1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <termios.h>
50 #include <string.h>
51 #include <stdbool.h>
52 #include "bt_hci_bdroid.h"
53 #include "bt_vendor_qcom.h"
54 #include "hci_uart.h"
55 #include "hw_rome.h"
56
57 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt"
58
59 #ifdef __cplusplus
60 }
61 #endif
62
63 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
64
65 int read_vs_hci_event(int fd, unsigned char* buf, int size);
66
67 /******************************************************************************
68 ** Variables
69 ******************************************************************************/
70 FILE *file;
71 unsigned char *phdr_buffer;
72 unsigned char *pdata_buffer = NULL;
73 patch_info rampatch_patch_info;
74 int chipset_ver = 0;
75 unsigned char gTlv_type;
76 unsigned char gTlv_dwndCfg;
77 static unsigned int wipower_flag = 0;
78 static unsigned int wipower_handoff_ready = 0;
79 char *rampatch_file_path = NULL;
80 char *nvm_file_path = NULL;
81 char *fw_su_info = NULL;
82 unsigned short fw_su_offset =0;
83 extern char enable_extldo;
84 unsigned char wait_vsc_evt = TRUE;
85 bool patch_dnld_pending = FALSE;
86 int dnld_fd = -1;
87
88 /******************************************************************************
89 ** Extern variables
90 ******************************************************************************/
91
92 /*****************************************************************************
93 ** Functions
94 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)95 int do_write(int fd, unsigned char *buf,int len)
96 {
97 int ret = 0;
98 int write_offset = 0;
99 int write_len = len;
100 do {
101 ret = write(fd,buf+write_offset,write_len);
102 if (ret < 0)
103 {
104 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
105 return -1;
106 } else if (ret == 0) {
107 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
108 return 0;
109 } else {
110 if (ret < write_len) {
111 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
112 strerror(errno));
113 write_len = write_len - ret;
114 write_offset = ret;
115 } else {
116 ALOGV("Write successful");
117 break;
118 }
119 }
120 } while(1);
121 return len;
122 }
123
get_vs_hci_event(unsigned char * rsp)124 int get_vs_hci_event(unsigned char *rsp)
125 {
126 int err = 0;
127 unsigned char paramlen = 0;
128 unsigned char EMBEDDED_MODE_CHECK = 0x02;
129 FILE *btversionfile = 0;
130 unsigned int soc_id = 0;
131 unsigned int productid = 0;
132 unsigned short patchversion = 0;
133 char build_label[255];
134 int build_lbl_len;
135 unsigned short buildversion = 0;
136
137 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
138 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
139 else {
140 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
141 err = -EIO;
142 goto failed;
143 }
144
145 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
146 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
147 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
148
149 /* Check the status of the operation */
150 switch ( rsp[CMD_RSP_OFFSET] )
151 {
152 case EDL_CMD_REQ_RES_EVT:
153 ALOGI("%s: Command Request Response", __FUNCTION__);
154 switch(rsp[RSP_TYPE_OFFSET])
155 {
156 case EDL_PATCH_VER_RES_EVT:
157 case EDL_APP_VER_RES_EVT:
158 ALOGI("\t Current Product ID\t\t: 0x%08x",
159 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
160 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
161 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
162 rsp[PATCH_PROD_ID_OFFSET] ));
163
164 /* Patch Version indicates FW patch version */
165 ALOGI("\t Current Patch Version\t\t: 0x%04x",
166 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
167 rsp[PATCH_PATCH_VER_OFFSET] )));
168
169 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
170 ALOGI("\t Current ROM Build Version\t: 0x%04x", buildversion =
171 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
172 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
173
174 /* In case rome 1.0/1.1, there is no SOC ID version available */
175 if (paramlen - 10)
176 {
177 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
178 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
179 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
180 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
181 rsp[PATCH_SOC_VER_OFFSET] ));
182 }
183
184 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) {
185 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid);
186 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion);
187 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", buildversion);
188 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id);
189 fclose(btversionfile);
190 }else {
191 ALOGI("Failed to dump SOC version info. Errno:%d", errno);
192 }
193 /* Rome Chipset Version can be decided by Patch version and SOC version,
194 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
195 used for SOC as combination for BT host driver */
196 chipset_ver = (buildversion << 16) |(soc_id & 0x0000ffff);
197
198 break;
199 case EDL_TVL_DNLD_RES_EVT:
200 case EDL_CMD_EXE_STATUS_EVT:
201 switch (err = rsp[CMD_STATUS_OFFSET])
202 {
203 case HCI_CMD_SUCCESS:
204 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
205 break;
206 case PATCH_LEN_ERROR:
207 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
208 "SET REQ cmd", __FUNCTION__);
209 break;
210 case PATCH_VER_ERROR:
211 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
212 "SET REQ cmd", __FUNCTION__);
213 break;
214 case PATCH_CRC_ERROR:
215 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
216 break;
217 case PATCH_NOT_FOUND:
218 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
219 break;
220 case TLV_TYPE_ERROR:
221 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
222 break;
223 default:
224 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
225 break;
226 }
227 break;
228 case HCI_VS_GET_BUILD_VER_EVT:
229 build_lbl_len = rsp[5];
230 memcpy (build_label, &rsp[6], build_lbl_len);
231 *(build_label+build_lbl_len) = '\0';
232
233 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
234 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) {
235 fprintf(btversionfile, "Bluetooth Contoller SU Build info : %s\n", build_label);
236 fclose(btversionfile);
237 } else {
238 ALOGI("Failed to dump FW SU build info. Errno:%d", errno);
239 }
240 break;
241 }
242 break;
243
244 case NVM_ACCESS_CODE:
245 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
246 err = HCI_CMD_SUCCESS;
247 break;
248 case EDL_SET_BAUDRATE_RSP_EVT:
249 /* Rome 1.1 has bug with the response, so it should ignore it. */
250 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
251 {
252 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
253 rsp[CMD_STATUS_OFFSET]);
254 err = -1;
255 }
256 break;
257 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
258 /* Query charging command has below return values
259 0 - in embedded mode not charging
260 1 - in embedded mode and charging
261 2 - hadofff completed and in normal mode
262 3 - no wipower supported on mtp. so irrepective of charging
263 handoff command has to be sent if return values are 0 or 1.
264 These change include logic to enable generic BT turn on sequence.*/
265 if (rsp[4] < EMBEDDED_MODE_CHECK)
266 {
267 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
268 wipower_handoff_ready = rsp[4];
269 wipower_flag = 1;
270 }
271 break;
272 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
273 /*TODO: rsp code 00 mean no charging
274 this is going to change in FW soon*/
275 if (rsp[4] == NON_WIPOWER_MODE)
276 {
277 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
278 }
279 break;
280 case HCI_VS_GET_ADDON_FEATURES_EVENT:
281 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
282 {
283 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
284 property_set("persist.bluetooth.a4wp", "true");
285 }
286 break;
287 case HCI_VS_STRAY_EVT:
288 /* WAR to handle stray Power Apply EVT during patch download */
289 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
290 if (patch_dnld_pending && dnld_fd != -1)
291 {
292 unsigned char rsp[HCI_MAX_EVENT_SIZE];
293 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
294 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
295 }
296 else
297 {
298 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
299 err = -1;
300 }
301 break;
302 default:
303 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
304 err = -1;
305 break;
306 }
307
308 failed:
309 return err;
310 }
311
312
313 /*
314 * Read an VS HCI event from the given file descriptor.
315 */
read_vs_hci_event(int fd,unsigned char * buf,int size)316 int read_vs_hci_event(int fd, unsigned char* buf, int size)
317 {
318 int remain, r;
319 int count = 0, i;
320
321 if (size <= 0) {
322 ALOGE("Invalid size arguement!");
323 return -1;
324 }
325
326 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
327
328 /* The first byte identifies the packet type. For HCI event packets, it
329 * should be 0x04, so we read until we get to the 0x04. */
330 /* It will keep reading until find 0x04 byte */
331 while (1) {
332 r = read(fd, buf, 1);
333 if (r <= 0)
334 return -1;
335 if (buf[0] == 0x04)
336 break;
337 }
338 count++;
339
340 /* The next two bytes are the event code and parameter total length. */
341 while (count < 3) {
342 r = read(fd, buf + count, 3 - count);
343 if ((r <= 0) || (buf[1] != 0xFF )) {
344 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
345 return -1;
346 }
347 count += r;
348 }
349
350 /* Now we read the parameters. */
351 if (buf[2] < (size - 3))
352 remain = buf[2];
353 else
354 remain = size - 3;
355
356 while ((count - 3) < remain) {
357 r = read(fd, buf + count, remain - (count - 3));
358 if (r <= 0)
359 return -1;
360 count += r;
361 }
362
363 /* Check if the set patch command is successful or not */
364 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
365 return -1;
366
367 return count;
368 }
369
370 /*
371 * For Hand-Off related Wipower commands, Command complete arrives first and
372 * the followd with VS event
373 *
374 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)375 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
376 {
377 int ret = 0;
378 int err = 0;
379
380 /* Send the HCI command packet to UART for transmission */
381 ret = do_write(fd, cmd, size);
382 if (ret != size) {
383 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
384 goto failed;
385 }
386
387 /* Wait for command complete event */
388 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
389 if ( err < 0) {
390 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
391 goto failed;
392 }
393
394 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
395 failed:
396 return ret;
397 }
398
399
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)400 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
401 {
402 int ret = 0;
403
404 /* Send the HCI command packet to UART for transmission */
405 ret = do_write(fd, cmd, size);
406 if (ret != size) {
407 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
408 goto failed;
409 }
410
411 if (wait_vsc_evt) {
412 /* Check for response from the Controller */
413 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
414 ret = -ETIMEDOUT;
415 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
416 goto failed;
417 }
418 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
419 }
420
421 failed:
422 return ret;
423 }
424
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)425 void frame_hci_cmd_pkt(
426 unsigned char *cmd,
427 int edl_cmd, unsigned int p_base_addr,
428 int segtNo, int size
429 )
430 {
431 int offset = 0;
432 hci_command_hdr *cmd_hdr;
433
434 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
435
436 cmd_hdr = (void *) (cmd + 1);
437
438 cmd[0] = HCI_COMMAND_PKT;
439 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
440 cmd_hdr->plen = size;
441 cmd[4] = edl_cmd;
442
443 switch (edl_cmd)
444 {
445 case EDL_PATCH_SET_REQ_CMD:
446 /* Copy the patch header info as CMD params */
447 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
448 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
449 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
450 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
451 break;
452 case EDL_PATCH_DLD_REQ_CMD:
453 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
454 p_base_addr += offset;
455 cmd_hdr->plen = (size + 6);
456 cmd[5] = (size + 4);
457 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
458 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
459 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
460 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
461 memcpy(&cmd[10], (pdata_buffer + offset), size);
462
463 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
464 __FUNCTION__, size);
465 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
466 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
467 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
468 break;
469 case EDL_PATCH_ATCH_REQ_CMD:
470 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
471 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
472 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
473 break;
474 case EDL_PATCH_RST_REQ_CMD:
475 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
476 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
477 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
478 break;
479 case EDL_PATCH_VER_REQ_CMD:
480 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
481 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
482 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
483 break;
484 case EDL_PATCH_TLV_REQ_CMD:
485 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
486 /* Parameter Total Length */
487 cmd[3] = size +2;
488
489 /* TLV Segment Length */
490 cmd[5] = size;
491 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
492 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
493 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
494 memcpy(&cmd[6], (pdata_buffer + offset), size);
495 break;
496 case EDL_GET_BUILD_INFO:
497 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
498 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
499 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
500 break;
501 default:
502 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
503 }
504 }
505
rome_extract_patch_header_info(unsigned char * buf)506 void rome_extract_patch_header_info(unsigned char *buf)
507 {
508 int index;
509
510 /* Extract patch id */
511 for (index = 0; index < 4; index++)
512 rampatch_patch_info.patch_id |=
513 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
514
515 /* Extract (ROM and BUILD) version information */
516 for (index = 0; index < 2; index++)
517 rampatch_patch_info.patch_ver.rom_version |=
518 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
519
520 for (index = 0; index < 2; index++)
521 rampatch_patch_info.patch_ver.build_version |=
522 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
523
524 /* Extract patch base and entry addresses */
525 for (index = 0; index < 4; index++)
526 rampatch_patch_info.patch_base_addr |=
527 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
528
529 /* Patch BASE & ENTRY addresses are same */
530 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
531
532 /* Extract total length of the patch payload */
533 for (index = 0; index < 4; index++)
534 rampatch_patch_info.patch_length |=
535 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
536
537 /* Extract the CRC checksum of the patch payload */
538 for (index = 0; index < 4; index++)
539 rampatch_patch_info.patch_crc |=
540 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
541
542 /* Extract patch control value */
543 for (index = 0; index < 4; index++)
544 rampatch_patch_info.patch_ctrl |=
545 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
546
547 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
548 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
549 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
550 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
551 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
552 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
553 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
554
555 }
556
rome_edl_set_patch_request(int fd)557 int rome_edl_set_patch_request(int fd)
558 {
559 int size, err;
560 unsigned char cmd[HCI_MAX_CMD_SIZE];
561 unsigned char rsp[HCI_MAX_EVENT_SIZE];
562
563 /* Frame the HCI CMD to be sent to the Controller */
564 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
565 -1, PATCH_HDR_LEN + 1);
566
567 /* Total length of the packet to be sent to the Controller */
568 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
569
570 /* Send HCI Command packet to Controller */
571 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
572 if ( err != size) {
573 ALOGE("Failed to set the patch info to the Controller!");
574 goto error;
575 }
576
577 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
578 if ( err < 0) {
579 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
580 goto error;
581 }
582 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
583 error:
584 return err;
585 }
586
rome_edl_patch_download_request(int fd)587 int rome_edl_patch_download_request(int fd)
588 {
589 int no_of_patch_segment;
590 int index = 1, err = 0, size = 0;
591 unsigned int p_base_addr;
592 unsigned char cmd[HCI_MAX_CMD_SIZE];
593 unsigned char rsp[HCI_MAX_EVENT_SIZE];
594
595 no_of_patch_segment = (rampatch_patch_info.patch_length /
596 MAX_DATA_PER_SEGMENT);
597 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
598 __FUNCTION__, no_of_patch_segment,
599 rampatch_patch_info.patch_base_addr);
600
601 /* Initialize the patch base address from the one read from bin file */
602 p_base_addr = rampatch_patch_info.patch_base_addr;
603
604 /*
605 * Depending upon size of the patch payload, download the patches in
606 * segments with a max. size of 239 bytes
607 */
608 for (index = 1; index <= no_of_patch_segment; index++) {
609
610 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
611
612 /* Frame the HCI CMD PKT to be sent to Controller*/
613 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
614 index, MAX_DATA_PER_SEGMENT);
615
616 /* Total length of the packet to be sent to the Controller */
617 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
618
619 /* Initialize the RSP packet everytime to 0 */
620 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
621
622 /* Send HCI Command packet to Controller */
623 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
624 if ( err != size) {
625 ALOGE("Failed to send the patch payload to the Controller!");
626 goto error;
627 }
628
629 /* Read Command Complete Event */
630 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
631 if ( err < 0) {
632 ALOGE("%s: Failed to downlaod patch segment: %d!",
633 __FUNCTION__, index);
634 goto error;
635 }
636 ALOGI("%s: Successfully downloaded patch segment: %d",
637 __FUNCTION__, index);
638 }
639
640 /* Check if any pending patch data to be sent */
641 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
642 rampatch_patch_info.patch_length :
643 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
644
645 if (size)
646 {
647 /* Frame the HCI CMD PKT to be sent to Controller*/
648 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
649
650 /* Initialize the RSP packet everytime to 0 */
651 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
652
653 /* Total length of the packet to be sent to the Controller */
654 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
655
656 /* Send HCI Command packet to Controller */
657 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
658 if ( err != size) {
659 ALOGE("Failed to send the patch payload to the Controller!");
660 goto error;
661 }
662
663 /* Read Command Complete Event */
664 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
665 if ( err < 0) {
666 ALOGE("%s: Failed to downlaod patch segment: %d!",
667 __FUNCTION__, index);
668 goto error;
669 }
670
671 ALOGI("%s: Successfully downloaded patch segment: %d",
672 __FUNCTION__, index);
673 }
674
675 error:
676 return err;
677 }
678
rome_download_rampatch(int fd)679 static int rome_download_rampatch(int fd)
680 {
681 int c, tmp, size, index, ret = -1;
682
683 ALOGI("%s: ", __FUNCTION__);
684
685 /* Get handle to the RAMPATCH binary file */
686 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
687 file = fopen(ROME_FW_PATH, "r");
688 if (file == NULL) {
689 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
690 __FUNCTION__);
691 return -ENFILE;
692 }
693
694 /* Allocate memory for the patch headder info */
695 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
696 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
697 if (phdr_buffer == NULL) {
698 ALOGE("%s: Failed to allocate memory for patch header",
699 __FUNCTION__);
700 goto phdr_alloc_failed;
701 }
702 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
703 phdr_buffer[index] = 0x0;
704
705 /* Read 28 bytes of patch header information */
706 ALOGI("%s: Reading patch header info", __FUNCTION__);
707 index = 0;
708 do {
709 c = fgetc (file);
710 phdr_buffer[index++] = (unsigned char)c;
711 } while (index != PATCH_HDR_LEN);
712
713 /* Save the patch header info into local structure */
714 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
715 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
716
717 /* Set the patch header info onto the Controller */
718 ret = rome_edl_set_patch_request(fd);
719 if (ret < 0) {
720 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
721 goto pdata_alloc_failed;
722 }
723
724 /* Allocate memory for the patch payload */
725 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
726 size = rampatch_patch_info.patch_length;
727 pdata_buffer = (unsigned char *) malloc(size+1);
728 if (pdata_buffer == NULL) {
729 ALOGE("%s: Failed to allocate memory for patch payload",
730 __FUNCTION__);
731 goto pdata_alloc_failed;
732 }
733 for (index = 0; index < size+1; index++)
734 pdata_buffer[index] = 0x0;
735
736 /* Read the patch data from Rampatch binary image */
737 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
738 index = 0;
739 do {
740 c = fgetc (file);
741 pdata_buffer[index++] = (unsigned char)c;
742 } while (c != EOF);
743
744 /* Downloading patches in segments to controller */
745 ret = rome_edl_patch_download_request(fd);
746 if (ret < 0) {
747 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
748 goto cleanup;
749 }
750 cleanup:
751 free(pdata_buffer);
752 pdata_alloc_failed:
753 free(phdr_buffer);
754 phdr_alloc_failed:
755 fclose(file);
756 error:
757 return ret;
758 }
759
rome_attach_rampatch(int fd)760 int rome_attach_rampatch(int fd)
761 {
762 int size, err;
763 unsigned char cmd[HCI_MAX_CMD_SIZE];
764 unsigned char rsp[HCI_MAX_EVENT_SIZE];
765
766 /* Frame the HCI CMD to be sent to the Controller */
767 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
768 -1, EDL_PATCH_CMD_LEN);
769
770 /* Total length of the packet to be sent to the Controller */
771 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
772
773 /* Send HCI Command packet to Controller */
774 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
775 if ( err != size) {
776 ALOGE("Failed to attach the patch payload to the Controller!");
777 goto error;
778 }
779
780 /* Read Command Complete Event */
781 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
782 if ( err < 0) {
783 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
784 goto error;
785 }
786 error:
787 return err;
788 }
789
rome_rampatch_reset(int fd)790 int rome_rampatch_reset(int fd)
791 {
792 int size, err = 0, flags;
793 unsigned char cmd[HCI_MAX_CMD_SIZE];
794 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
795
796 /* Frame the HCI CMD to be sent to the Controller */
797 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
798 -1, EDL_PATCH_CMD_LEN);
799
800 /* Total length of the packet to be sent to the Controller */
801 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
802
803 /* Send HCI Command packet to Controller */
804 err = do_write(fd, cmd, size);
805 if (err != size) {
806 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
807 goto error;
808 }
809
810 /*
811 * Controller doesn't sends any response for the patch reset
812 * command. HOST has to wait for 100ms before proceeding.
813 */
814 nanosleep(&tm, NULL);
815
816 error:
817 return err;
818 }
819
820 /* This function is called with q_lock held and q is non-NULL */
rome_get_tlv_file(char * file_path)821 int rome_get_tlv_file(char *file_path)
822 {
823 FILE * pFile;
824 long fileSize;
825 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
826 unsigned short nvm_tag_len;
827 tlv_patch_info *ptlv_header;
828 tlv_nvm_hdr *nvm_ptr;
829 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
830 unsigned char *nvm_byte_ptr;
831
832 ALOGI("File Open (%s)", file_path);
833 pFile = fopen ( file_path , "r" );
834 if (pFile==NULL) {;
835 ALOGE("%s File Open Fail", file_path);
836 return -1;
837 }
838
839 /* Get File Size */
840 fseek (pFile , 0 , SEEK_END);
841 fileSize = ftell (pFile);
842 rewind (pFile);
843
844 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
845 if (pdata_buffer == NULL) {
846 ALOGE("Allocated Memory failed");
847 fclose (pFile);
848 return -1;
849 }
850
851 /* Copy file into allocated buffer */
852 readSize = fread (pdata_buffer,1,fileSize,pFile);
853
854 /* File Close */
855 fclose (pFile);
856
857 if (readSize != fileSize) {
858 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
859 return -1;
860 }
861
862 ptlv_header = (tlv_patch_info *) pdata_buffer;
863
864 /* To handle different event between rampatch and NVM */
865 gTlv_type = ptlv_header->tlv_type;
866 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
867
868 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
869 ALOGI("====================================================");
870 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
871 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
872 (ptlv_header->tlv_length2 << 8) |
873 (ptlv_header->tlv_length3 << 16));
874 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
875 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
876 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
877 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
878 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
879 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
880 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
881 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
882 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
883 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
884 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
885 ALOGI("====================================================");
886
887 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
888 ALOGI("====================================================");
889 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
890 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
891 (ptlv_header->tlv_length2 << 8) |
892 (ptlv_header->tlv_length3 << 16));
893
894 if(nvm_length <= 0)
895 return readSize;
896
897 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
898 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
899 {
900 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
901 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
902 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
903 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
904
905 /* Increase nvm_index to NVM data */
906 nvm_index+=sizeof(tlv_nvm_hdr);
907 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
908
909 /* Write BD Address */
910 if(nvm_ptr->tag_id == TAG_NUM_2){
911 memcpy(nvm_byte_ptr, q->bdaddr, 6);
912 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
913 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
914 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
915 }
916
917 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
918 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
919
920 ALOGI("TAG Data\t\t\t : %s", data_buf);
921
922 /* Clear buffer */
923 memset(data_buf, 0x0, PRINT_BUF_SIZE);
924
925 /* increased by tag_len */
926 nvm_index+=nvm_ptr->tag_len;
927 nvm_byte_ptr +=nvm_ptr->tag_len;
928 }
929
930 ALOGI("====================================================");
931
932 } else {
933 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
934 }
935
936 return readSize;
937 }
938
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)939 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
940 {
941 int size=0, err = -1;
942 unsigned char cmd[HCI_MAX_CMD_SIZE];
943 unsigned char rsp[HCI_MAX_EVENT_SIZE];
944
945 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
946
947 /* Frame the HCI CMD PKT to be sent to Controller*/
948 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
949
950 /* Total length of the packet to be sent to the Controller */
951 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
952
953 /* Initialize the RSP packet everytime to 0 */
954 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
955
956 /* Send HCI Command packet to Controller */
957 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
958 if ( err != size) {
959 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
960 return err;
961 }
962
963 if(wait_cc_evt) {
964 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
965 if ( err < 0) {
966 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
967 return err;
968 }
969 }
970
971 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
972 return err;
973 }
974
rome_tlv_dnld_req(int fd,int tlv_size)975 int rome_tlv_dnld_req(int fd, int tlv_size)
976 {
977 int total_segment, remain_size, i, err = -1;
978 unsigned char wait_cc_evt = TRUE;
979
980 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
981 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
982 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
983
984 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
985 __FUNCTION__,tlv_size, total_segment, remain_size);
986
987 if (gTlv_type == TLV_TYPE_PATCH) {
988 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
989 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
990 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
991 */
992 switch(gTlv_dwndCfg)
993 {
994 case ROME_SKIP_EVT_NONE:
995 wait_vsc_evt = TRUE;
996 wait_cc_evt = TRUE;
997 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
998 break;
999 case ROME_SKIP_EVT_VSE_CC:
1000 wait_vsc_evt = FALSE;
1001 wait_cc_evt = FALSE;
1002 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
1003 break;
1004 /* Not handled for now */
1005 case ROME_SKIP_EVT_VSE:
1006 case ROME_SKIP_EVT_CC:
1007 default:
1008 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
1009 break;
1010 }
1011 } else {
1012 wait_vsc_evt = TRUE;
1013 wait_cc_evt = TRUE;
1014 }
1015
1016 for(i=0;i<total_segment ;i++){
1017 if ((i+1) == total_segment) {
1018 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1019 /* If the Rome version is from 1.1 to 3.1
1020 * 1. No CCE for the last command segment but all other segment
1021 * 2. All the command segments get VSE including the last one
1022 */
1023 wait_cc_evt = !remain_size ? FALSE: TRUE;
1024 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1025 /* If the Rome version is 3.2
1026 * 1. None of the command segments receive CCE
1027 * 2. No command segments receive VSE except the last one
1028 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1029 * same as Rome 2.1, 2.2, 3.0
1030 */
1031 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1032 wait_cc_evt = !remain_size ? FALSE: TRUE;
1033 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1034 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1035 }
1036 }
1037 }
1038
1039 patch_dnld_pending = TRUE;
1040 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1041 goto error;
1042 patch_dnld_pending = FALSE;
1043 }
1044
1045 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1046 /* If the Rome version is from 1.1 to 3.1
1047 * 1. No CCE for the last command segment but all other segment
1048 * 2. All the command segments get VSE including the last one
1049 */
1050 wait_cc_evt = remain_size ? FALSE: TRUE;
1051 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1052 /* If the Rome version is 3.2
1053 * 1. None of the command segments receive CCE
1054 * 2. No command segments receive VSE except the last one
1055 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1056 * same as Rome 2.1, 2.2, 3.0
1057 */
1058 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1059 wait_cc_evt = remain_size ? FALSE: TRUE;
1060 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1061 wait_vsc_evt = remain_size ? TRUE: FALSE;
1062 }
1063 }
1064 patch_dnld_pending = TRUE;
1065 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1066 patch_dnld_pending = FALSE;
1067 error:
1068 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1069 return err;
1070 }
1071
rome_download_tlv_file(int fd)1072 int rome_download_tlv_file(int fd)
1073 {
1074 int tlv_size, err = -1;
1075
1076 /* Rampatch TLV file Downloading */
1077 pdata_buffer = NULL;
1078 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1079 goto error;
1080
1081 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1082 goto error;
1083
1084 if (pdata_buffer != NULL){
1085 free (pdata_buffer);
1086 pdata_buffer = NULL;
1087 }
1088 nvm_download:
1089 if(!nvm_file_path) {
1090 ALOGI("%s: nvm file is not available", __FUNCTION__);
1091 err = 0; // in case of nvm/rampatch is not available
1092 goto error;
1093 }
1094
1095 /* NVM TLV file Downloading */
1096 if((tlv_size = rome_get_tlv_file(nvm_file_path)) <= 0)
1097 goto error;
1098
1099 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1100 goto error;
1101
1102 error:
1103 if (pdata_buffer != NULL)
1104 free (pdata_buffer);
1105
1106 return err;
1107 }
1108
rome_1_0_nvm_tag_dnld(int fd)1109 int rome_1_0_nvm_tag_dnld(int fd)
1110 {
1111 int i, size, err = 0;
1112 unsigned char cmd[HCI_MAX_CMD_SIZE];
1113 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1114
1115 #if (NVM_VERSION >= ROME_1_0_100019)
1116 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1117 {
1118 /* Tag 2 */ /* BD Address */
1119 { /* Packet Type */HCI_COMMAND_PKT,
1120 /* Opcode */ 0x0b,0xfc,
1121 /* Total Len */ 9,
1122 /* NVM CMD */ NVM_ACCESS_SET,
1123 /* Tag Num */ 2,
1124 /* Tag Len */ 6,
1125 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1126 },
1127 /* Tag 6 */ /* Bluetooth Support Features */
1128 { /* Packet Type */HCI_COMMAND_PKT,
1129 /* Opcode */ 0x0b,0xfc,
1130 /* Total Len */ 11,
1131 /* NVM CMD */ NVM_ACCESS_SET,
1132 /* Tag Num */ 6,
1133 /* Tag Len */ 8,
1134 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1135 },
1136 /* Tag 17 */ /* HCI Transport Layer Setting */
1137 { /* Packet Type */HCI_COMMAND_PKT,
1138 /* Opcode */ 0x0b,0xfc,
1139 /* Total Len */ 11,
1140 /* NVM CMD */ NVM_ACCESS_SET,
1141 /* Tag Num */ 17,
1142 /* Tag Len */ 8,
1143 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1144 },
1145 /* Tag 35 */
1146 { /* Packet Type */HCI_COMMAND_PKT,
1147 /* Opcode */ 0x0b,0xfc,
1148 /* Total Len */ 58,
1149 /* NVM CMD */ NVM_ACCESS_SET,
1150 /* Tag Num */ 35,
1151 /* Tag Len */ 55,
1152 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1153 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1154 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1155 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1156 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1157 0x1B, 0x14, 0x01, 0x04, 0x48
1158 },
1159 /* Tag 36 */
1160 { /* Packet Type */HCI_COMMAND_PKT,
1161 /* Opcode */ 0x0b,0xfc,
1162 /* Total Len */ 15,
1163 /* NVM CMD */ NVM_ACCESS_SET,
1164 /* Tag Num */ 36,
1165 /* Tag Len */ 12,
1166 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1167 },
1168 /* Tag 39 */
1169 { /* Packet Type */HCI_COMMAND_PKT,
1170 /* Opcode */ 0x0b,0xfc,
1171 /* Total Len */ 7,
1172 /* NVM CMD */ NVM_ACCESS_SET,
1173 /* Tag Num */ 39,
1174 /* Tag Len */ 4,
1175 /* Tag Value */ 0x12,0x00,0x00,0x00
1176 },
1177 /* Tag 41 */
1178 { /* Packet Type */HCI_COMMAND_PKT,
1179 /* Opcode */ 0x0b,0xfc,
1180 /* Total Len */ 91,
1181 /* NVM CMD */ NVM_ACCESS_SET,
1182 /* Tag Num */ 41,
1183 /* Tag Len */ 88,
1184 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1185 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1186 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1187 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1188 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1189 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1190 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1191 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1192 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1193 },
1194 /* Tag 42 */
1195 { /* Packet Type */HCI_COMMAND_PKT,
1196 /* Opcode */ 0x0b,0xfc,
1197 /* Total Len */ 63,
1198 /* NVM CMD */ NVM_ACCESS_SET,
1199 /* Tag Num */ 42,
1200 /* Tag Len */ 60,
1201 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1202 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1203 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1204 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1205 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1206 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1207 },
1208 /* Tag 84 */
1209 { /* Packet Type */HCI_COMMAND_PKT,
1210 /* Opcode */ 0x0b,0xfc,
1211 /* Total Len */ 153,
1212 /* NVM CMD */ NVM_ACCESS_SET,
1213 /* Tag Num */ 84,
1214 /* Tag Len */ 150,
1215 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1216 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1217 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1218 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1219 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1220 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1221 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1222 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1223 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1224 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1225 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1226 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1227 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1228 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1229 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1230 },
1231 /* Tag 85 */
1232 { /* Packet Type */HCI_COMMAND_PKT,
1233 /* Opcode */ 0x0b,0xfc,
1234 /* Total Len */ 119,
1235 /* NVM CMD */ NVM_ACCESS_SET,
1236 /* Tag Num */ 85,
1237 /* Tag Len */ 116,
1238 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1239 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1240 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1241 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1242 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1243 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1244 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1245 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1246 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1247 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1248 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1249 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1250 },
1251 {TAG_END}
1252 };
1253 #elif (NVM_VERSION == ROME_1_0_6002)
1254 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1255 {
1256 /* Tag 2 */
1257 { /* Packet Type */HCI_COMMAND_PKT,
1258 /* Opcode */ 0x0b,0xfc,
1259 /* Total Len */ 9,
1260 /* NVM CMD */ NVM_ACCESS_SET,
1261 /* Tag Num */ 2,
1262 /* Tag Len */ 6,
1263 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1264 },
1265 /* Tag 6 */
1266 { /* Packet Type */HCI_COMMAND_PKT,
1267 /* Opcode */ 0x0b,0xfc,
1268 /* Total Len */ 11,
1269 /* NVM CMD */ NVM_ACCESS_SET,
1270 /* Tag Num */ 6,
1271 /* Tag Len */ 8,
1272 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1273 },
1274 /* Tag 17 */
1275 { /* Packet Type */HCI_COMMAND_PKT,
1276 /* Opcode */ 0x0b,0xfc,
1277 /* Total Len */ 11,
1278 /* NVM CMD */ NVM_ACCESS_SET,
1279 /* Tag Num */ 17,
1280 /* Tag Len */ 8,
1281 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1282 },
1283 /* Tag 36 */
1284 { /* Packet Type */HCI_COMMAND_PKT,
1285 /* Opcode */ 0x0b,0xfc,
1286 /* Total Len */ 15,
1287 /* NVM CMD */ NVM_ACCESS_SET,
1288 /* Tag Num */ 36,
1289 /* Tag Len */ 12,
1290 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1291 },
1292
1293 /* Tag 39 */
1294 { /* Packet Type */HCI_COMMAND_PKT,
1295 /* Opcode */ 0x0b,0xfc,
1296 /* Total Len */ 7,
1297 /* NVM CMD */ NVM_ACCESS_SET,
1298 /* Tag Num */ 39,
1299 /* Tag Len */ 4,
1300 /* Tag Value */ 0x12,0x00,0x00,0x00
1301 },
1302
1303 /* Tag 41 */
1304 { /* Packet Type */HCI_COMMAND_PKT,
1305 /* Opcode */ 0x0b,0xfc,
1306 /* Total Len */ 199,
1307 /* NVM CMD */ NVM_ACCESS_SET,
1308 /* Tag Num */ 41,
1309 /* Tag Len */ 196,
1310 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1311 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1312 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1313 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1314 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1315 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1316 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1317 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1318 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1319 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1320 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1321 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1322 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1323 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1324 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1325 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1326 0x0B,0x01,0x03,0x00
1327 },
1328
1329 /* Tag 44 */
1330 { /* Packet Type */HCI_COMMAND_PKT,
1331 /* Opcode */ 0x0b,0xfc,
1332 /* Total Len */ 44,
1333 /* NVM CMD */ NVM_ACCESS_SET,
1334 /* Tag Num */ 44,
1335 /* Tag Len */ 41,
1336 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1337 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1338 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1339 0x00,0x14,0x01,0x02,0x03
1340 },
1341 {TAG_END}
1342 };
1343 #endif
1344
1345 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1346
1347 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1348 {
1349 /* Write BD Address */
1350 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1351 memcpy(&cmds[i][TAG_BDADDR_OFFSET], q->bdaddr, 6);
1352 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1353 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1354 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1355 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1356 }
1357 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1358 /* Send HCI Command packet to Controller */
1359 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1360 if ( err != size) {
1361 ALOGE("Failed to attach the patch payload to the Controller!");
1362 goto error;
1363 }
1364
1365 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1366 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1367 if ( err < 0) {
1368 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1369 goto error;
1370 }
1371 }
1372
1373 error:
1374 return err;
1375 }
1376
1377
1378
rome_patch_ver_req(int fd)1379 int rome_patch_ver_req(int fd)
1380 {
1381 int size, err = 0;
1382 unsigned char cmd[HCI_MAX_CMD_SIZE];
1383 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1384
1385 /* Frame the HCI CMD to be sent to the Controller */
1386 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1387 -1, EDL_PATCH_CMD_LEN);
1388
1389 /* Total length of the packet to be sent to the Controller */
1390 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1391
1392 /* Send HCI Command packet to Controller */
1393 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1394 if ( err != size) {
1395 ALOGE("Failed to attach the patch payload to the Controller!");
1396 goto error;
1397 }
1398
1399 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1400 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1401 if ( err < 0) {
1402 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1403 goto error;
1404 }
1405 error:
1406 return err;
1407
1408 }
1409
rome_get_build_info_req(int fd)1410 int rome_get_build_info_req(int fd)
1411 {
1412 int size, err = 0;
1413 unsigned char cmd[HCI_MAX_CMD_SIZE];
1414 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1415
1416 /* Frame the HCI CMD to be sent to the Controller */
1417 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1418 -1, EDL_PATCH_CMD_LEN);
1419
1420 /* Total length of the packet to be sent to the Controller */
1421 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1422
1423 /* Send HCI Command packet to Controller */
1424 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1425 if ( err != size) {
1426 ALOGE("Failed to send get build info cmd to the SoC!");
1427 goto error;
1428 }
1429
1430 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1431 if ( err < 0) {
1432 ALOGE("%s: Failed to get build info", __FUNCTION__);
1433 goto error;
1434 }
1435 error:
1436 return err;
1437
1438 }
1439
1440
rome_set_baudrate_req(int fd)1441 int rome_set_baudrate_req(int fd)
1442 {
1443 int size, err = 0;
1444 unsigned char cmd[HCI_MAX_CMD_SIZE];
1445 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1446 hci_command_hdr *cmd_hdr;
1447 int flags;
1448
1449 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1450
1451 cmd_hdr = (void *) (cmd + 1);
1452 cmd[0] = HCI_COMMAND_PKT;
1453 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1454 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1455 cmd[4] = BAUDRATE_3000000;
1456
1457 /* Total length of the packet to be sent to the Controller */
1458 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1459
1460 /* Flow off during baudrate change */
1461 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1462 {
1463 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1464 goto error;
1465 }
1466
1467 /* Send the HCI command packet to UART for transmission */
1468 err = do_write(fd, cmd, size);
1469 if (err != size) {
1470 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1471 goto error;
1472 }
1473
1474 /* Change Local UART baudrate to high speed UART */
1475 userial_vendor_set_baud(USERIAL_BAUD_3M);
1476
1477 /* Flow on after changing local uart baudrate */
1478 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1479 {
1480 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1481 return err;
1482 }
1483
1484 /* Check for response from the Controller */
1485 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1486 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1487 goto error;
1488 }
1489
1490 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1491
1492 /* Wait for command complete event */
1493 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1494 if ( err < 0) {
1495 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1496 goto error;
1497 }
1498
1499 error:
1500 return err;
1501
1502 }
1503
1504
rome_hci_reset_req(int fd)1505 int rome_hci_reset_req(int fd)
1506 {
1507 int size, err = 0;
1508 unsigned char cmd[HCI_MAX_CMD_SIZE];
1509 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1510 hci_command_hdr *cmd_hdr;
1511 int flags;
1512
1513 ALOGI("%s: HCI RESET ", __FUNCTION__);
1514
1515 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1516
1517 cmd_hdr = (void *) (cmd + 1);
1518 cmd[0] = HCI_COMMAND_PKT;
1519 cmd_hdr->opcode = HCI_RESET;
1520 cmd_hdr->plen = 0;
1521
1522 /* Total length of the packet to be sent to the Controller */
1523 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1524
1525 /* Flow off during baudrate change */
1526 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1527 {
1528 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1529 goto error;
1530 }
1531
1532 /* Send the HCI command packet to UART for transmission */
1533 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1534 err = do_write(fd, cmd, size);
1535 if (err != size) {
1536 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1537 goto error;
1538 }
1539
1540 /* Change Local UART baudrate to high speed UART */
1541 userial_vendor_set_baud(USERIAL_BAUD_3M);
1542
1543 /* Flow on after changing local uart baudrate */
1544 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1545 {
1546 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1547 return err;
1548 }
1549
1550 /* Wait for command complete event */
1551 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1552 if ( err < 0) {
1553 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1554 goto error;
1555 }
1556
1557 error:
1558 return err;
1559
1560 }
1561
1562
rome_hci_reset(int fd)1563 int rome_hci_reset(int fd)
1564 {
1565 int size, err = 0;
1566 unsigned char cmd[HCI_MAX_CMD_SIZE];
1567 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1568 hci_command_hdr *cmd_hdr;
1569 int flags;
1570
1571 ALOGI("%s: HCI RESET ", __FUNCTION__);
1572
1573 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1574
1575 cmd_hdr = (void *) (cmd + 1);
1576 cmd[0] = HCI_COMMAND_PKT;
1577 cmd_hdr->opcode = HCI_RESET;
1578 cmd_hdr->plen = 0;
1579
1580 /* Total length of the packet to be sent to the Controller */
1581 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1582 err = do_write(fd, cmd, size);
1583 if (err != size) {
1584 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1585 err = -1;
1586 goto error;
1587 }
1588
1589 /* Wait for command complete event */
1590 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1591 if ( err < 0) {
1592 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1593 goto error;
1594 }
1595
1596 error:
1597 return err;
1598
1599 }
1600
rome_wipower_current_charging_status_req(int fd)1601 int rome_wipower_current_charging_status_req(int fd)
1602 {
1603 int size, err = 0;
1604 unsigned char cmd[HCI_MAX_CMD_SIZE];
1605 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1606 hci_command_hdr *cmd_hdr;
1607 int flags;
1608
1609 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1610
1611 cmd_hdr = (void *) (cmd + 1);
1612 cmd[0] = HCI_COMMAND_PKT;
1613 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1614 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1615 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1616
1617 /* Total length of the packet to be sent to the Controller */
1618 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1619
1620 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1621 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1622
1623 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1624 if ( err != size) {
1625 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1626 goto error;
1627 }
1628
1629 /* Check for response from the Controller */
1630 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1631 err = -ETIMEDOUT;
1632 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1633 goto error;
1634 }
1635
1636 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1637 if (rsp[4] >= NON_WIPOWER_MODE) {
1638 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1639 if (err < 0) {
1640 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1641 goto error;
1642 }
1643 }
1644
1645 error:
1646 return err;
1647 }
1648
addon_feature_req(int fd)1649 int addon_feature_req(int fd)
1650 {
1651 int size, err = 0;
1652 unsigned char cmd[HCI_MAX_CMD_SIZE];
1653 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1654 hci_command_hdr *cmd_hdr;
1655 int flags;
1656
1657 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1658
1659 cmd_hdr = (void *) (cmd + 1);
1660 cmd[0] = HCI_COMMAND_PKT;
1661 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1662 cmd_hdr->plen = 0x00;
1663
1664 /* Total length of the packet to be sent to the Controller */
1665 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1666
1667 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1668 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1669 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1670 if ( err != size) {
1671 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1672 goto error;
1673 }
1674
1675 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1676 if (err < 0) {
1677 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1678 goto error;
1679 }
1680 error:
1681 return err;
1682 }
1683
1684
check_embedded_mode(int fd)1685 int check_embedded_mode(int fd) {
1686 int err = 0;
1687
1688 wipower_flag = 0;
1689 /* Get current wipower charging status */
1690 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1691 {
1692 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1693 }
1694 usleep(500);
1695
1696 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1697
1698 return wipower_flag;
1699 }
1700
rome_get_addon_feature_list(int fd)1701 int rome_get_addon_feature_list(int fd) {
1702 int err = 0;
1703
1704 /* Get addon features that are supported by FW */
1705 if ((err = addon_feature_req(fd)) < 0)
1706 {
1707 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1708 }
1709 return err;
1710 }
1711
rome_wipower_forward_handoff_req(int fd)1712 int rome_wipower_forward_handoff_req(int fd)
1713 {
1714 int size, err = 0;
1715 unsigned char cmd[HCI_MAX_CMD_SIZE];
1716 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1717 hci_command_hdr *cmd_hdr;
1718 int flags;
1719
1720 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1721
1722 cmd_hdr = (void *) (cmd + 1);
1723 cmd[0] = HCI_COMMAND_PKT;
1724 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1725 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1726 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1727
1728 /* Total length of the packet to be sent to the Controller */
1729 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1730
1731 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1732 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1733 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1734 if ( err != size) {
1735 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1736 goto error;
1737 }
1738
1739 /* Check for response from the Controller */
1740 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1741 err = -ETIMEDOUT;
1742 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1743 goto error;
1744 }
1745
1746 error:
1747 return err;
1748 }
1749
1750
enable_controller_log(int fd,unsigned char wait_for_evt)1751 void enable_controller_log (int fd, unsigned char wait_for_evt)
1752 {
1753 int ret = 0;
1754 /* VS command to enable controller logging to the HOST. By default it is disabled */
1755 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1756 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1757 char value[PROPERTY_VALUE_MAX] = {'\0'};
1758
1759 property_get("persist.service.bdroid.soclog", value, "false");
1760
1761 // value at cmd[5]: 1 - to enable, 0 - to disable
1762 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1763 ALOGI("%s: %d", __func__, ret);
1764 /* Ignore vsc evt if wait_for_evt is true */
1765 if (wait_for_evt) wait_vsc_evt = FALSE;
1766
1767 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1768 if (ret != 6) {
1769 ALOGE("%s: command failed", __func__);
1770 }
1771 /*Ignore hci_event if wait_for_evt is true*/
1772 if (wait_for_evt)
1773 goto end;
1774 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1775 if (ret < 0) {
1776 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1777 }
1778 end:
1779 wait_vsc_evt = TRUE;
1780 return;
1781 }
1782
1783
1784 /* This function is called with q_lock held and q is non-NULL */
disable_internal_ldo(int fd)1785 static int disable_internal_ldo(int fd)
1786 {
1787 int ret = 0;
1788 if (q->enable_extldo) {
1789 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1790 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1791
1792 ALOGI(" %s ", __FUNCTION__);
1793 ret = do_write(fd, cmd, 5);
1794 if (ret != 5) {
1795 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1796 ret = -1;
1797 } else {
1798 /* Wait for command complete event */
1799 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1800 if ( ret < 0) {
1801 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1802 }
1803 }
1804 }
1805 return ret;
1806 }
1807
rome_soc_init(int fd,char * bdaddr)1808 int rome_soc_init(int fd, char *bdaddr)
1809 {
1810 int err = -1, size = 0;
1811 dnld_fd = fd;
1812 ALOGI(" %s ", __FUNCTION__);
1813 RESERVED(bdaddr);
1814
1815 /* If wipower charging is going on in embedded mode then start hand off req */
1816 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1817 {
1818 wipower_flag = 0;
1819 wipower_handoff_ready = 0;
1820 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1821 {
1822 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1823 }
1824 }
1825
1826 /* Get Rome version information */
1827 if((err = rome_patch_ver_req(fd)) <0){
1828 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1829 goto error;
1830 }
1831
1832 ALOGI("%s: Chipset Version (0x%08x)", __FUNCTION__, chipset_ver);
1833
1834 switch (chipset_ver){
1835 case ROME_VER_1_0:
1836 {
1837 /* Set and Download the RAMPATCH */
1838 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1839 err = rome_download_rampatch(fd);
1840 if (err < 0) {
1841 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1842 goto error;
1843 }
1844 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1845
1846 /* Attach the RAMPATCH */
1847 ALOGI("%s: Attaching the patches", __FUNCTION__);
1848 err = rome_attach_rampatch(fd);
1849 if (err < 0) {
1850 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1851 goto error;
1852 }
1853 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1854
1855 /* Send Reset */
1856 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1857 err = rome_rampatch_reset(fd);
1858 if ( err < 0 ) {
1859 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1860 goto error;
1861 }
1862
1863 /* NVM download */
1864 ALOGI("%s: Downloading NVM", __FUNCTION__);
1865 err = rome_1_0_nvm_tag_dnld(fd);
1866 if ( err <0 ) {
1867 ALOGE("Downloading NVM Failed !!");
1868 goto error;
1869 }
1870
1871 /* Change baud rate 115.2 kbps to 3Mbps*/
1872 err = rome_hci_reset_req(fd);
1873 if (err < 0) {
1874 ALOGE("HCI Reset Failed !!");
1875 goto error;
1876 }
1877
1878 ALOGI("HCI Reset is done\n");
1879 }
1880 break;
1881 case ROME_VER_1_1:
1882 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1883 nvm_file_path = ROME_NVM_TLV_PATH;
1884 goto download;
1885 case ROME_VER_1_3:
1886 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1887 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1888 goto download;
1889 case ROME_VER_2_1:
1890 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1891 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1892 goto download;
1893 case ROME_VER_3_0:
1894 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1895 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1896 fw_su_info = ROME_3_1_FW_SU;
1897 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1898 goto download;
1899 case ROME_VER_3_2:
1900 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1901 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1902 fw_su_info = ROME_3_2_FW_SU;
1903 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1904
1905 download:
1906 /* Change baud rate 115.2 kbps to 3Mbps*/
1907 err = rome_set_baudrate_req(fd);
1908 if (err < 0) {
1909 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1910 goto error;
1911 }
1912 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1913 /* Donwload TLV files (rampatch, NVM) */
1914 err = rome_download_tlv_file(fd);
1915 if (err < 0) {
1916 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1917 goto error;
1918 }
1919 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1920
1921 /* Get SU FM label information */
1922 if((err = rome_get_build_info_req(fd)) <0){
1923 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1924 //Ignore the failure of ROME FW SU label information
1925 err = 0;
1926 }
1927
1928 /* Disable internal LDO to use external LDO instead*/
1929 err = disable_internal_ldo(fd);
1930
1931 /* Send HCI Reset */
1932 err = rome_hci_reset(fd);
1933 if ( err <0 ) {
1934 ALOGE("HCI Reset Failed !!");
1935 goto error;
1936 }
1937
1938 ALOGI("HCI Reset is done\n");
1939
1940 break;
1941 default:
1942 ALOGI("%s: Detected unknown SoC version: 0x%08x", __FUNCTION__, chipset_ver);
1943 err = -1;
1944 break;
1945 }
1946
1947 error:
1948 dnld_fd = -1;
1949 return err;
1950 }
1951