 unsigned int p_base_addr;
593 unsigned char cmd[HCI_MAX_CMD_SIZE];
594 unsigned char rsp[HCI_MAX_EVENT_SIZE];
595
596 no_of_patch_segment = (rampatch_patch_info.patch_length /
597 MAX_DATA_PER_SEGMENT);
598 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
599 __FUNCTION__, no_of_patch_segment,
600 rampatch_patch_info.patch_base_addr);
601
602 /* Initialize the patch base address from the one read from bin file */
603 p_base_addr = rampatch_patch_info.patch_base_addr;
604
605 /*
606 * Depending upon size of the patch payload, download the patches in
607 * segments with a max. size of 239 bytes
608 */
609 for (index = 1; index <= no_of_patch_segment; index++) {
610
611 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
612
613 /* Frame the HCI CMD PKT to be sent to Controller*/
614 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
615 index, MAX_DATA_PER_SEGMENT);
616
617 /* Total length of the packet to be sent to the Controller */
618 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
619
620 /* Initialize the RSP packet everytime to 0 */
621 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
622
623 /* Send HCI Command packet to Controller */
624 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
625 if ( err != size) {
626 ALOGE("Failed to send the patch payload to the Controller!");
627 goto error;
628 }
629
630 /* Read Command Complete Event */
631 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
632 if ( err < 0) {
633 ALOGE("%s: Failed to downlaod patch segment: %d!",
634 __FUNCTION__, index);
635 goto error;
636 }
637 ALOGI("%s: Successfully downloaded patch segment: %d",
638 __FUNCTION__, index);
639 }
640
641 /* Check if any pending patch data to be sent */
642 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
643 rampatch_patch_info.patch_length :
644 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
645
646 if (size)
647 {
648 /* Frame the HCI CMD PKT to be sent to Controller*/
649 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
650
651 /* Initialize the RSP packet everytime to 0 */
652 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
653
654 /* Total length of the packet to be sent to the Controller */
655 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
656
657 /* Send HCI Command packet to Controller */
658 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
659 if ( err != size) {
660 ALOGE("Failed to send the patch payload to the Controller!");
661 goto error;
662 }
663
664 /* Read Command Complete Event */
665 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
666 if ( err < 0) {
667 ALOGE("%s: Failed to downlaod patch segment: %d!",
668 __FUNCTION__, index);
669 goto error;
670 }
671
672 ALOGI("%s: Successfully downloaded patch segment: %d",
673 __FUNCTION__, index);
674 }
675
676 error:
677 return err;
678 }
679
rome_download_rampatch(int fd)680 static int rome_download_rampatch(int fd)
681 {
682 int c, tmp, size, index, ret = -1;
683
684 ALOGI("%s: ", __FUNCTION__);
685
686 /* Get handle to the RAMPATCH binary file */
687 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
688 file = fopen(ROME_FW_PATH, "r");
689 if (file == NULL) {
690 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
691 __FUNCTION__);
692 return -ENFILE;
693 }
694
695 /* Allocate memory for the patch headder info */
696 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
697 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
698 if (phdr_buffer == NULL) {
699 ALOGE("%s: Failed to allocate memory for patch header",
700 __FUNCTION__);
701 goto phdr_alloc_failed;
702 }
703 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
704 phdr_buffer[index] = 0x0;
705
706 /* Read 28 bytes of patch header information */
707 ALOGI("%s: Reading patch header info", __FUNCTION__);
708 index = 0;
709 do {
710 c = fgetc (file);
711 phdr_buffer[index++] = (unsigned char)c;
712 } while (index != PATCH_HDR_LEN);
713
714 /* Save the patch header info into local structure */
715 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
716 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
717
718 /* Set the patch header info onto the Controller */
719 ret = rome_edl_set_patch_request(fd);
720 if (ret < 0) {
721 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
722 goto pdata_alloc_failed;
723 }
724
725 /* Allocate memory for the patch payload */
726 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
727 size = rampatch_patch_info.patch_length;
728 pdata_buffer = (unsigned char *) malloc(size+1);
729 if (pdata_buffer == NULL) {
730 ALOGE("%s: Failed to allocate memory for patch payload",
731 __FUNCTION__);
732 goto pdata_alloc_failed;
733 }
734 for (index = 0; index < size+1; index++)
735 pdata_buffer[index] = 0x0;
736
737 /* Read the patch data from Rampatch binary image */
738 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
739 index = 0;
740 do {
741 c = fgetc (file);
742 pdata_buffer[index++] = (unsigned char)c;
743 } while (c != EOF);
744
745 /* Downloading patches in segments to controller */
746 ret = rome_edl_patch_download_request(fd);
747 if (ret < 0) {
748 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
749 goto cleanup;
750 }
751 cleanup:
752 free(pdata_buffer);
753 pdata_alloc_failed:
754 free(phdr_buffer);
755 phdr_alloc_failed:
756 fclose(file);
757 error:
758 return ret;
759 }
760
rome_attach_rampatch(int fd)761 int rome_attach_rampatch(int fd)
762 {
763 int size, err;
764 unsigned char cmd[HCI_MAX_CMD_SIZE];
765 unsigned char rsp[HCI_MAX_EVENT_SIZE];
766
767 /* Frame the HCI CMD to be sent to the Controller */
768 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
769 -1, EDL_PATCH_CMD_LEN);
770
771 /* Total length of the packet to be sent to the Controller */
772 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
773
774 /* Send HCI Command packet to Controller */
775 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
776 if ( err != size) {
777 ALOGE("Failed to attach the patch payload to the Controller!");
778 goto error;
779 }
780
781 /* Read Command Complete Event */
782 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
783 if ( err < 0) {
784 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
785 goto error;
786 }
787 error:
788 return err;
789 }
790
rome_rampatch_reset(int fd)791 int rome_rampatch_reset(int fd)
792 {
793 int size, err = 0, flags;
794 unsigned char cmd[HCI_MAX_CMD_SIZE];
795 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
796
797 /* Frame the HCI CMD to be sent to the Controller */
798 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
799 -1, EDL_PATCH_CMD_LEN);
800
801 /* Total length of the packet to be sent to the Controller */
802 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
803
804 /* Send HCI Command packet to Controller */
805 err = do_write(fd, cmd, size);
806 if (err != size) {
807 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
808 goto error;
809 }
810
811 /*
812 * Controller doesn't sends any response for the patch reset
813 * command. HOST has to wait for 100ms before proceeding.
814 */
815 nanosleep(&tm, NULL);
816
817 error:
818 return err;
819 }
820
821 /* This function is called with q_lock held and q is non-NULL */
rome_get_tlv_file(char * file_path)822 int rome_get_tlv_file(char *file_path)
823 {
824 FILE * pFile;
825 long fileSize;
826 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
827 unsigned short nvm_tag_len;
828 tlv_patch_info *ptlv_header;
829 tlv_nvm_hdr *nvm_ptr;
830 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
831 unsigned char *nvm_byte_ptr;
832
833 ALOGI("File Open (%s)", file_path);
834 pFile = fopen ( file_path , "r" );
835 if (pFile==NULL) {;
836 ALOGE("%s File Open Fail", file_path);
837 return -1;
838 }
839
840 /* Get File Size */
841 fseek (pFile , 0 , SEEK_END);
842 fileSize = ftell (pFile);
843 rewind (pFile);
844
845 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
846 if (pdata_buffer == NULL) {
847 ALOGE("Allocated Memory failed");
848 fclose (pFile);
849 return -1;
850 }
851
852 /* Copy file into allocated buffer */
853 readSize = fread (pdata_buffer,1,fileSize,pFile);
854
855 /* File Close */
856 fclose (pFile);
857
858 if (readSize != fileSize) {
859 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
860 return -1;
861 }
862
863 ptlv_header = (tlv_patch_info *) pdata_buffer;
864
865 /* To handle different event between rampatch and NVM */
866 gTlv_type = ptlv_header->tlv_type;
867 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
868
869 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
870 ALOGI("====================================================");
871 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
872 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
873 (ptlv_header->tlv_length2 << 8) |
874 (ptlv_header->tlv_length3 << 16));
875 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
876 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
877 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
878 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
879 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
880 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
881 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
882 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
883 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
884 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
885 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
886 ALOGI("====================================================");
887
888 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
889 ALOGI("====================================================");
890 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
891 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
892 (ptlv_header->tlv_length2 << 8) |
893 (ptlv_header->tlv_length3 << 16));
894
895 if(nvm_length <= 0)
896 return readSize;
897
898 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
899 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
900 {
901 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
902 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
903 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
904 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
905
906 /* Increase nvm_index to NVM data */
907 nvm_index+=sizeof(tlv_nvm_hdr);
908 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
909
910 /* Write BD Address */
911 if(nvm_ptr->tag_id == TAG_NUM_2){
912 memcpy(nvm_byte_ptr, q->bdaddr, 6);
913 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
914 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
915 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
916 }
917
918 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
919 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
920
921 ALOGI("TAG Data\t\t\t : %s", data_buf);
922
923 /* Clear buffer */
924 memset(data_buf, 0x0, PRINT_BUF_SIZE);
925
926 /* increased by tag_len */
927 nvm_index+=nvm_ptr->tag_len;
928 nvm_byte_ptr +=nvm_ptr->tag_len;
929 }
930
931 ALOGI("====================================================");
932
933 } else {
934 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
935 }
936
937 return readSize;
938 }
939
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)940 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
941 {
942 int size=0, err = -1;
943 unsigned char cmd[HCI_MAX_CMD_SIZE];
944 unsigned char rsp[HCI_MAX_EVENT_SIZE];
945
946 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
947
948 /* Frame the HCI CMD PKT to be sent to Controller*/
949 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
950
951 /* Total length of the packet to be sent to the Controller */
952 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
953
954 /* Initialize the RSP packet everytime to 0 */
955 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
956
957 /* Send HCI Command packet to Controller */
958 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
959 if ( err != size) {
960 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
961 return err;
962 }
963
964 if(wait_cc_evt) {
965 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
966 if ( err < 0) {
967 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
968 return err;
969 }
970 }
971
972 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
973 return err;
974 }
975
rome_tlv_dnld_req(int fd,int tlv_size)976 int rome_tlv_dnld_req(int fd, int tlv_size)
977 {
978 int total_segment, remain_size, i, err = -1;
979 unsigned char wait_cc_evt = TRUE;
980
981 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
982 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
983 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
984
985 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
986 __FUNCTION__,tlv_size, total_segment, remain_size);
987
988 if (gTlv_type == TLV_TYPE_PATCH) {
989 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
990 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
991 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
992 */
993 switch(gTlv_dwndCfg)
994 {
995 case ROME_SKIP_EVT_NONE:
996 wait_vsc_evt = TRUE;
997 wait_cc_evt = TRUE;
998 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
999 break;
1000 case ROME_SKIP_EVT_VSE_CC:
1001 wait_vsc_evt = FALSE;
1002 wait_cc_evt = FALSE;
1003 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
1004 break;
1005 /* Not handled for now */
1006 case ROME_SKIP_EVT_VSE:
1007 case ROME_SKIP_EVT_CC:
1008 default:
1009 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
1010 break;
1011 }
1012 } else {
1013 wait_vsc_evt = TRUE;
1014 wait_cc_evt = TRUE;
1015 }
1016
1017 for(i=0;i<total_segment ;i++){
1018 if ((i+1) == total_segment) {
1019 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1020 /* If the Rome version is from 1.1 to 3.1
1021 * 1. No CCE for the last command segment but all other segment
1022 * 2. All the command segments get VSE including the last one
1023 */
1024 wait_cc_evt = !remain_size ? FALSE: TRUE;
1025 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1026 /* If the Rome version is 3.2
1027 * 1. None of the command segments receive CCE
1028 * 2. No command segments receive VSE except the last one
1029 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1030 * same as Rome 2.1, 2.2, 3.0
1031 */
1032 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1033 wait_cc_evt = !remain_size ? FALSE: TRUE;
1034 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1035 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1036 }
1037 }
1038 }
1039
1040 patch_dnld_pending = TRUE;
1041 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1042 goto error;
1043 patch_dnld_pending = FALSE;
1044 }
1045
1046 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1047 /* If the Rome version is from 1.1 to 3.1
1048 * 1. No CCE for the last command segment but all other segment
1049 * 2. All the command segments get VSE including the last one
1050 */
1051 wait_cc_evt = remain_size ? FALSE: TRUE;
1052 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1053 /* If the Rome version is 3.2
1054 * 1. None of the command segments receive CCE
1055 * 2. No command segments receive VSE except the last one
1056 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1057 * same as Rome 2.1, 2.2, 3.0
1058 */
1059 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1060 wait_cc_evt = remain_size ? FALSE: TRUE;
1061 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1062 wait_vsc_evt = remain_size ? TRUE: FALSE;
1063 }
1064 }
1065 patch_dnld_pending = TRUE;
1066 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1067 patch_dnld_pending = FALSE;
1068 error:
1069 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1070 return err;
1071 }
1072
rome_download_tlv_file(int fd)1073 int rome_download_tlv_file(int fd)
1074 {
1075 int tlv_size, err = -1;
1076
1077 /* Rampatch TLV file Downloading */
1078 pdata_buffer = NULL;
1079 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1080 goto error;
1081
1082 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1083 goto error;
1084
1085 if (pdata_buffer != NULL){
1086 free (pdata_buffer);
1087 pdata_buffer = NULL;
1088 }
1089 nvm_download:
1090 if(!nvm_file_path) {
1091 ALOGI("%s: nvm file is not available", __FUNCTION__);
1092 err = 0; // in case of nvm/rampatch is not available
1093 goto error;
1094 }
1095
1096 /* NVM TLV file Downloading */
1097 if((tlv_size = rome_get_tlv_file(nvm_file_path)) <= 0)
1098 goto error;
1099
1100 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1101 goto error;
1102
1103 error:
1104 if (pdata_buffer != NULL)
1105 free (pdata_buffer);
1106
1107 return err;
1108 }
1109
rome_1_0_nvm_tag_dnld(int fd)1110 int rome_1_0_nvm_tag_dnld(int fd)
1111 {
1112 int i, size, err = 0;
1113 unsigned char cmd[HCI_MAX_CMD_SIZE];
1114 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1115
1116 #if (NVM_VERSION >= ROME_1_0_100019)
1117 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1118 {
1119 /* Tag 2 */ /* BD Address */
1120 { /* Packet Type */HCI_COMMAND_PKT,
1121 /* Opcode */ 0x0b,0xfc,
1122 /* Total Len */ 9,
1123 /* NVM CMD */ NVM_ACCESS_SET,
1124 /* Tag Num */ 2,
1125 /* Tag Len */ 6,
1126 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1127 },
1128 /* Tag 6 */ /* Bluetooth Support Features */
1129 { /* Packet Type */HCI_COMMAND_PKT,
1130 /* Opcode */ 0x0b,0xfc,
1131 /* Total Len */ 11,
1132 /* NVM CMD */ NVM_ACCESS_SET,
1133 /* Tag Num */ 6,
1134 /* Tag Len */ 8,
1135 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1136 },
1137 /* Tag 17 */ /* HCI Transport Layer Setting */
1138 { /* Packet Type */HCI_COMMAND_PKT,
1139 /* Opcode */ 0x0b,0xfc,
1140 /* Total Len */ 11,
1141 /* NVM CMD */ NVM_ACCESS_SET,
1142 /* Tag Num */ 17,
1143 /* Tag Len */ 8,
1144 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1145 },
1146 /* Tag 35 */
1147 { /* Packet Type */HCI_COMMAND_PKT,
1148 /* Opcode */ 0x0b,0xfc,
1149 /* Total Len */ 58,
1150 /* NVM CMD */ NVM_ACCESS_SET,
1151 /* Tag Num */ 35,
1152 /* Tag Len */ 55,
1153 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1154 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1155 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1156 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1157 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1158 0x1B, 0x14, 0x01, 0x04, 0x48
1159 },
1160 /* Tag 36 */
1161 { /* Packet Type */HCI_COMMAND_PKT,
1162 /* Opcode */ 0x0b,0xfc,
1163 /* Total Len */ 15,
1164 /* NVM CMD */ NVM_ACCESS_SET,
1165 /* Tag Num */ 36,
1166 /* Tag Len */ 12,
1167 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1168 },
1169 /* Tag 39 */
1170 { /* Packet Type */HCI_COMMAND_PKT,
1171 /* Opcode */ 0x0b,0xfc,
1172 /* Total Len */ 7,
1173 /* NVM CMD */ NVM_ACCESS_SET,
1174 /* Tag Num */ 39,
1175 /* Tag Len */ 4,
1176 /* Tag Value */ 0x12,0x00,0x00,0x00
1177 },
1178 /* Tag 41 */
1179 { /* Packet Type */HCI_COMMAND_PKT,
1180 /* Opcode */ 0x0b,0xfc,
1181 /* Total Len */ 91,
1182 /* NVM CMD */ NVM_ACCESS_SET,
1183 /* Tag Num */ 41,
1184 /* Tag Len */ 88,
1185 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1186 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1187 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1188 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1189 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1190 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1191 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1192 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1193 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1194 },
1195 /* Tag 42 */
1196 { /* Packet Type */HCI_COMMAND_PKT,
1197 /* Opcode */ 0x0b,0xfc,
1198 /* Total Len */ 63,
1199 /* NVM CMD */ NVM_ACCESS_SET,
1200 /* Tag Num */ 42,
1201 /* Tag Len */ 60,
1202 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1203 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1204 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1205 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1206 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1207 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1208 },
1209 /* Tag 84 */
1210 { /* Packet Type */HCI_COMMAND_PKT,
1211 /* Opcode */ 0x0b,0xfc,
1212 /* Total Len */ 153,
1213 /* NVM CMD */ NVM_ACCESS_SET,
1214 /* Tag Num */ 84,
1215 /* Tag Len */ 150,
1216 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1217 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1218 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1219 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1220 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1221 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1222 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1223 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1224 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1225 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1226 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1227 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1228 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1229 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1230 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1231 },
1232 /* Tag 85 */
1233 { /* Packet Type */HCI_COMMAND_PKT,
1234 /* Opcode */ 0x0b,0xfc,
1235 /* Total Len */ 119,
1236 /* NVM CMD */ NVM_ACCESS_SET,
1237 /* Tag Num */ 85,
1238 /* Tag Len */ 116,
1239 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1240 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1241 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1242 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1243 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1244 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1245 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1246 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1247 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1248 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1249 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1250 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1251 },
1252 {TAG_END}
1253 };
1254 #elif (NVM_VERSION == ROME_1_0_6002)
1255 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1256 {
1257 /* Tag 2 */
1258 { /* Packet Type */HCI_COMMAND_PKT,
1259 /* Opcode */ 0x0b,0xfc,
1260 /* Total Len */ 9,
1261 /* NVM CMD */ NVM_ACCESS_SET,
1262 /* Tag Num */ 2,
1263 /* Tag Len */ 6,
1264 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1265 },
1266 /* Tag 6 */
1267 { /* Packet Type */HCI_COMMAND_PKT,
1268 /* Opcode */ 0x0b,0xfc,
1269 /* Total Len */ 11,
1270 /* NVM CMD */ NVM_ACCESS_SET,
1271 /* Tag Num */ 6,
1272 /* Tag Len */ 8,
1273 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1274 },
1275 /* Tag 17 */
1276 { /* Packet Type */HCI_COMMAND_PKT,
1277 /* Opcode */ 0x0b,0xfc,
1278 /* Total Len */ 11,
1279 /* NVM CMD */ NVM_ACCESS_SET,
1280 /* Tag Num */ 17,
1281 /* Tag Len */ 8,
1282 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1283 },
1284 /* Tag 36 */
1285 { /* Packet Type */HCI_COMMAND_PKT,
1286 /* Opcode */ 0x0b,0xfc,
1287 /* Total Len */ 15,
1288 /* NVM CMD */ NVM_ACCESS_SET,
1289 /* Tag Num */ 36,
1290 /* Tag Len */ 12,
1291 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1292 },
1293
1294 /* Tag 39 */
1295 { /* Packet Type */HCI_COMMAND_PKT,
1296 /* Opcode */ 0x0b,0xfc,
1297 /* Total Len */ 7,
1298 /* NVM CMD */ NVM_ACCESS_SET,
1299 /* Tag Num */ 39,
1300 /* Tag Len */ 4,
1301 /* Tag Value */ 0x12,0x00,0x00,0x00
1302 },
1303
1304 /* Tag 41 */
1305 { /* Packet Type */HCI_COMMAND_PKT,
1306 /* Opcode */ 0x0b,0xfc,
1307 /* Total Len */ 199,
1308 /* NVM CMD */ NVM_ACCESS_SET,
1309 /* Tag Num */ 41,
1310 /* Tag Len */ 196,
1311 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1312 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1313 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1314 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1315 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1316 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1317 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1318 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1319 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1320 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1321 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1322 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1323 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1324 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1325 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1326 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1327 0x0B,0x01,0x03,0x00
1328 },
1329
1330 /* Tag 44 */
1331 { /* Packet Type */HCI_COMMAND_PKT,
1332 /* Opcode */ 0x0b,0xfc,
1333 /* Total Len */ 44,
1334 /* NVM CMD */ NVM_ACCESS_SET,
1335 /* Tag Num */ 44,
1336 /* Tag Len */ 41,
1337 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1338 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1339 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1340 0x00,0x14,0x01,0x02,0x03
1341 },
1342 {TAG_END}
1343 };
1344 #endif
1345
1346 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1347
1348 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1349 {
1350 /* Write BD Address */
1351 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1352 memcpy(&cmds[i][TAG_BDADDR_OFFSET], q->bdaddr, 6);
1353 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1354 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1355 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1356 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1357 }
1358 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1359 /* Send HCI Command packet to Controller */
1360 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1361 if ( err != size) {
1362 ALOGE("Failed to attach the patch payload to the Controller!");
1363 goto error;
1364 }
1365
1366 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1367 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1368 if ( err < 0) {
1369 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1370 goto error;
1371 }
1372 }
1373
1374 error:
1375 return err;
1376 }
1377
1378
1379
rome_patch_ver_req(int fd)1380 int rome_patch_ver_req(int fd)
1381 {
1382 int size, err = 0;
1383 unsigned char cmd[HCI_MAX_CMD_SIZE];
1384 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1385
1386 /* Frame the HCI CMD to be sent to the Controller */
1387 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1388 -1, EDL_PATCH_CMD_LEN);
1389
1390 /* Total length of the packet to be sent to the Controller */
1391 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1392
1393 /* Send HCI Command packet to Controller */
1394 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1395 if ( err != size) {
1396 ALOGE("Failed to attach the patch payload to the Controller!");
1397 goto error;
1398 }
1399
1400 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1401 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1402 if ( err < 0) {
1403 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1404 goto error;
1405 }
1406 error:
1407 return err;
1408
1409 }
1410
rome_get_build_info_req(int fd)1411 int rome_get_build_info_req(int fd)
1412 {
1413 int size, err = 0;
1414 unsigned char cmd[HCI_MAX_CMD_SIZE];
1415 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1416
1417 /* Frame the HCI CMD to be sent to the Controller */
1418 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1419 -1, EDL_PATCH_CMD_LEN);
1420
1421 /* Total length of the packet to be sent to the Controller */
1422 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1423
1424 /* Send HCI Command packet to Controller */
1425 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1426 if ( err != size) {
1427 ALOGE("Failed to send get build info cmd to the SoC!");
1428 goto error;
1429 }
1430
1431 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1432 if ( err < 0) {
1433 ALOGE("%s: Failed to get build info", __FUNCTION__);
1434 goto error;
1435 }
1436 error:
1437 return err;
1438
1439 }
1440
1441
rome_set_baudrate_req(int fd)1442 int rome_set_baudrate_req(int fd)
1443 {
1444 int size, err = 0;
1445 unsigned char cmd[HCI_MAX_CMD_SIZE];
1446 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1447 hci_command_hdr *cmd_hdr;
1448 int flags;
1449
1450 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1451
1452 cmd_hdr = (void *) (cmd + 1);
1453 cmd[0] = HCI_COMMAND_PKT;
1454 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1455 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1456 cmd[4] = BAUDRATE_3000000;
1457
1458 /* Total length of the packet to be sent to the Controller */
1459 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1460
1461 /* Flow off during baudrate change */
1462 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1463 {
1464 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1465 goto error;
1466 }
1467
1468 /* Send the HCI command packet to UART for transmission */
1469 err = do_write(fd, cmd, size);
1470 if (err != size) {
1471 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1472 goto error;
1473 }
1474
1475 /* Change Local UART baudrate to high speed UART */
1476 userial_vendor_set_baud(USERIAL_BAUD_3M);
1477
1478 /* Flow on after changing local uart baudrate */
1479 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1480 {
1481 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1482 return err;
1483 }
1484
1485 /* Check for response from the Controller */
1486 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1487 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1488 goto error;
1489 }
1490
1491 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1492
1493 /* Wait for command complete event */
1494 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1495 if ( err < 0) {
1496 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1497 goto error;
1498 }
1499
1500 error:
1501 return err;
1502
1503 }
1504
1505
rome_hci_reset_req(int fd)1506 int rome_hci_reset_req(int fd)
1507 {
1508 int size, err = 0;
1509 unsigned char cmd[HCI_MAX_CMD_SIZE];
1510 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1511 hci_command_hdr *cmd_hdr;
1512 int flags;
1513
1514 ALOGI("%s: HCI RESET ", __FUNCTION__);
1515
1516 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1517
1518 cmd_hdr = (void *) (cmd + 1);
1519 cmd[0] = HCI_COMMAND_PKT;
1520 cmd_hdr->opcode = HCI_RESET;
1521 cmd_hdr->plen = 0;
1522
1523 /* Total length of the packet to be sent to the Controller */
1524 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1525
1526 /* Flow off during baudrate change */
1527 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1528 {
1529 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1530 goto error;
1531 }
1532
1533 /* Send the HCI command packet to UART for transmission */
1534 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1535 err = do_write(fd, cmd, size);
1536 if (err != size) {
1537 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1538 goto error;
1539 }
1540
1541 /* Change Local UART baudrate to high speed UART */
1542 userial_vendor_set_baud(USERIAL_BAUD_3M);
1543
1544 /* Flow on after changing local uart baudrate */
1545 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1546 {
1547 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1548 return err;
1549 }
1550
1551 /* Wait for command complete event */
1552 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1553 if ( err < 0) {
1554 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1555 goto error;
1556 }
1557
1558 error:
1559 return err;
1560
1561 }
1562
1563
rome_hci_reset(int fd)1564 int rome_hci_reset(int fd)
1565 {
1566 int size, err = 0;
1567 unsigned char cmd[HCI_MAX_CMD_SIZE];
1568 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1569 hci_command_hdr *cmd_hdr;
1570 int flags;
1571
1572 ALOGI("%s: HCI RESET ", __FUNCTION__);
1573
1574 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1575
1576 cmd_hdr = (void *) (cmd + 1);
1577 cmd[0] = HCI_COMMAND_PKT;
1578 cmd_hdr->opcode = HCI_RESET;
1579 cmd_hdr->plen = 0;
1580
1581 /* Total length of the packet to be sent to the Controller */
1582 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1583 err = do_write(fd, cmd, size);
1584 if (err != size) {
1585 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1586 err = -1;
1587 goto error;
1588 }
1589
1590 /* Wait for command complete event */
1591 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1592 if ( err < 0) {
1593 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1594 goto error;
1595 }
1596
1597 error:
1598 return err;
1599
1600 }
1601
rome_wipower_current_charging_status_req(int fd)1602 int rome_wipower_current_charging_status_req(int fd)
1603 {
1604 int size, err = 0;
1605 unsigned char cmd[HCI_MAX_CMD_SIZE];
1606 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1607 hci_command_hdr *cmd_hdr;
1608 int flags;
1609
1610 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1611
1612 cmd_hdr = (void *) (cmd + 1);
1613 cmd[0] = HCI_COMMAND_PKT;
1614 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1615 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1616 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1617
1618 /* Total length of the packet to be sent to the Controller */
1619 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1620
1621 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1622 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1623
1624 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1625 if ( err != size) {
1626 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1627 goto error;
1628 }
1629
1630 /* Check for response from the Controller */
1631 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1632 err = -ETIMEDOUT;
1633 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1634 goto error;
1635 }
1636
1637 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1638 if (rsp[4] >= NON_WIPOWER_MODE) {
1639 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1640 if (err < 0) {
1641 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1642 goto error;
1643 }
1644 }
1645
1646 error:
1647 return err;
1648 }
1649
addon_feature_req(int fd)1650 int addon_feature_req(int fd)
1651 {
1652 int size, err = 0;
1653 unsigned char cmd[HCI_MAX_CMD_SIZE];
1654 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1655 hci_command_hdr *cmd_hdr;
1656 int flags;
1657
1658 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1659
1660 cmd_hdr = (void *) (cmd + 1);
1661 cmd[0] = HCI_COMMAND_PKT;
1662 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1663 cmd_hdr->plen = 0x00;
1664
1665 /* Total length of the packet to be sent to the Controller */
1666 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1667
1668 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1669 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1670 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1671 if ( err != size) {
1672 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1673 goto error;
1674 }
1675
1676 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1677 if (err < 0) {
1678 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1679 goto error;
1680 }
1681 error:
1682 return err;
1683 }
1684
1685
check_embedded_mode(int fd)1686 int check_embedded_mode(int fd) {
1687 int err = 0;
1688
1689 wipower_flag = 0;
1690 /* Get current wipower charging status */
1691 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1692 {
1693 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1694 }
1695 usleep(500);
1696
1697 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1698
1699 return wipower_flag;
1700 }
1701
rome_get_addon_feature_list(int fd)1702 int rome_get_addon_feature_list(int fd) {
1703 int err = 0;
1704
1705 /* Get addon features that are supported by FW */
1706 if ((err = addon_feature_req(fd)) < 0)
1707 {
1708 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1709 }
1710 return err;
1711 }
1712
rome_wipower_forward_handoff_req(int fd)1713 int rome_wipower_forward_handoff_req(int fd)
1714 {
1715 int size, err = 0;
1716 unsigned char cmd[HCI_MAX_CMD_SIZE];
1717 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1718 hci_command_hdr *cmd_hdr;
1719 int flags;
1720
1721 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1722
1723 cmd_hdr = (void *) (cmd + 1);
1724 cmd[0] = HCI_COMMAND_PKT;
1725 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1726 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1727 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1728
1729 /* Total length of the packet to be sent to the Controller */
1730 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1731
1732 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1733 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1734 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1735 if ( err != size) {
1736 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1737 goto error;
1738 }
1739
1740 /* Check for response from the Controller */
1741 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1742 err = -ETIMEDOUT;
1743 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1744 goto error;
1745 }
1746
1747 error:
1748 return err;
1749 }
1750
1751
enable_controller_log(int fd,unsigned char wait_for_evt)1752 void enable_controller_log (int fd, unsigned char wait_for_evt)
1753 {
1754 int ret = 0;
1755 /* VS command to enable controller logging to the HOST. By default it is disabled */
1756 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1757 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1758 char value[PROPERTY_VALUE_MAX] = {'\0'};
1759
1760 property_get("persist.service.bdroid.soclog", value, "false");
1761
1762 // value at cmd[5]: 1 - to enable, 0 - to disable
1763 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1764 ALOGI("%s: %d", __func__, ret);
1765 /* Ignore vsc evt if wait_for_evt is true */
1766 if (wait_for_evt) wait_vsc_evt = FALSE;
1767
1768 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1769 if (ret != 6) {
1770 ALOGE("%s: command failed", __func__);
1771 }
1772 /*Ignore hci_event if wait_for_evt is true*/
1773 if (wait_for_evt)
1774 goto end;
1775 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1776 if (ret < 0) {
1777 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1778 }
1779 end:
1780 wait_vsc_evt = TRUE;
1781 return;
1782 }
1783
1784
1785 /* This function is called with q_lock held and q is non-NULL */
disable_internal_ldo(int fd)1786 static int disable_internal_ldo(int fd)
1787 {
1788 int ret = 0;
1789 if (q->enable_extldo) {
1790 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1791 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1792
1793 ALOGI(" %s ", __FUNCTION__);
1794 ret = do_write(fd, cmd, 5);
1795 if (ret != 5) {
1796 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1797 ret = -1;
1798 } else {
1799 /* Wait for command complete event */
1800 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1801 if ( ret < 0) {
1802 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1803 }
1804 }
1805 }
1806 return ret;
1807 }
1808
rome_soc_init(int fd,char * bdaddr)1809 int rome_soc_init(int fd, char *bdaddr)
1810 {
1811 int err = -1, size = 0;
1812 dnld_fd = fd;
1813 ALOGI(" %s ", __FUNCTION__);
1814 RESERVED(bdaddr);
1815
1816 /* If wipower charging is going on in embedded mode then start hand off req */
1817 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1818 {
1819 wipower_flag = 0;
1820 wipower_handoff_ready = 0;
1821 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1822 {
1823 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1824 }
1825 }
1826
1827 /* Get Rome version information */
1828 if((err = rome_patch_ver_req(fd)) <0){
1829 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1830 goto error;
1831 }
1832
1833 ALOGI("%s: Chipset Version (0x%08x)", __FUNCTION__, chipset_ver);
1834
1835 switch (chipset_ver){
1836 case ROME_VER_1_0:
1837 {
1838 /* Set and Download the RAMPATCH */
1839 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1840 err = rome_download_rampatch(fd);
1841 if (err < 0) {
1842 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1843 goto error;
1844 }
1845 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1846
1847 /* Attach the RAMPATCH */
1848 ALOGI("%s: Attaching the patches", __FUNCTION__);
1849 err = rome_attach_rampatch(fd);
1850 if (err < 0) {
1851 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1852 goto error;
1853 }
1854 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1855
1856 /* Send Reset */
1857 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1858 err = rome_rampatch_reset(fd);
1859 if ( err < 0 ) {
1860 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1861 goto error;
1862 }
1863
1864 /* NVM download */
1865 ALOGI("%s: Downloading NVM", __FUNCTION__);
1866 err = rome_1_0_nvm_tag_dnld(fd);
1867 if ( err <0 ) {
1868 ALOGE("Downloading NVM Failed !!");
1869 goto error;
1870 }
1871
1872 /* Change baud rate 115.2 kbps to 3Mbps*/
1873 err = rome_hci_reset_req(fd);
1874 if (err < 0) {
1875 ALOGE("HCI Reset Failed !!");
1876 goto error;
1877 }
1878
1879 ALOGI("HCI Reset is done\n");
1880 }
1881 break;
1882 case ROME_VER_1_1:
1883 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1884 nvm_file_path = ROME_NVM_TLV_PATH;
1885 goto download;
1886 case ROME_VER_1_3:
1887 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1888 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1889 goto download;
1890 case ROME_VER_2_1:
1891 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1892 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1893 goto download;
1894 case ROME_VER_3_0:
1895 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1896 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1897 fw_su_info = ROME_3_1_FW_SU;
1898 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1899 goto download;
1900 case ROME_VER_3_2:
1901 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1902 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1903 fw_su_info = ROME_3_2_FW_SU;
1904 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1905
1906 download:
1907 /* Change baud rate 115.2 kbps to 3Mbps*/
1908 err = rome_set_baudrate_req(fd);
1909 if (err < 0) {
1910 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1911 goto error;
1912 }
1913 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1914 /* Donwload TLV files (rampatch, NVM) */
1915 err = rome_download_tlv_file(fd);
1916 if (err < 0) {
1917 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1918 goto error;
1919 }
1920 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1921
1922 /* Get SU FM label information */
1923 if((err = rome_get_build_info_req(fd)) <0){
1924 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1925 //Ignore the failure of ROME FW SU label information
1926 err = 0;
1927 }
1928
1929 /* Disable internal LDO to use external LDO instead*/
1930 err = disable_internal_ldo(fd);
1931
1932 /* Send HCI Reset */
1933 err = rome_hci_reset(fd);
1934 if ( err <0 ) {
1935 ALOGE("HCI Reset Failed !!");
1936 goto error;
1937 }
1938
1939 ALOGI("HCI Reset is done\n");
1940
1941 break;
1942 default:
1943 ALOGI("%s: Detected unknown SoC version: 0x%08x", __FUNCTION__, chipset_ver);
1944 err = -1;
1945 break;
1946 }
1947
1948 error:
1949 dnld_fd = -1;
1950 return err;
1951 }
1952