1 /*
2  *
3  *  Copyright (c) 2013, The Linux Foundation. All rights reserved.
4  *  Not a Contribution.
5  *
6  *  Copyright 2012 The Android Open Source Project
7  *
8  *  Licensed under the Apache License, Version 2.0 (the "License"); you
9  *  may not use this file except in compliance with the License. You may
10  *  obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  *  Unless required by applicable law or agreed to in writing, software
15  *  distributed under the License is distributed on an "AS IS" BASIS,
16  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17  *  implied. See the License for the specific language governing
18  *  permissions and limitations under the License.
19  *
20  */
21 
22 /******************************************************************************
23  *
24  *  Filename:      hw_rome.c
25  *
26  *  Description:   Contains controller-specific functions, like
27  *                      firmware patch download
28  *                      low power mode operations
29  *
30  ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 #define LOG_TAG "bt_vendor"
36 
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <termios.h>
51 #include <stdbool.h>
52 
53 #include "bt_hci_bdroid.h"
54 #include "bt_vendor_qcom.h"
55 #include "hci_uart.h"
56 #include "hw_rome.h"
57 
58 #ifdef __cplusplus
59 }
60 #endif
61 
62 /******************************************************************************
63 **  Variables
64 ******************************************************************************/
65 FILE *file;
66 unsigned char *phdr_buffer;
67 unsigned char *pdata_buffer = NULL;
68 patch_info rampatch_patch_info;
69 int rome_ver = ROME_VER_UNKNOWN;
70 unsigned char gTlv_type;
71 unsigned char gTlv_dwndCfg;
72 static unsigned int wipower_flag = 0;
73 static unsigned int wipower_handoff_ready = 0;
74 char *rampatch_file_path;
75 char *nvm_file_path;
76 char *fw_su_info = NULL;
77 unsigned short fw_su_offset =0;
78 extern char enable_extldo;
79 unsigned char wait_vsc_evt = TRUE;
80 
81 /******************************************************************************
82 **  Extern variables
83 ******************************************************************************/
84 extern uint8_t vnd_local_bd_addr[6];
85 
86 /*****************************************************************************
87 **   Functions
88 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)89 int do_write(int fd, unsigned char *buf,int len)
90 {
91     int ret = 0;
92     int write_offset = 0;
93     int write_len = len;
94     do {
95         ret = write(fd,buf+write_offset,write_len);
96         if (ret < 0)
97         {
98             ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
99             return -1;
100         } else if (ret == 0) {
101             ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
102             return 0;
103         } else {
104             if (ret < write_len) {
105                 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
106                        strerror(errno));
107                 write_len = write_len - ret;
108                 write_offset = ret;
109             } else {
110                 ALOGV("Write successful");
111                 break;
112             }
113         }
114     } while(1);
115     return len;
116 }
117 
get_vs_hci_event(unsigned char * rsp)118 int get_vs_hci_event(unsigned char *rsp)
119 {
120     int err = 0;
121     unsigned char paramlen = 0;
122     unsigned char EMBEDDED_MODE_CHECK = 0x02;
123     FILE *btversionfile = 0;
124     unsigned int soc_id = 0;
125     unsigned int productid = 0;
126     unsigned short patchversion = 0;
127     char build_label[255];
128     int build_lbl_len;
129 
130     if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
131         ALOGV("%s: Received HCI-Vendor Specific event", __FUNCTION__);
132     else {
133         ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
134         err = -EIO;
135         goto failed;
136     }
137 
138     ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN],
139           rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]);
140 
141     /* Check the status of the operation */
142     switch ( rsp[CMD_RSP_OFFSET] )
143     {
144         case EDL_CMD_REQ_RES_EVT:
145         ALOGV("%s: Command Request Response", __FUNCTION__);
146         switch(rsp[RSP_TYPE_OFFSET])
147         {
148             case EDL_PATCH_VER_RES_EVT:
149             case EDL_APP_VER_RES_EVT:
150                 ALOGI("\t Current Product ID\t\t: 0x%08x",
151                     productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
152                                         rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
153                                         rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
154                                         rsp[PATCH_PROD_ID_OFFSET]  ));
155 
156                 /* Patch Version indicates FW patch version */
157                 ALOGI("\t Current Patch Version\t\t: 0x%04x",
158                     (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
159                                             rsp[PATCH_PATCH_VER_OFFSET] )));
160 
161                 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
162                 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
163                     (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
164                                             rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
165 
166                 /* In case rome 1.0/1.1, there is no SOC ID version available */
167                 if (paramlen - 10)
168                 {
169                     ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
170                         (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
171                                                 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
172                                                 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
173                                                 rsp[PATCH_SOC_VER_OFFSET]  ));
174                 }
175 
176                 /* Rome Chipset Version can be decided by Patch version and SOC version,
177                 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
178                 used for SOC as combination for BT host driver */
179                 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
180                 break;
181             case EDL_TVL_DNLD_RES_EVT:
182             case EDL_CMD_EXE_STATUS_EVT:
183                 switch (err = rsp[CMD_STATUS_OFFSET])
184                     {
185                     case HCI_CMD_SUCCESS:
186                         ALOGV("%s: Download Packet successfully!", __FUNCTION__);
187                         break;
188                     case PATCH_LEN_ERROR:
189                         ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
190                         "SET REQ cmd", __FUNCTION__);
191                         break;
192                     case PATCH_VER_ERROR:
193                         ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
194                         "SET REQ cmd", __FUNCTION__);
195                         break;
196                     case PATCH_CRC_ERROR:
197                         ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
198                         break;
199                     case PATCH_NOT_FOUND:
200                         ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
201                         break;
202                     case TLV_TYPE_ERROR:
203                         ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
204                         break;
205                     default:
206                         ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
207                         break;
208                     }
209             break;
210             case HCI_VS_GET_BUILD_VER_EVT:
211                 build_lbl_len = rsp[5];
212                 memcpy (build_label, &rsp[6], build_lbl_len);
213                 *(build_label+build_lbl_len) = '\0';
214 
215                 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
216             break;
217         }
218         break;
219 
220         case NVM_ACCESS_CODE:
221             ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
222             err = HCI_CMD_SUCCESS;
223             break;
224         case EDL_SET_BAUDRATE_RSP_EVT:
225             /* Rome 1.1 has bug with the response, so it should ignore it. */
226             if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
227             {
228                 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
229                     rsp[CMD_STATUS_OFFSET]);
230                 err = -1;
231             }
232             break;
233        case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
234             /*TODO: rsp code 00 mean no charging
235             this is going to change in FW soon*/
236             if (rsp[4] != EMBEDDED_MODE_CHECK)
237             {
238                ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
239                wipower_handoff_ready = rsp[4];
240                wipower_flag = 1;
241             }
242             break;
243         case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
244             /*TODO: rsp code 00 mean no charging
245             this is going to change in FW soon*/
246             if (rsp[4] == NON_WIPOWER_MODE)
247             {
248                ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
249             }
250             break;
251         case HCI_VS_GET_ADDON_FEATURES_EVENT:
252             if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
253             {
254                ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
255                property_set("persist.bluetooth.a4wp", "true");
256             }
257             break;
258         default:
259             ALOGE("%s: Not a valid status!!!", __FUNCTION__);
260             err = -1;
261             break;
262     }
263 
264 failed:
265     return err;
266 }
267 
268 
269 /*
270  * Read an VS HCI event from the given file descriptor.
271  */
read_vs_hci_event(int fd,unsigned char * buf,int size)272 int read_vs_hci_event(int fd, unsigned char* buf, int size)
273 {
274     int remain, r;
275     int count = 0, i;
276 
277     if (size <= 0) {
278         ALOGE("Invalid size arguement!");
279         return -1;
280     }
281 
282     ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
283 
284     /* The first byte identifies the packet type. For HCI event packets, it
285      * should be 0x04, so we read until we get to the 0x04. */
286     /* It will keep reading until find 0x04 byte */
287     while (1) {
288             r = read(fd, buf, 1);
289             if (r <= 0)
290                     return -1;
291             if (buf[0] == 0x04)
292                     break;
293     }
294     count++;
295 
296     /* The next two bytes are the event code and parameter total length. */
297     while (count < 3) {
298             r = read(fd, buf + count, 3 - count);
299             if ((r <= 0) || (buf[1] != 0xFF )) {
300                 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
301                 return -1;
302             }
303             count += r;
304     }
305 
306     /* Now we read the parameters. */
307     if (buf[2] < (size - 3))
308             remain = buf[2];
309     else
310             remain = size - 3;
311 
312     while ((count - 3) < remain) {
313             r = read(fd, buf + count, remain - (count - 3));
314             if (r <= 0)
315                     return -1;
316             count += r;
317     }
318 
319      /* Check if the set patch command is successful or not */
320     if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
321         return -1;
322 
323     return count;
324 }
325 
326 /*
327  * For Hand-Off related Wipower commands, Command complete arrives first and
328  * the followd with VS event
329  *
330  */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)331 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
332 {
333     int ret = 0;
334     int err = 0;
335 
336     /* Send the HCI command packet to UART for transmission */
337     ret = do_write(fd, cmd, size);
338     if (ret != size) {
339         ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
340         goto failed;
341     }
342 
343     /* Wait for command complete event */
344     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
345     if ( err < 0) {
346         ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
347         goto failed;
348     }
349 
350     ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
351 failed:
352     return ret;
353 }
354 
355 
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)356 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
357 {
358     int ret = 0;
359 
360     /* Send the HCI command packet to UART for transmission */
361     ret = do_write(fd, cmd, size);
362     if (ret != size) {
363         ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
364         goto failed;
365     }
366 
367     if (wait_vsc_evt) {
368         /* Check for response from the Controller */
369         if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
370            ret = -ETIMEDOUT;
371            ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
372            goto failed;
373         }
374         ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
375     }
376 
377 failed:
378     return ret;
379 }
380 
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)381 void frame_hci_cmd_pkt(
382     unsigned char *cmd,
383     int edl_cmd, unsigned int p_base_addr,
384     int segtNo, int size
385     )
386 {
387     int offset = 0;
388     hci_command_hdr *cmd_hdr;
389 
390     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
391 
392     cmd_hdr = (void *) (cmd + 1);
393 
394     cmd[0]      = HCI_COMMAND_PKT;
395     cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
396     cmd_hdr->plen   = size;
397     cmd[4]      = edl_cmd;
398 
399     switch (edl_cmd)
400     {
401         case EDL_PATCH_SET_REQ_CMD:
402             /* Copy the patch header info as CMD params */
403             memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
404             ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
405             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
406                 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
407             break;
408         case EDL_PATCH_DLD_REQ_CMD:
409             offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
410             p_base_addr += offset;
411             cmd_hdr->plen   = (size + 6);
412             cmd[5]  = (size + 4);
413             cmd[6]  = EXTRACT_BYTE(p_base_addr, 0);
414             cmd[7]  = EXTRACT_BYTE(p_base_addr, 1);
415             cmd[8]  = EXTRACT_BYTE(p_base_addr, 2);
416             cmd[9]  = EXTRACT_BYTE(p_base_addr, 3);
417             memcpy(&cmd[10], (pdata_buffer + offset), size);
418 
419             ALOGV("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
420                 __FUNCTION__, size);
421             ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
422                 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
423                 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
424             break;
425         case EDL_PATCH_ATCH_REQ_CMD:
426             ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
427             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
428             segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
429             break;
430         case EDL_PATCH_RST_REQ_CMD:
431             ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
432             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
433             segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
434             break;
435         case EDL_PATCH_VER_REQ_CMD:
436             ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
437             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
438             segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
439             break;
440         case EDL_PATCH_TLV_REQ_CMD:
441             ALOGV("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
442             /* Parameter Total Length */
443             cmd[3] = size +2;
444 
445             /* TLV Segment Length */
446             cmd[5] = size;
447             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
448             segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
449             offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
450             memcpy(&cmd[6], (pdata_buffer + offset), size);
451             break;
452         case EDL_GET_BUILD_INFO:
453             ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
454             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
455                 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
456             break;
457         case EDL_GET_BOARD_ID:
458             ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
459             ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
460                 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
461             break;
462         default:
463             ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
464     }
465 }
466 
rome_extract_patch_header_info(unsigned char * buf)467 void rome_extract_patch_header_info(unsigned char *buf)
468 {
469     int index;
470 
471     /* Extract patch id */
472     for (index = 0; index < 4; index++)
473         rampatch_patch_info.patch_id |=
474             (LSH(buf[index + P_ID_OFFSET], (index * 8)));
475 
476     /* Extract (ROM and BUILD) version information */
477     for (index = 0; index < 2; index++)
478         rampatch_patch_info.patch_ver.rom_version |=
479             (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
480 
481     for (index = 0; index < 2; index++)
482         rampatch_patch_info.patch_ver.build_version |=
483             (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
484 
485     /* Extract patch base and entry addresses */
486     for (index = 0; index < 4; index++)
487         rampatch_patch_info.patch_base_addr |=
488             (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
489 
490     /* Patch BASE & ENTRY addresses are same */
491     rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
492 
493     /* Extract total length of the patch payload */
494     for (index = 0; index < 4; index++)
495         rampatch_patch_info.patch_length |=
496             (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
497 
498     /* Extract the CRC checksum of the patch payload */
499     for (index = 0; index < 4; index++)
500         rampatch_patch_info.patch_crc |=
501             (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
502 
503     /* Extract patch control value */
504     for (index = 0; index < 4; index++)
505         rampatch_patch_info.patch_ctrl |=
506             (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
507 
508     ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
509     ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
510     ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
511     ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
512     ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
513     ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
514     ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
515 
516 }
517 
rome_edl_set_patch_request(int fd)518 int rome_edl_set_patch_request(int fd)
519 {
520     int size, err;
521     unsigned char cmd[HCI_MAX_CMD_SIZE];
522     unsigned char rsp[HCI_MAX_EVENT_SIZE];
523 
524     /* Frame the HCI CMD to be sent to the Controller */
525     frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
526         -1, PATCH_HDR_LEN + 1);
527 
528     /* Total length of the packet to be sent to the Controller */
529     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
530 
531     /* Send HCI Command packet to Controller */
532     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
533     if ( err != size) {
534         ALOGE("Failed to set the patch info to the Controller!");
535         goto error;
536     }
537 
538     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
539     if ( err < 0) {
540         ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
541         goto error;
542     }
543     ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
544 error:
545     return err;
546 }
547 
rome_edl_patch_download_request(int fd)548 int rome_edl_patch_download_request(int fd)
549 {
550     int no_of_patch_segment;
551     int index = 1, err = 0, size = 0;
552     unsigned int p_base_addr;
553     unsigned char cmd[HCI_MAX_CMD_SIZE];
554     unsigned char rsp[HCI_MAX_EVENT_SIZE];
555 
556     no_of_patch_segment = (rampatch_patch_info.patch_length /
557         MAX_DATA_PER_SEGMENT);
558     ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
559         __FUNCTION__, no_of_patch_segment,
560     rampatch_patch_info.patch_base_addr);
561 
562     /* Initialize the patch base address from the one read from bin file */
563     p_base_addr = rampatch_patch_info.patch_base_addr;
564 
565     /*
566     * Depending upon size of the patch payload, download the patches in
567     * segments with a max. size of 239 bytes
568     */
569     for (index = 1; index <= no_of_patch_segment; index++) {
570 
571         ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
572 
573         /* Frame the HCI CMD PKT to be sent to Controller*/
574         frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
575         index, MAX_DATA_PER_SEGMENT);
576 
577         /* Total length of the packet to be sent to the Controller */
578         size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
579 
580         /* Initialize the RSP packet everytime to 0 */
581         memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
582 
583         /* Send HCI Command packet to Controller */
584         err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
585         if ( err != size) {
586             ALOGE("Failed to send the patch payload to the Controller!");
587             goto error;
588         }
589 
590         /* Read Command Complete Event */
591         err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
592         if ( err < 0) {
593             ALOGE("%s: Failed to downlaod patch segment: %d!",
594             __FUNCTION__, index);
595             goto error;
596         }
597         ALOGI("%s: Successfully downloaded patch segment: %d",
598         __FUNCTION__, index);
599     }
600 
601     /* Check if any pending patch data to be sent */
602     size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
603         rampatch_patch_info.patch_length :
604         (rampatch_patch_info.patch_length  % MAX_DATA_PER_SEGMENT);
605 
606     if (size)
607     {
608         /* Frame the HCI CMD PKT to be sent to Controller*/
609         frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
610 
611         /* Initialize the RSP packet everytime to 0 */
612         memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
613 
614         /* Total length of the packet to be sent to the Controller */
615         size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
616 
617         /* Send HCI Command packet to Controller */
618         err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
619         if ( err != size) {
620             ALOGE("Failed to send the patch payload to the Controller!");
621             goto error;
622         }
623 
624         /* Read Command Complete Event */
625         err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
626         if ( err < 0) {
627             ALOGE("%s: Failed to downlaod patch segment: %d!",
628                 __FUNCTION__, index);
629             goto error;
630         }
631 
632         ALOGI("%s: Successfully downloaded patch segment: %d",
633         __FUNCTION__, index);
634     }
635 
636 error:
637     return err;
638 }
639 
rome_download_rampatch(int fd)640 static int rome_download_rampatch(int fd)
641 {
642     int c, tmp, size, index, ret = -1;
643 
644     ALOGI("%s: ", __FUNCTION__);
645 
646     /* Get handle to the RAMPATCH binary file */
647     ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
648     file = fopen(ROME_FW_PATH, "r");
649     if (file == NULL) {
650         ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
651         __FUNCTION__);
652         return -ENFILE;
653     }
654 
655     /* Allocate memory for the patch headder info */
656     ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
657     phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
658     if (phdr_buffer == NULL) {
659         ALOGE("%s: Failed to allocate memory for patch header",
660         __FUNCTION__);
661         goto phdr_alloc_failed;
662     }
663     for (index = 0; index < PATCH_HDR_LEN + 1; index++)
664         phdr_buffer[index] = 0x0;
665 
666     /* Read 28 bytes of patch header information */
667     ALOGI("%s: Reading patch header info", __FUNCTION__);
668     index = 0;
669     do {
670         c = fgetc (file);
671         phdr_buffer[index++] = (unsigned char)c;
672     } while (index != PATCH_HDR_LEN);
673 
674     /* Save the patch header info into local structure */
675     ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
676     rome_extract_patch_header_info((unsigned char *)phdr_buffer);
677 
678     /* Set the patch header info onto the Controller */
679     ret = rome_edl_set_patch_request(fd);
680     if (ret < 0) {
681         ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
682         goto pdata_alloc_failed;
683     }
684 
685     /* Allocate memory for the patch payload */
686     ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
687     size = rampatch_patch_info.patch_length;
688     pdata_buffer = (unsigned char *) malloc(size+1);
689     if (pdata_buffer == NULL) {
690         ALOGE("%s: Failed to allocate memory for patch payload",
691             __FUNCTION__);
692         goto pdata_alloc_failed;
693     }
694     for (index = 0; index < size+1; index++)
695         pdata_buffer[index] = 0x0;
696 
697     /* Read the patch data from Rampatch binary image */
698     ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
699     index = 0;
700     do {
701         c = fgetc (file);
702         pdata_buffer[index++] = (unsigned char)c;
703     } while (c != EOF);
704 
705     /* Downloading patches in segments to controller */
706     ret = rome_edl_patch_download_request(fd);
707     if (ret < 0) {
708         ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
709         goto cleanup;
710     }
711 cleanup:
712     free(pdata_buffer);
713 pdata_alloc_failed:
714     free(phdr_buffer);
715 phdr_alloc_failed:
716     fclose(file);
717 error:
718     return ret;
719 }
720 
rome_attach_rampatch(int fd)721 int rome_attach_rampatch(int fd)
722 {
723     int size, err;
724     unsigned char cmd[HCI_MAX_CMD_SIZE];
725     unsigned char rsp[HCI_MAX_EVENT_SIZE];
726 
727     /* Frame the HCI CMD to be sent to the Controller */
728     frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
729         -1, EDL_PATCH_CMD_LEN);
730 
731     /* Total length of the packet to be sent to the Controller */
732     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
733 
734     /* Send HCI Command packet to Controller */
735     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
736     if ( err != size) {
737         ALOGE("Failed to attach the patch payload to the Controller!");
738         goto error;
739     }
740 
741     /* Read Command Complete Event */
742     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
743     if ( err < 0) {
744         ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
745         goto error;
746     }
747 error:
748     return err;
749 }
750 
rome_rampatch_reset(int fd)751 int rome_rampatch_reset(int fd)
752 {
753     int size, err = 0, flags;
754     unsigned char cmd[HCI_MAX_CMD_SIZE];
755     struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
756 
757     /* Frame the HCI CMD to be sent to the Controller */
758     frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
759                                         -1, EDL_PATCH_CMD_LEN);
760 
761     /* Total length of the packet to be sent to the Controller */
762     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
763 
764     /* Send HCI Command packet to Controller */
765     err = do_write(fd, cmd, size);
766     if (err != size) {
767         ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
768         goto error;
769     }
770 
771     /*
772     * Controller doesn't sends any response for the patch reset
773     * command. HOST has to wait for 100ms before proceeding.
774     */
775     nanosleep(&tm, NULL);
776 
777 error:
778     return err;
779 }
780 
rome_get_tlv_file(char * file_path)781 int rome_get_tlv_file(char *file_path)
782 {
783     FILE * pFile;
784     long fileSize;
785     int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
786     unsigned short nvm_tag_len;
787     tlv_patch_info *ptlv_header;
788     tlv_nvm_hdr *nvm_ptr;
789     unsigned char data_buf[PRINT_BUF_SIZE]={0,};
790     unsigned char *nvm_byte_ptr;
791 
792     ALOGI("File Open (%s)", file_path);
793     pFile = fopen ( file_path , "r" );
794     if (pFile==NULL) {;
795         ALOGE("%s File Open Fail", file_path);
796         return -1;
797     }
798 
799     /* Get File Size */
800     fseek (pFile , 0 , SEEK_END);
801     fileSize = ftell (pFile);
802     rewind (pFile);
803 
804     pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
805     if (pdata_buffer == NULL) {
806         ALOGE("Allocated Memory failed");
807         fclose (pFile);
808         return -1;
809     }
810 
811     /* Copy file into allocated buffer */
812     readSize = fread (pdata_buffer,1,fileSize,pFile);
813 
814     /* File Close */
815     fclose (pFile);
816 
817     if (readSize != fileSize) {
818         ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
819         return -1;
820     }
821 
822     ptlv_header = (tlv_patch_info *) pdata_buffer;
823 
824     /* To handle different event between rampatch and NVM */
825     gTlv_type = ptlv_header->tlv_type;
826     gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
827 
828     if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
829         ALOGI("====================================================");
830         ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
831         ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
832                                                     (ptlv_header->tlv_length2 << 8) |
833                                                     (ptlv_header->tlv_length3 << 16));
834         ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
835         ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
836         ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
837         ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
838         ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
839         ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
840         ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
841         ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
842         ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
843         ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
844         ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
845         ALOGI("====================================================");
846 
847     } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
848         ALOGV("====================================================");
849         ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
850         ALOGI("Length\t\t\t : %d bytes",  nvm_length = (ptlv_header->tlv_length1) |
851                                                     (ptlv_header->tlv_length2 << 8) |
852                                                     (ptlv_header->tlv_length3 << 16));
853 
854         if(nvm_length <= 0)
855             return readSize;
856 
857        for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
858              nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
859        {
860             ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
861             ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
862             ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
863             ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
864 
865             /* Increase nvm_index to NVM data */
866             nvm_index+=sizeof(tlv_nvm_hdr);
867             nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
868 
869             /* Write BD Address */
870             if(nvm_ptr->tag_id == TAG_NUM_2){
871                 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
872                 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
873                     *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
874                     *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
875             }
876 
877             for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
878                 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
879 
880             ALOGV("TAG Data\t\t\t : %s", data_buf);
881 
882             /* Clear buffer */
883             memset(data_buf, 0x0, PRINT_BUF_SIZE);
884 
885             /* increased by tag_len */
886             nvm_index+=nvm_ptr->tag_len;
887             nvm_byte_ptr +=nvm_ptr->tag_len;
888         }
889 
890         ALOGV("====================================================");
891 
892     } else {
893         ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
894     }
895 
896     return readSize;
897 }
898 
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)899 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
900 {
901     int size=0, err = -1;
902     unsigned char cmd[HCI_MAX_CMD_SIZE];
903     unsigned char rsp[HCI_MAX_EVENT_SIZE];
904 
905     ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
906 
907     /* Frame the HCI CMD PKT to be sent to Controller*/
908     frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
909 
910     /* Total length of the packet to be sent to the Controller */
911     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
912 
913     /* Initialize the RSP packet everytime to 0 */
914     memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
915 
916     /* Send HCI Command packet to Controller */
917     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
918     if ( err != size) {
919         ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
920         return err;
921     }
922 
923     if(wait_cc_evt) {
924         err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
925         if ( err < 0) {
926             ALOGE("%s: Failed to downlaod patch segment: %d!",  __FUNCTION__, index);
927             return err;
928         }
929     }
930 
931     ALOGV("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
932     return err;
933 }
934 
rome_tlv_dnld_req(int fd,int tlv_size)935 int rome_tlv_dnld_req(int fd, int tlv_size)
936 {
937     int  total_segment, remain_size, i, err = -1;
938     unsigned char wait_cc_evt;
939 
940     total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
941     remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
942         tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
943 
944     ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
945         __FUNCTION__,tlv_size, total_segment, remain_size);
946 
947     if (gTlv_type == TLV_TYPE_PATCH) {
948        /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
949         * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
950         * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
951         */
952        switch(gTlv_dwndCfg)
953        {
954            case ROME_SKIP_EVT_NONE:
955               wait_vsc_evt = TRUE;
956               wait_cc_evt = TRUE;
957               ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
958               break;
959            case ROME_SKIP_EVT_VSE_CC:
960               wait_vsc_evt = FALSE;
961               wait_cc_evt = FALSE;
962               ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
963               break;
964            /* Not handled for now */
965            case ROME_SKIP_EVT_VSE:
966            case ROME_SKIP_EVT_CC:
967            default:
968               ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
969               break;
970        }
971     } else {
972         wait_vsc_evt = TRUE;
973         wait_cc_evt = TRUE;
974     }
975 
976     for(i=0;i<total_segment ;i++){
977         if ((i+1) == total_segment) {
978              if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
979                /* If the Rome version is from 1.1 to 3.1
980                 * 1. No CCE for the last command segment but all other segment
981                 * 2. All the command segments get VSE including the last one
982                 */
983                 wait_cc_evt = !remain_size ? FALSE: TRUE;
984              } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
985                 /* If the Rome version is 3.2
986                  * 1. None of the command segments receive CCE
987                  * 2. No command segments receive VSE except the last one
988                  * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
989                  *    same as Rome 2.1, 2.2, 3.0
990                  */
991                  if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
992                     wait_cc_evt = !remain_size ? FALSE: TRUE;
993                  } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
994                     wait_vsc_evt = !remain_size ? TRUE: FALSE;
995                  }
996              }
997         }
998 
999         if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1000             goto error;
1001     }
1002 
1003     if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1004        /* If the Rome version is from 1.1 to 3.1
1005         * 1. No CCE for the last command segment but all other segment
1006         * 2. All the command segments get VSE including the last one
1007         */
1008         wait_cc_evt = remain_size ? FALSE: TRUE;
1009     } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1010         /* If the Rome version is 3.2
1011          * 1. None of the command segments receive CCE
1012          * 2. No command segments receive VSE except the last one
1013          * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1014          *    same as Rome 2.1, 2.2, 3.0
1015          */
1016         if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1017            wait_cc_evt = remain_size ? FALSE: TRUE;
1018         } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1019            wait_vsc_evt = remain_size ? TRUE: FALSE;
1020         }
1021     }
1022 
1023     if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1024 
1025 error:
1026     return err;
1027 }
1028 
rome_download_tlv_file(int fd)1029 int rome_download_tlv_file(int fd)
1030 {
1031     int tlv_size, err = -1;
1032 
1033     /* Rampatch TLV file Downloading */
1034     pdata_buffer = NULL;
1035     if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1036         goto error;
1037 
1038     if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1039         goto error;
1040 
1041     if (pdata_buffer != NULL){
1042         free (pdata_buffer);
1043         pdata_buffer = NULL;
1044     }
1045     /* NVM TLV file Downloading */
1046     if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1047         goto error;
1048 
1049     if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1050         goto error;
1051 
1052 error:
1053     if (pdata_buffer != NULL)
1054         free (pdata_buffer);
1055 
1056     return err;
1057 }
1058 
rome_1_0_nvm_tag_dnld(int fd)1059 int rome_1_0_nvm_tag_dnld(int fd)
1060 {
1061     int i, size, err = 0;
1062     unsigned char cmd[HCI_MAX_CMD_SIZE];
1063     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1064 
1065 #if (NVM_VERSION >= ROME_1_0_100019)
1066     unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1067     {
1068         /* Tag 2 */ /* BD Address */
1069         {  /* Packet Type */HCI_COMMAND_PKT,
1070             /* Opcode */       0x0b,0xfc,
1071             /* Total Len */     9,
1072             /* NVM CMD */    NVM_ACCESS_SET,
1073             /* Tag Num */     2,
1074             /* Tag Len */      6,
1075             /* Tag Value */   0x77,0x78,0x23,0x01,0x56,0x22
1076          },
1077         /* Tag 6 */ /* Bluetooth Support Features */
1078         {  /* Packet Type */HCI_COMMAND_PKT,
1079             /* Opcode */       0x0b,0xfc,
1080             /* Total Len */     11,
1081             /* NVM CMD */    NVM_ACCESS_SET,
1082             /* Tag Num */     6,
1083             /* Tag Len */      8,
1084             /* Tag Value */   0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1085          },
1086         /* Tag 17 */ /* HCI Transport Layer Setting */
1087         {  /* Packet Type */HCI_COMMAND_PKT,
1088             /* Opcode */       0x0b,0xfc,
1089             /* Total Len */     11,
1090             /* NVM CMD */    NVM_ACCESS_SET,
1091             /* Tag Num */     17,
1092             /* Tag Len */      8,
1093             /* Tag Value */   0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1094          },
1095         /* Tag 35 */
1096         {  /* Packet Type */HCI_COMMAND_PKT,
1097             /* Opcode */       0x0b,0xfc,
1098             /* Total Len */     58,
1099             /* NVM CMD */    NVM_ACCESS_SET,
1100             /* Tag Num */     35,
1101             /* Tag Len */      55,
1102             /* Tag Value */   0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1103                                       0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1104                                       0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1105                                       0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1106                                       0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1107                                       0x1B, 0x14, 0x01, 0x04, 0x48
1108          },
1109         /* Tag 36 */
1110         {  /* Packet Type */HCI_COMMAND_PKT,
1111             /* Opcode */       0x0b,0xfc,
1112             /* Total Len */     15,
1113             /* NVM CMD */    NVM_ACCESS_SET,
1114             /* Tag Num */     36,
1115             /* Tag Len */      12,
1116             /* Tag Value */   0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1117          },
1118         /* Tag 39 */
1119         {  /* Packet Type */HCI_COMMAND_PKT,
1120             /* Opcode */       0x0b,0xfc,
1121             /* Total Len */     7,
1122             /* NVM CMD */    NVM_ACCESS_SET,
1123             /* Tag Num */     39,
1124             /* Tag Len */      4,
1125             /* Tag Value */   0x12,0x00,0x00,0x00
1126          },
1127         /* Tag 41 */
1128         {  /* Packet Type */HCI_COMMAND_PKT,
1129             /* Opcode */       0x0b,0xfc,
1130             /* Total Len */     91,
1131             /* NVM CMD */    NVM_ACCESS_SET,
1132             /* Tag Num */     41,
1133             /* Tag Len */      88,
1134             /* Tag Value */   0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1135                                       0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1136                                       0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1137                                       0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1138                                       0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1139                                       0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1140                                       0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1141                                       0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1142                                       0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1143          },
1144         /* Tag 42 */
1145         {  /* Packet Type */HCI_COMMAND_PKT,
1146             /* Opcode */       0x0b,0xfc,
1147             /* Total Len */     63,
1148             /* NVM CMD */    NVM_ACCESS_SET,
1149             /* Tag Num */     42,
1150             /* Tag Len */      60,
1151             /* Tag Value */   0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1152                                       0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1153                                       0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1154                                       0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1155                                       0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1156                                       0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1157          },
1158         /* Tag 84 */
1159         {  /* Packet Type */HCI_COMMAND_PKT,
1160             /* Opcode */       0x0b,0xfc,
1161             /* Total Len */     153,
1162             /* NVM CMD */    NVM_ACCESS_SET,
1163             /* Tag Num */     84,
1164             /* Tag Len */      150,
1165             /* Tag Value */   0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1166                                       0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1167                                       0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1168                                       0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1169                                       0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1170                                       0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1171                                       0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1172                                       0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1173                                       0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1174                                       0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1175                                       0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1176                                       0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1177                                       0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1178                                       0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1179                                       0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1180          },
1181         /* Tag 85 */
1182         {  /* Packet Type */HCI_COMMAND_PKT,
1183             /* Opcode */       0x0b,0xfc,
1184             /* Total Len */     119,
1185             /* NVM CMD */    NVM_ACCESS_SET,
1186             /* Tag Num */     85,
1187             /* Tag Len */      116,
1188             /* Tag Value */   0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1189                                       0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1190                                       0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1191                                       0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1192                                       0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1193                                       0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1194                                       0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1195                                       0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1196                                       0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1197                                       0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1198                                       0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1199                                       0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1200          },
1201         {TAG_END}
1202     };
1203 #elif (NVM_VERSION == ROME_1_0_6002)
1204     unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1205     {
1206         /* Tag 2 */
1207         {  /* Packet Type */HCI_COMMAND_PKT,
1208             /* Opcode */       0x0b,0xfc,
1209             /* Total Len */     9,
1210             /* NVM CMD */    NVM_ACCESS_SET,
1211             /* Tag Num */     2,
1212             /* Tag Len */      6,
1213             /* Tag Value */   0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1214          },
1215         /* Tag 6 */
1216         {  /* Packet Type */HCI_COMMAND_PKT,
1217             /* Opcode */       0x0b,0xfc,
1218             /* Total Len */     11,
1219             /* NVM CMD */    NVM_ACCESS_SET,
1220             /* Tag Num */     6,
1221             /* Tag Len */      8,
1222             /* Tag Value */   0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1223          },
1224         /* Tag 17 */
1225         {  /* Packet Type */HCI_COMMAND_PKT,
1226             /* Opcode */       0x0b,0xfc,
1227             /* Total Len */     11,
1228             /* NVM CMD */    NVM_ACCESS_SET,
1229             /* Tag Num */     17,
1230             /* Tag Len */      8,
1231             /* Tag Value */   0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1232          },
1233         /* Tag 36 */
1234         {  /* Packet Type */HCI_COMMAND_PKT,
1235             /* Opcode */       0x0b,0xfc,
1236             /* Total Len */     15,
1237             /* NVM CMD */    NVM_ACCESS_SET,
1238             /* Tag Num */     36,
1239             /* Tag Len */      12,
1240             /* Tag Value */   0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1241          },
1242 
1243         /* Tag 39 */
1244         {  /* Packet Type */HCI_COMMAND_PKT,
1245             /* Opcode */       0x0b,0xfc,
1246             /* Total Len */     7,
1247             /* NVM CMD */    NVM_ACCESS_SET,
1248             /* Tag Num */     39,
1249             /* Tag Len */      4,
1250             /* Tag Value */   0x12,0x00,0x00,0x00
1251          },
1252 
1253         /* Tag 41 */
1254         {  /* Packet Type */HCI_COMMAND_PKT,
1255             /* Opcode */       0x0b,0xfc,
1256             /* Total Len */     199,
1257             /* NVM CMD */    NVM_ACCESS_SET,
1258             /* Tag Num */     41,
1259             /* Tag Len */      196,
1260             /* Tag Value */   0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1261                                       0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1262                                       0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1263                                       0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1264                                       0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1265                                       0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1266                                       0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1267                                       0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1268                                       0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1269                                       0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1270                                       0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1271                                       0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1272                                       0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1273                                       0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1274                                       0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1275                                       0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1276                                       0x0B,0x01,0x03,0x00
1277          },
1278 
1279         /* Tag 44 */
1280         {  /* Packet Type */HCI_COMMAND_PKT,
1281             /* Opcode */       0x0b,0xfc,
1282             /* Total Len */     44,
1283             /* NVM CMD */    NVM_ACCESS_SET,
1284             /* Tag Num */     44,
1285             /* Tag Len */      41,
1286             /* Tag Value */   0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1287                                       0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1288                                       0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1289                                       0x00,0x14,0x01,0x02,0x03
1290          },
1291         {TAG_END}
1292     };
1293 #endif
1294 
1295     ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1296 
1297     for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1298     {
1299         /* Write BD Address */
1300         if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1301             memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1302             ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1303                 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1304                 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1305                 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1306         }
1307         size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1308         /* Send HCI Command packet to Controller */
1309         err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1310         if ( err != size) {
1311             ALOGE("Failed to attach the patch payload to the Controller!");
1312             goto error;
1313         }
1314 
1315         /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1316         err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1317         if ( err < 0) {
1318             ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1319             goto error;
1320         }
1321     }
1322 
1323 error:
1324     return err;
1325 }
1326 
1327 
1328 
rome_patch_ver_req(int fd)1329 int rome_patch_ver_req(int fd)
1330 {
1331     int size, err = 0;
1332     unsigned char cmd[HCI_MAX_CMD_SIZE];
1333     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1334 
1335     /* Frame the HCI CMD to be sent to the Controller */
1336     frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1337     -1, EDL_PATCH_CMD_LEN);
1338 
1339     /* Total length of the packet to be sent to the Controller */
1340     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1341 
1342     /* Send HCI Command packet to Controller */
1343     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1344     if ( err != size) {
1345         ALOGE("Failed to attach the patch payload to the Controller!");
1346         goto error;
1347     }
1348 
1349     /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1350     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1351     if ( err < 0) {
1352         ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1353         goto error;
1354     }
1355 error:
1356     return err;
1357 
1358 }
1359 
rome_get_build_info_req(int fd)1360 int rome_get_build_info_req(int fd)
1361 {
1362     int size, err = 0;
1363     unsigned char cmd[HCI_MAX_CMD_SIZE];
1364     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1365 
1366     /* Frame the HCI CMD to be sent to the Controller */
1367     frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1368     -1, EDL_PATCH_CMD_LEN);
1369 
1370     /* Total length of the packet to be sent to the Controller */
1371     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1372 
1373     /* Send HCI Command packet to Controller */
1374     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1375     if ( err != size) {
1376         ALOGE("Failed to send get build info cmd to the SoC!");
1377         goto error;
1378     }
1379 
1380     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1381     if ( err < 0) {
1382         ALOGE("%s: Failed to get build info", __FUNCTION__);
1383         goto error;
1384     }
1385 error:
1386     return err;
1387 
1388 }
1389 
1390 
rome_set_baudrate_req(int fd)1391 int rome_set_baudrate_req(int fd)
1392 {
1393     int size, err = 0;
1394     unsigned char cmd[HCI_MAX_CMD_SIZE];
1395     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1396     hci_command_hdr *cmd_hdr;
1397     int flags;
1398 
1399     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1400 
1401     cmd_hdr = (void *) (cmd + 1);
1402     cmd[0]  = HCI_COMMAND_PKT;
1403     cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1404     cmd_hdr->plen     = VSC_SET_BAUDRATE_REQ_LEN;
1405     cmd[4]  = BAUDRATE_3000000;
1406 
1407     /* Total length of the packet to be sent to the Controller */
1408     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1409     tcflush(fd,TCIOFLUSH);
1410     /* Flow off during baudrate change */
1411     if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1412     {
1413       ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1414       goto error;
1415     }
1416 
1417     /* Send the HCI command packet to UART for transmission */
1418     err = do_write(fd, cmd, size);
1419     if (err != size) {
1420         ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1421         goto error;
1422     }
1423 
1424     /* Change Local UART baudrate to high speed UART */
1425     userial_vendor_set_baud(USERIAL_BAUD_3M);
1426 
1427     /* Flow on after changing local uart baudrate */
1428     if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1429     {
1430         ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1431         return err;
1432     }
1433 
1434     /* Check for response from the Controller */
1435     if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1436             ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1437             goto error;
1438     }
1439 
1440     ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1441 
1442     /* Wait for command complete event */
1443     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1444     if ( err < 0) {
1445         ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1446         goto error;
1447     }
1448 
1449 error:
1450     return err;
1451 
1452 }
1453 
1454 
rome_hci_reset_req(int fd)1455 int rome_hci_reset_req(int fd)
1456 {
1457     int size, err = 0;
1458     unsigned char cmd[HCI_MAX_CMD_SIZE];
1459     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1460     hci_command_hdr *cmd_hdr;
1461     int flags;
1462 
1463     ALOGI("%s: HCI RESET ", __FUNCTION__);
1464 
1465     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1466 
1467     cmd_hdr = (void *) (cmd + 1);
1468     cmd[0]  = HCI_COMMAND_PKT;
1469     cmd_hdr->opcode = HCI_RESET;
1470     cmd_hdr->plen   = 0;
1471 
1472     /* Total length of the packet to be sent to the Controller */
1473     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1474 
1475     /* Flow off during baudrate change */
1476     if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1477     {
1478       ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1479       goto error;
1480     }
1481 
1482     /* Send the HCI command packet to UART for transmission */
1483     ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1484     err = do_write(fd, cmd, size);
1485     if (err != size) {
1486         ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1487         goto error;
1488     }
1489 
1490     /* Change Local UART baudrate to high speed UART */
1491     userial_vendor_set_baud(USERIAL_BAUD_3M);
1492 
1493     /* Flow on after changing local uart baudrate */
1494     if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1495     {
1496         ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1497         return err;
1498     }
1499 
1500     /* Wait for command complete event */
1501     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1502     if ( err < 0) {
1503         ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1504         goto error;
1505     }
1506 
1507 error:
1508     return err;
1509 
1510 }
1511 
1512 
rome_hci_reset(int fd)1513 int rome_hci_reset(int fd)
1514 {
1515     int size, err = 0;
1516     unsigned char cmd[HCI_MAX_CMD_SIZE];
1517     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1518     hci_command_hdr *cmd_hdr;
1519     int flags;
1520 
1521     ALOGI("%s: HCI RESET ", __FUNCTION__);
1522 
1523     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1524 
1525     cmd_hdr = (void *) (cmd + 1);
1526     cmd[0]  = HCI_COMMAND_PKT;
1527     cmd_hdr->opcode = HCI_RESET;
1528     cmd_hdr->plen   = 0;
1529 
1530     /* Total length of the packet to be sent to the Controller */
1531     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1532     err = do_write(fd, cmd, size);
1533     if (err != size) {
1534         ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1535         err = -1;
1536         goto error;
1537     }
1538 
1539     /* Wait for command complete event */
1540     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1541     if ( err < 0) {
1542         ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1543         goto error;
1544     }
1545 
1546 error:
1547     return err;
1548 
1549 }
1550 
rome_wipower_current_charging_status_req(int fd)1551 int rome_wipower_current_charging_status_req(int fd)
1552 {
1553     int size, err = 0;
1554     unsigned char cmd[HCI_MAX_CMD_SIZE];
1555     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1556     hci_command_hdr *cmd_hdr;
1557     int flags;
1558 
1559     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1560 
1561     cmd_hdr = (void *) (cmd + 1);
1562     cmd[0]  = HCI_COMMAND_PKT;
1563     cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1564     cmd_hdr->plen     = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1565     cmd[4]  = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1566 
1567     /* Total length of the packet to be sent to the Controller */
1568     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1569 
1570     ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1571     ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1572 
1573     err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1574     if ( err != size) {
1575         ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1576         goto error;
1577     }
1578 
1579     /* Check for response from the Controller */
1580     if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1581         err = -ETIMEDOUT;
1582         ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1583         goto error;
1584     }
1585 
1586     /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1587     if (rsp[4] >= NON_WIPOWER_MODE) {
1588         err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1589         if (err < 0) {
1590             ALOGE("%s: Failed to get charging status", __FUNCTION__);
1591             goto error;
1592         }
1593     }
1594 
1595 error:
1596     return err;
1597 }
1598 
addon_feature_req(int fd)1599 int addon_feature_req(int fd)
1600 {
1601     int size, err = 0;
1602     unsigned char cmd[HCI_MAX_CMD_SIZE];
1603     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1604     hci_command_hdr *cmd_hdr;
1605     int flags;
1606 
1607     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1608 
1609     cmd_hdr = (void *) (cmd + 1);
1610     cmd[0]  = HCI_COMMAND_PKT;
1611     cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1612     cmd_hdr->plen     = 0x00;
1613 
1614     /* Total length of the packet to be sent to the Controller */
1615     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1616 
1617     ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1618     ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1619     err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1620     if ( err != size) {
1621         ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1622         goto error;
1623     }
1624 
1625     err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1626     if (err < 0) {
1627         ALOGE("%s: Failed to get feature request", __FUNCTION__);
1628         goto error;
1629     }
1630 error:
1631     return err;
1632 }
1633 
1634 
check_embedded_mode(int fd)1635 int check_embedded_mode(int fd) {
1636     int err = 0;
1637 
1638     wipower_flag = 0;
1639     /* Get current wipower charging status */
1640     if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1641     {
1642         ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1643     }
1644     usleep(500);
1645 
1646     ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1647 
1648     return wipower_flag;
1649 }
1650 
rome_get_addon_feature_list(int fd)1651 int rome_get_addon_feature_list(int fd) {
1652     int err = 0;
1653 
1654     /* Get addon features that are supported by FW */
1655     if ((err = addon_feature_req(fd)) < 0)
1656     {
1657         ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1658     }
1659     return err;
1660 }
1661 
rome_wipower_forward_handoff_req(int fd)1662 int rome_wipower_forward_handoff_req(int fd)
1663 {
1664     int size, err = 0;
1665     unsigned char cmd[HCI_MAX_CMD_SIZE];
1666     unsigned char rsp[HCI_MAX_EVENT_SIZE];
1667     hci_command_hdr *cmd_hdr;
1668     int flags;
1669 
1670     memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1671 
1672     cmd_hdr = (void *) (cmd + 1);
1673     cmd[0]  = HCI_COMMAND_PKT;
1674     cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1675     cmd_hdr->plen     = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1676     cmd[4]  = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1677 
1678     /* Total length of the packet to be sent to the Controller */
1679     size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1680 
1681     ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1682     ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1683     err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1684     if ( err != size) {
1685         ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1686         goto error;
1687     }
1688 
1689     /* Check for response from the Controller */
1690     if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1691         err = -ETIMEDOUT;
1692         ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1693         goto error;
1694     }
1695 
1696 error:
1697     return err;
1698 }
1699 
1700 
enable_controller_log(int fd)1701 void enable_controller_log (int fd)
1702 {
1703    int ret = 0;
1704    /* VS command to enable controller logging to the HOST. By default it is disabled */
1705    unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1706    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1707    char value[PROPERTY_VALUE_MAX] = {'\0'};
1708 
1709    property_get("persist.service.bdroid.soclog", value, "false");
1710 
1711    // value at cmd[5]: 1 - to enable, 0 - to disable
1712    ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1713    ALOGI("%s: %d", __func__, ret);
1714 
1715    ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1716    if (ret != 6) {
1717      ALOGE("%s: command failed", __func__);
1718    }
1719    ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1720    if (ret < 0) {
1721        ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1722    }
1723 }
1724 
1725 
disable_internal_ldo(int fd)1726 static int disable_internal_ldo(int fd)
1727 {
1728     int ret = 0;
1729     if (enable_extldo) {
1730         unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1731         unsigned char rsp[HCI_MAX_EVENT_SIZE];
1732 
1733         ALOGI(" %s ", __FUNCTION__);
1734         ret = do_write(fd, cmd, 5);
1735         if (ret != 5) {
1736             ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1737             ret = -1;
1738         } else {
1739             /* Wait for command complete event */
1740             ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1741             if ( ret < 0) {
1742                 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1743             }
1744         }
1745     }
1746     return ret;
1747 }
1748 
rome_soc_init(int fd,char * bdaddr)1749 int rome_soc_init(int fd, char *bdaddr)
1750 {
1751     int err = -1, size = 0;
1752 
1753     ALOGI(" %s ", __FUNCTION__);
1754 
1755     /* If wipower charging is going on in embedded mode then start hand off req */
1756     if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1757     {
1758         wipower_flag = 0;
1759         wipower_handoff_ready = 0;
1760         if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1761         {
1762             ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1763         }
1764     }
1765 
1766     /* Get Rome version information */
1767     if((err = rome_patch_ver_req(fd)) <0){
1768         ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1769         goto error;
1770     }
1771 
1772     ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1773 
1774     switch (rome_ver){
1775         case ROME_VER_1_0:
1776             {
1777                 /* Set and Download the RAMPATCH */
1778                 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1779                 err = rome_download_rampatch(fd);
1780                 if (err < 0) {
1781                     ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1782                     goto error;
1783                 }
1784                 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1785 
1786                 /* Attach the RAMPATCH */
1787                 ALOGI("%s: Attaching the patches", __FUNCTION__);
1788                 err = rome_attach_rampatch(fd);
1789                 if (err < 0) {
1790                     ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1791                     goto error;
1792                 }
1793                 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1794 
1795                 /* Send Reset */
1796                 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1797                 err = rome_rampatch_reset(fd);
1798                 if ( err < 0 ) {
1799                     ALOGE("Failed to RESET after RAMPATCH upgrade!");
1800                     goto error;
1801                 }
1802 
1803                 /* NVM download */
1804                 ALOGI("%s: Downloading NVM", __FUNCTION__);
1805                 err = rome_1_0_nvm_tag_dnld(fd);
1806                 if ( err <0 ) {
1807                     ALOGE("Downloading NVM Failed !!");
1808                     goto error;
1809                 }
1810 
1811                 /* Change baud rate 115.2 kbps to 3Mbps*/
1812                 err = rome_hci_reset_req(fd);
1813                 if (err < 0) {
1814                     ALOGE("HCI Reset Failed !!");
1815                     goto error;
1816                 }
1817 
1818                 ALOGI("HCI Reset is done\n");
1819             }
1820             break;
1821         case ROME_VER_1_1:
1822             rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1823             nvm_file_path = ROME_NVM_TLV_PATH;
1824             goto download;
1825         case ROME_VER_1_3:
1826             rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1827             nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1828             goto download;
1829         case ROME_VER_2_1:
1830             rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1831             nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1832             goto download;
1833         case ROME_VER_3_0:
1834             rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1835             nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1836             fw_su_info = ROME_3_1_FW_SU;
1837             fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1838             goto download;
1839         case ROME_VER_3_2:
1840             rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1841             nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1842             fw_su_info = ROME_3_2_FW_SU;
1843             fw_su_offset =  ROME_3_2_FW_SW_OFFSET;
1844 
1845 download:
1846             /* Change baud rate 115.2 kbps to 3Mbps*/
1847             err = rome_set_baudrate_req(fd);
1848             if (err < 0) {
1849                 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1850                 goto error;
1851             }
1852             ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1853             /* Donwload TLV files (rampatch, NVM) */
1854             err = rome_download_tlv_file(fd);
1855             if (err < 0) {
1856                 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1857                 goto error;
1858             }
1859             ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1860 
1861             /* Get SU FM label information */
1862             if((err = rome_get_build_info_req(fd)) <0){
1863                 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1864                 //Ignore the failure of ROME FW SU label information
1865                 err = 0;
1866             }
1867 
1868             /* Disable internal LDO to use external LDO instead*/
1869             err = disable_internal_ldo(fd);
1870 
1871             /* Send HCI Reset */
1872             err = rome_hci_reset(fd);
1873             if ( err <0 ) {
1874                 ALOGE("HCI Reset Failed !!");
1875                 goto error;
1876             }
1877 
1878             ALOGI("HCI Reset is done\n");
1879 
1880             break;
1881         case ROME_VER_UNKNOWN:
1882         default:
1883             ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1884             err = -1;
1885             break;
1886     }
1887 
1888 error:
1889     return err;
1890 }
1891