1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <log/log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <termios.h>
51 #include <string.h>
52 #include <stdbool.h>
53 #include <unistd.h>
54
55 #include "bt_hci_bdroid.h"
56 #include "bt_vendor_qcom.h"
57 #include "hci_uart.h"
58 #include "hw_rome.h"
59
60 #define BOARD_ID_LEN 0x5
61 #define MSB_NIBBLE_MASK 0xF0
62 #define LSB_NIBBLE_MASK 0x0F
63
64 #ifdef __cplusplus
65 }
66 #endif
67
68 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
69
70 int read_vs_hci_event(int fd, unsigned char* buf, int size);
71 int get_boardid_req(int fd);
72 unsigned char convert2ascii(unsigned char temp);
73
74
75 /******************************************************************************
76 ** Variables
77 ******************************************************************************/
78 FILE *file;
79 unsigned char *phdr_buffer;
80 unsigned char *pdata_buffer = NULL;
81 patch_info rampatch_patch_info;
82 int rome_ver = ROME_VER_UNKNOWN;
83 unsigned char gTlv_type;
84 unsigned char gTlv_dwndCfg;
85 static unsigned int wipower_flag = 0;
86 static unsigned int wipower_handoff_ready = 0;
87 char *rampatch_file_path;
88 char *nvm_file_path;
89 char *fw_su_info = NULL;
90 unsigned short fw_su_offset =0;
91 extern char enable_extldo;
92 unsigned char wait_vsc_evt = TRUE;
93 bool patch_dnld_pending = FALSE;
94 int dnld_fd = -1;
95 unsigned char board_id[BOARD_ID_LEN];
96
97 /******************************************************************************
98 ** Extern variables
99 ******************************************************************************/
100 extern uint8_t vnd_local_bd_addr[6];
101
102 /*****************************************************************************
103 ** Functions
104 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)105 int do_write(int fd, unsigned char *buf,int len)
106 {
107 int ret = 0;
108 int write_offset = 0;
109 int write_len = len;
110 do {
111 ret = write(fd,buf+write_offset,write_len);
112 if (ret < 0)
113 {
114 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
115 return -1;
116 } else if (ret == 0) {
117 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
118 return 0;
119 } else {
120 if (ret < write_len) {
121 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
122 strerror(errno));
123 write_len = write_len - ret;
124 write_offset = ret;
125 } else {
126 ALOGV("Write successful");
127 break;
128 }
129 }
130 } while(1);
131 return len;
132 }
133
get_vs_hci_event(unsigned char * rsp)134 int get_vs_hci_event(unsigned char *rsp)
135 {
136 int err = 0;
137 unsigned char paramlen = 0;
138 unsigned char EMBEDDED_MODE_CHECK = 0x02;
139 unsigned int soc_id = 0;
140 unsigned int productid = 0;
141 unsigned short patchversion = 0;
142 char build_label[255];
143 int build_lbl_len;
144
145 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
146 ALOGV("%s: Received HCI-Vendor Specific event", __FUNCTION__);
147 else {
148 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
149 err = -EIO;
150 goto failed;
151 }
152
153 ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN],
154 rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]);
155
156 /* Check the status of the operation */
157 switch ( rsp[CMD_RSP_OFFSET] )
158 {
159 case EDL_CMD_REQ_RES_EVT:
160 ALOGV("%s: Command Request Response", __FUNCTION__);
161 switch(rsp[RSP_TYPE_OFFSET])
162 {
163 case EDL_PATCH_VER_RES_EVT:
164 case EDL_APP_VER_RES_EVT:
165 ALOGI("\t Current Product ID\t\t: 0x%08x",
166 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
167 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
168 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
169 rsp[PATCH_PROD_ID_OFFSET] ));
170
171 /* Patch Version indicates FW patch version */
172 ALOGI("\t Current Patch Version\t\t: 0x%04x",
173 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
174 rsp[PATCH_PATCH_VER_OFFSET] )));
175
176 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
177 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
178 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
179 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
180
181 /* In case rome 1.0/1.1, there is no SOC ID version available */
182 if (paramlen - 10)
183 {
184 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
185 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
186 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
187 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
188 rsp[PATCH_SOC_VER_OFFSET] ));
189 }
190
191 /* Rome Chipset Version can be decided by Patch version and SOC version,
192 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
193 used for SOC as combination for BT host driver */
194 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
195 break;
196 case EDL_TVL_DNLD_RES_EVT:
197 case EDL_CMD_EXE_STATUS_EVT:
198 switch (err = rsp[CMD_STATUS_OFFSET])
199 {
200 case HCI_CMD_SUCCESS:
201 ALOGV("%s: Download Packet successfully!", __FUNCTION__);
202 break;
203 case PATCH_LEN_ERROR:
204 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
205 "SET REQ cmd", __FUNCTION__);
206 break;
207 case PATCH_VER_ERROR:
208 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
209 "SET REQ cmd", __FUNCTION__);
210 break;
211 case PATCH_CRC_ERROR:
212 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
213 break;
214 case PATCH_NOT_FOUND:
215 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
216 break;
217 case TLV_TYPE_ERROR:
218 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
219 break;
220 default:
221 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
222 break;
223 }
224 break;
225 case HCI_VS_GET_BUILD_VER_EVT:
226 build_lbl_len = rsp[5];
227 memcpy (build_label, &rsp[6], build_lbl_len);
228 *(build_label+build_lbl_len) = '\0';
229
230 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
231 break;
232 case EDL_BOARD_ID_RESPONSE:
233 ALOGI("%s: board id %x %x!!", __FUNCTION__, rsp[6], rsp[7]);
234 if (rsp[6] <= 0x00) {
235 board_id[0] = convert2ascii ((rsp[7] & MSB_NIBBLE_MASK) >> 4);
236 board_id[1] = convert2ascii (rsp[7] & LSB_NIBBLE_MASK);
237 board_id[2] = '\0';
238 } else {
239 board_id[0] = convert2ascii ((rsp[6] & MSB_NIBBLE_MASK) >> 4);
240 board_id[1] = convert2ascii (rsp[6] & LSB_NIBBLE_MASK);
241 board_id[2] = convert2ascii ((rsp[7] & MSB_NIBBLE_MASK) >> 4);
242 board_id[3] = convert2ascii (rsp[7] & LSB_NIBBLE_MASK);
243 board_id[4] = '\0';
244 }
245 break;
246 }
247 break;
248
249 case NVM_ACCESS_CODE:
250 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
251 err = HCI_CMD_SUCCESS;
252 break;
253 case EDL_SET_BAUDRATE_RSP_EVT:
254 /* Rome 1.1 has bug with the response, so it should ignore it. */
255 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
256 {
257 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
258 rsp[CMD_STATUS_OFFSET]);
259 err = -1;
260 }
261 break;
262 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
263 /* Query charging command has below return values
264 0 - in embedded mode not charging
265 1 - in embedded mode and charging
266 2 - hadofff completed and in normal mode
267 3 - no wipower supported on mtp. so irrepective of charging
268 handoff command has to be sent if return values are 0 or 1.
269 These change include logic to enable generic BT turn on sequence.*/
270 if (rsp[4] < EMBEDDED_MODE_CHECK)
271 {
272 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
273 wipower_handoff_ready = rsp[4];
274 wipower_flag = 1;
275 }
276 break;
277 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
278 /*TODO: rsp code 00 mean no charging
279 this is going to change in FW soon*/
280 if (rsp[4] == NON_WIPOWER_MODE)
281 {
282 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
283 }
284 break;
285 case HCI_VS_GET_ADDON_FEATURES_EVENT:
286 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
287 {
288 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
289 property_set("persist.bluetooth.a4wp", "true");
290 }
291 break;
292 case HCI_VS_STRAY_EVT:
293 /* WAR to handle stray Power Apply EVT during patch download */
294 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
295 if (patch_dnld_pending && dnld_fd != -1)
296 {
297 unsigned char rsp[HCI_MAX_EVENT_SIZE];
298 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
299 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
300 }
301 else
302 {
303 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
304 err = -1;
305 }
306 break;
307 default:
308 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
309 err = -1;
310 break;
311 }
312
313 failed:
314 return err;
315 }
316
317
318 /*
319 * Read an VS HCI event from the given file descriptor.
320 */
read_vs_hci_event(int fd,unsigned char * buf,int size)321 int read_vs_hci_event(int fd, unsigned char* buf, int size)
322 {
323 int remain, r;
324 int count = 0;
325
326 if (size <= 0) {
327 ALOGE("Invalid size arguement!");
328 return -1;
329 }
330
331 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
332
333 /* The first byte identifies the packet type. For HCI event packets, it
334 * should be 0x04, so we read until we get to the 0x04. */
335 /* It will keep reading until find 0x04 byte */
336 while (1) {
337 r = read(fd, buf, 1);
338 if (r <= 0)
339 return -1;
340 if (buf[0] == 0x04)
341 break;
342 }
343 count++;
344
345 /* The next two bytes are the event code and parameter total length. */
346 while (count < 3) {
347 r = read(fd, buf + count, 3 - count);
348 if ((r <= 0) || (buf[1] != 0xFF )) {
349 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
350 return -1;
351 }
352 count += r;
353 }
354
355 /* Now we read the parameters. */
356 if (buf[2] < (size - 3))
357 remain = buf[2];
358 else
359 remain = size - 3;
360
361 while ((count - 3) < remain) {
362 r = read(fd, buf + count, remain - (count - 3));
363 if (r <= 0)
364 return -1;
365 count += r;
366 }
367
368 /* Check if the set patch command is successful or not */
369 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
370 return -1;
371
372 return count;
373 }
374
375 /*
376 * For Hand-Off related Wipower commands, Command complete arrives first and
377 * the followd with VS event
378 *
379 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)380 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
381 {
382 int ret = 0;
383 int err = 0;
384
385 /* Send the HCI command packet to UART for transmission */
386 ret = do_write(fd, cmd, size);
387 if (ret != size) {
388 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
389 goto failed;
390 }
391
392 /* Wait for command complete event */
393 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
394 if ( err < 0) {
395 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
396 goto failed;
397 }
398
399 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
400 failed:
401 return ret;
402 }
403
404
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)405 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
406 {
407 int ret = 0;
408
409 /* Send the HCI command packet to UART for transmission */
410 ret = do_write(fd, cmd, size);
411 if (ret != size) {
412 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
413 goto failed;
414 }
415
416 if (wait_vsc_evt) {
417 /* Check for response from the Controller */
418 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
419 ret = -ETIMEDOUT;
420 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
421 goto failed;
422 }
423 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
424 }
425
426 failed:
427 return ret;
428 }
429
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)430 void frame_hci_cmd_pkt(
431 unsigned char *cmd,
432 int edl_cmd, unsigned int p_base_addr,
433 int segtNo, int size
434 )
435 {
436 int offset = 0;
437 hci_command_hdr *cmd_hdr;
438
439 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
440
441 cmd_hdr = (void *) (cmd + 1);
442
443 cmd[0] = HCI_COMMAND_PKT;
444 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
445 cmd_hdr->plen = size;
446 cmd[4] = edl_cmd;
447
448 switch (edl_cmd)
449 {
450 case EDL_PATCH_SET_REQ_CMD:
451 /* Copy the patch header info as CMD params */
452 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
453 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
454 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
455 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
456 break;
457 case EDL_PATCH_DLD_REQ_CMD:
458 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
459 p_base_addr += offset;
460 cmd_hdr->plen = (size + 6);
461 cmd[5] = (size + 4);
462 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
463 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
464 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
465 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
466 memcpy(&cmd[10], (pdata_buffer + offset), size);
467
468 ALOGV("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
469 __FUNCTION__, size);
470 ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
471 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
472 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
473 break;
474 case EDL_PATCH_ATCH_REQ_CMD:
475 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
476 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
477 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
478 break;
479 case EDL_PATCH_RST_REQ_CMD:
480 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
481 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
482 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
483 break;
484 case EDL_PATCH_VER_REQ_CMD:
485 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
486 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
487 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
488 break;
489 case EDL_PATCH_TLV_REQ_CMD:
490 ALOGV("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
491 /* Parameter Total Length */
492 cmd[3] = size +2;
493
494 /* TLV Segment Length */
495 cmd[5] = size;
496 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
497 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
498 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
499 memcpy(&cmd[6], (pdata_buffer + offset), size);
500 break;
501 case EDL_GET_BUILD_INFO:
502 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
503 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
504 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
505 break;
506 case EDL_GET_BOARD_ID:
507 ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
508 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
509 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
510 break;
511 default:
512 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
513 }
514 }
515
rome_extract_patch_header_info(unsigned char * buf)516 void rome_extract_patch_header_info(unsigned char *buf)
517 {
518 int index;
519
520 /* Extract patch id */
521 for (index = 0; index < 4; index++)
522 rampatch_patch_info.patch_id |=
523 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
524
525 /* Extract (ROM and BUILD) version information */
526 for (index = 0; index < 2; index++)
527 rampatch_patch_info.patch_ver.rom_version |=
528 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
529
530 for (index = 0; index < 2; index++)
531 rampatch_patch_info.patch_ver.build_version |=
532 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
533
534 /* Extract patch base and entry addresses */
535 for (index = 0; index < 4; index++)
536 rampatch_patch_info.patch_base_addr |=
537 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
538
539 /* Patch BASE & ENTRY addresses are same */
540 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
541
542 /* Extract total length of the patch payload */
543 for (index = 0; index < 4; index++)
544 rampatch_patch_info.patch_length |=
545 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
546
547 /* Extract the CRC checksum of the patch payload */
548 for (index = 0; index < 4; index++)
549 rampatch_patch_info.patch_crc |=
550 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
551
552 /* Extract patch control value */
553 for (index = 0; index < 4; index++)
554 rampatch_patch_info.patch_ctrl |=
555 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
556
557 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
558 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
559 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
560 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
561 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
562 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
563 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
564
565 }
566
rome_edl_set_patch_request(int fd)567 int rome_edl_set_patch_request(int fd)
568 {
569 int size, err;
570 unsigned char cmd[HCI_MAX_CMD_SIZE];
571 unsigned char rsp[HCI_MAX_EVENT_SIZE];
572
573 /* Frame the HCI CMD to be sent to the Controller */
574 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
575 -1, PATCH_HDR_LEN + 1);
576
577 /* Total length of the packet to be sent to the Controller */
578 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
579
580 /* Send HCI Command packet to Controller */
581 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
582 if ( err != size) {
583 ALOGE("Failed to set the patch info to the Controller!");
584 goto error;
585 }
586
587 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
588 if ( err < 0) {
589 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
590 goto error;
591 }
592 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
593 error:
594 return err;
595 }
596
rome_edl_patch_download_request(int fd)597 int rome_edl_patch_download_request(int fd)
598 {
599 int no_of_patch_segment;
600 int index = 1, err = 0, size = 0;
601 unsigned int p_base_addr;
602 unsigned char cmd[HCI_MAX_CMD_SIZE];
603 unsigned char rsp[HCI_MAX_EVENT_SIZE];
604
605 no_of_patch_segment = (rampatch_patch_info.patch_length /
606 MAX_DATA_PER_SEGMENT);
607 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
608 __FUNCTION__, no_of_patch_segment,
609 rampatch_patch_info.patch_base_addr);
610
611 /* Initialize the patch base address from the one read from bin file */
612 p_base_addr = rampatch_patch_info.patch_base_addr;
613
614 /*
615 * Depending upon size of the patch payload, download the patches in
616 * segments with a max. size of 239 bytes
617 */
618 for (index = 1; index <= no_of_patch_segment; index++) {
619
620 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
621
622 /* Frame the HCI CMD PKT to be sent to Controller*/
623 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
624 index, MAX_DATA_PER_SEGMENT);
625
626 /* Total length of the packet to be sent to the Controller */
627 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
628
629 /* Initialize the RSP packet everytime to 0 */
630 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
631
632 /* Send HCI Command packet to Controller */
633 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
634 if ( err != size) {
635 ALOGE("Failed to send the patch payload to the Controller!");
636 goto error;
637 }
638
639 /* Read Command Complete Event */
640 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
641 if ( err < 0) {
642 ALOGE("%s: Failed to downlaod patch segment: %d!",
643 __FUNCTION__, index);
644 goto error;
645 }
646 ALOGI("%s: Successfully downloaded patch segment: %d",
647 __FUNCTION__, index);
648 }
649
650 /* Check if any pending patch data to be sent */
651 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
652 rampatch_patch_info.patch_length :
653 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
654
655 if (size)
656 {
657 /* Frame the HCI CMD PKT to be sent to Controller*/
658 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
659
660 /* Initialize the RSP packet everytime to 0 */
661 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
662
663 /* Total length of the packet to be sent to the Controller */
664 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
665
666 /* Send HCI Command packet to Controller */
667 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
668 if ( err != size) {
669 ALOGE("Failed to send the patch payload to the Controller!");
670 goto error;
671 }
672
673 /* Read Command Complete Event */
674 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
675 if ( err < 0) {
676 ALOGE("%s: Failed to downlaod patch segment: %d!",
677 __FUNCTION__, index);
678 goto error;
679 }
680
681 ALOGI("%s: Successfully downloaded patch segment: %d",
682 __FUNCTION__, index);
683 }
684
685 error:
686 return err;
687 }
688
rome_download_rampatch(int fd)689 static int rome_download_rampatch(int fd)
690 {
691 int c, size, index, ret = -1;
692
693 ALOGI("%s: ", __FUNCTION__);
694
695 /* Get handle to the RAMPATCH binary file */
696 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
697 file = fopen(ROME_FW_PATH, "r");
698 if (file == NULL) {
699 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
700 __FUNCTION__);
701 return -ENFILE;
702 }
703
704 /* Allocate memory for the patch headder info */
705 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
706 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
707 if (phdr_buffer == NULL) {
708 ALOGE("%s: Failed to allocate memory for patch header",
709 __FUNCTION__);
710 goto phdr_alloc_failed;
711 }
712 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
713 phdr_buffer[index] = 0x0;
714
715 /* Read 28 bytes of patch header information */
716 ALOGI("%s: Reading patch header info", __FUNCTION__);
717 index = 0;
718 do {
719 c = fgetc (file);
720 phdr_buffer[index++] = (unsigned char)c;
721 } while (index != PATCH_HDR_LEN);
722
723 /* Save the patch header info into local structure */
724 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
725 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
726
727 /* Set the patch header info onto the Controller */
728 ret = rome_edl_set_patch_request(fd);
729 if (ret < 0) {
730 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
731 goto pdata_alloc_failed;
732 }
733
734 /* Allocate memory for the patch payload */
735 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
736 size = rampatch_patch_info.patch_length;
737 pdata_buffer = (unsigned char *) malloc(size+1);
738 if (pdata_buffer == NULL) {
739 ALOGE("%s: Failed to allocate memory for patch payload",
740 __FUNCTION__);
741 goto pdata_alloc_failed;
742 }
743 for (index = 0; index < size+1; index++)
744 pdata_buffer[index] = 0x0;
745
746 /* Read the patch data from Rampatch binary image */
747 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
748 index = 0;
749 do {
750 c = fgetc (file);
751 pdata_buffer[index++] = (unsigned char)c;
752 } while (c != EOF);
753
754 /* Downloading patches in segments to controller */
755 ret = rome_edl_patch_download_request(fd);
756 if (ret < 0) {
757 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
758 goto cleanup;
759 }
760 cleanup:
761 free(pdata_buffer);
762 pdata_alloc_failed:
763 free(phdr_buffer);
764 phdr_alloc_failed:
765 fclose(file);
766 return ret;
767 }
768
rome_attach_rampatch(int fd)769 int rome_attach_rampatch(int fd)
770 {
771 int size, err;
772 unsigned char cmd[HCI_MAX_CMD_SIZE];
773 unsigned char rsp[HCI_MAX_EVENT_SIZE];
774
775 /* Frame the HCI CMD to be sent to the Controller */
776 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
777 -1, EDL_PATCH_CMD_LEN);
778
779 /* Total length of the packet to be sent to the Controller */
780 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
781
782 /* Send HCI Command packet to Controller */
783 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
784 if ( err != size) {
785 ALOGE("Failed to attach the patch payload to the Controller!");
786 goto error;
787 }
788
789 /* Read Command Complete Event */
790 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
791 if ( err < 0) {
792 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
793 goto error;
794 }
795 error:
796 return err;
797 }
798
rome_rampatch_reset(int fd)799 int rome_rampatch_reset(int fd)
800 {
801 int size, err = 0;
802 unsigned char cmd[HCI_MAX_CMD_SIZE];
803 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
804
805 /* Frame the HCI CMD to be sent to the Controller */
806 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
807 -1, EDL_PATCH_CMD_LEN);
808
809 /* Total length of the packet to be sent to the Controller */
810 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
811
812 /* Send HCI Command packet to Controller */
813 err = do_write(fd, cmd, size);
814 if (err != size) {
815 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
816 goto error;
817 }
818
819 /*
820 * Controller doesn't sends any response for the patch reset
821 * command. HOST has to wait for 100ms before proceeding.
822 */
823 nanosleep(&tm, NULL);
824
825 error:
826 return err;
827 }
828
rome_get_tlv_file(char * file_path)829 int rome_get_tlv_file(char *file_path)
830 {
831 FILE * pFile;
832 long fileSize;
833 int readSize, nvm_length, nvm_index, i;
834 unsigned short nvm_tag_len;
835 tlv_patch_info *ptlv_header;
836 tlv_nvm_hdr *nvm_ptr;
837 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
838 unsigned char *nvm_byte_ptr;
839
840 ALOGI("File Open (%s)", file_path);
841 pFile = fopen ( file_path , "r" );
842 if (pFile==NULL) {;
843 ALOGE("%s File Open Fail", file_path);
844 return -1;
845 }
846
847 /* Get File Size */
848 fseek (pFile , 0 , SEEK_END);
849 fileSize = ftell (pFile);
850 rewind (pFile);
851
852 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
853 if (pdata_buffer == NULL) {
854 ALOGE("Allocated Memory failed");
855 fclose (pFile);
856 return -1;
857 }
858
859 /* Copy file into allocated buffer */
860 readSize = fread (pdata_buffer,1,fileSize,pFile);
861
862 /* File Close */
863 fclose (pFile);
864
865 if (readSize != fileSize) {
866 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
867 return -1;
868 }
869
870 ptlv_header = (tlv_patch_info *) pdata_buffer;
871
872 /* To handle different event between rampatch and NVM */
873 gTlv_type = ptlv_header->tlv_type;
874 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
875
876 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
877 ALOGI("====================================================");
878 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
879 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
880 (ptlv_header->tlv_length2 << 8) |
881 (ptlv_header->tlv_length3 << 16));
882 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
883 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
884 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
885 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
886 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
887 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
888 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
889 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
890 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
891 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
892 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
893 ALOGI("====================================================");
894
895 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
896 ALOGV("====================================================");
897 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
898 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
899 (ptlv_header->tlv_length2 << 8) |
900 (ptlv_header->tlv_length3 << 16));
901
902 if(nvm_length <= 0)
903 return readSize;
904
905 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
906 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
907 {
908 ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
909 ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
910 ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
911 ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
912
913 /* Increase nvm_index to NVM data */
914 nvm_index+=sizeof(tlv_nvm_hdr);
915 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
916
917 /* Write BD Address */
918 if(nvm_ptr->tag_id == TAG_NUM_2){
919 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
920 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
921 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
922 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
923 }
924
925 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
926 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
927
928 ALOGV("TAG Data\t\t\t : %s", data_buf);
929
930 /* Clear buffer */
931 memset(data_buf, 0x0, PRINT_BUF_SIZE);
932
933 /* increased by tag_len */
934 nvm_index+=nvm_ptr->tag_len;
935 nvm_byte_ptr +=nvm_ptr->tag_len;
936 }
937
938 ALOGV("====================================================");
939
940 } else {
941 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
942 }
943
944 return readSize;
945 }
946
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)947 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
948 {
949 int size=0, err = -1;
950 unsigned char cmd[HCI_MAX_CMD_SIZE];
951 unsigned char rsp[HCI_MAX_EVENT_SIZE];
952
953 ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
954
955 /* Frame the HCI CMD PKT to be sent to Controller*/
956 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
957
958 /* Total length of the packet to be sent to the Controller */
959 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
960
961 /* Initialize the RSP packet everytime to 0 */
962 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
963
964 /* Send HCI Command packet to Controller */
965 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
966 if ( err != size) {
967 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
968 return err;
969 }
970
971 if(wait_cc_evt) {
972 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
973 if ( err < 0) {
974 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
975 return err;
976 }
977 }
978
979 ALOGV("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
980 return err;
981 }
982
rome_tlv_dnld_req(int fd,int tlv_size)983 int rome_tlv_dnld_req(int fd, int tlv_size)
984 {
985 int total_segment, remain_size, i, err = -1;
986 unsigned char wait_cc_evt = TRUE;
987
988 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
989 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
990 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
991
992 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
993 __FUNCTION__,tlv_size, total_segment, remain_size);
994
995 if (gTlv_type == TLV_TYPE_PATCH) {
996 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
997 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
998 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
999 */
1000 switch(gTlv_dwndCfg)
1001 {
1002 case ROME_SKIP_EVT_NONE:
1003 wait_vsc_evt = TRUE;
1004 wait_cc_evt = TRUE;
1005 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
1006 break;
1007 case ROME_SKIP_EVT_VSE_CC:
1008 wait_vsc_evt = FALSE;
1009 wait_cc_evt = FALSE;
1010 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
1011 break;
1012 /* Not handled for now */
1013 case ROME_SKIP_EVT_VSE:
1014 case ROME_SKIP_EVT_CC:
1015 default:
1016 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
1017 break;
1018 }
1019 } else {
1020 wait_vsc_evt = TRUE;
1021 wait_cc_evt = TRUE;
1022 }
1023
1024 for(i=0;i<total_segment ;i++){
1025 if ((i+1) == total_segment) {
1026 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1027 /* If the Rome version is from 1.1 to 3.1
1028 * 1. No CCE for the last command segment but all other segment
1029 * 2. All the command segments get VSE including the last one
1030 */
1031 wait_cc_evt = !remain_size ? FALSE: TRUE;
1032 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1033 /* If the Rome version is 3.2
1034 * 1. None of the command segments receive CCE
1035 * 2. No command segments receive VSE except the last one
1036 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1037 * same as Rome 2.1, 2.2, 3.0
1038 */
1039 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1040 wait_cc_evt = !remain_size ? FALSE: TRUE;
1041 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1042 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1043 }
1044 }
1045 }
1046
1047 patch_dnld_pending = TRUE;
1048 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1049 goto error;
1050 patch_dnld_pending = FALSE;
1051 }
1052
1053 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1054 /* If the Rome version is from 1.1 to 3.1
1055 * 1. No CCE for the last command segment but all other segment
1056 * 2. All the command segments get VSE including the last one
1057 */
1058 wait_cc_evt = remain_size ? FALSE: TRUE;
1059 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1060 /* If the Rome version is 3.2
1061 * 1. None of the command segments receive CCE
1062 * 2. No command segments receive VSE except the last one
1063 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1064 * same as Rome 2.1, 2.2, 3.0
1065 */
1066 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1067 wait_cc_evt = remain_size ? FALSE: TRUE;
1068 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1069 wait_vsc_evt = remain_size ? TRUE: FALSE;
1070 }
1071 }
1072
1073 patch_dnld_pending = TRUE;
1074 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1075 patch_dnld_pending = FALSE;
1076 error:
1077 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1078 return err;
1079 }
1080
rome_download_tlv_file(int fd)1081 int rome_download_tlv_file(int fd)
1082 {
1083 int tlv_size, err = -1;
1084 char nvm_file_path_bid[32] = { 0,};
1085
1086 memcpy(nvm_file_path_bid, nvm_file_path, strlen(nvm_file_path) - 2);
1087
1088 /* Rampatch TLV file Downloading */
1089 pdata_buffer = NULL;
1090 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1091 goto error;
1092
1093 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1094 goto error;
1095
1096 if (pdata_buffer != NULL){
1097 free (pdata_buffer);
1098 pdata_buffer = NULL;
1099 }
1100 if (get_boardid_req(fd) < 0) {
1101 ALOGE("%s: failed to get board id(0x%x)", __FUNCTION__, err);
1102 goto default_download;
1103 }
1104
1105 strlcat(nvm_file_path_bid, (const char*)board_id, sizeof(nvm_file_path_bid));
1106
1107 if((tlv_size = rome_get_tlv_file(nvm_file_path_bid)) < 0) {
1108 ALOGI("%s: %s: file doesn't exist, falling back to default file", __FUNCTION__, nvm_file_path_bid);
1109 default_download:
1110 /* NVM TLV file Downloading */
1111 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1112 goto error;
1113 }
1114
1115 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1116 goto error;
1117
1118 error:
1119 if (pdata_buffer != NULL)
1120 free (pdata_buffer);
1121
1122 return err;
1123 }
1124
rome_1_0_nvm_tag_dnld(int fd)1125 int rome_1_0_nvm_tag_dnld(int fd)
1126 {
1127 int i, size, err = 0;
1128 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1129
1130 #if (NVM_VERSION >= ROME_1_0_100019)
1131 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1132 {
1133 /* Tag 2 */ /* BD Address */
1134 { /* Packet Type */HCI_COMMAND_PKT,
1135 /* Opcode */ 0x0b,0xfc,
1136 /* Total Len */ 9,
1137 /* NVM CMD */ NVM_ACCESS_SET,
1138 /* Tag Num */ 2,
1139 /* Tag Len */ 6,
1140 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1141 },
1142 /* Tag 6 */ /* Bluetooth Support Features */
1143 { /* Packet Type */HCI_COMMAND_PKT,
1144 /* Opcode */ 0x0b,0xfc,
1145 /* Total Len */ 11,
1146 /* NVM CMD */ NVM_ACCESS_SET,
1147 /* Tag Num */ 6,
1148 /* Tag Len */ 8,
1149 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1150 },
1151 /* Tag 17 */ /* HCI Transport Layer Setting */
1152 { /* Packet Type */HCI_COMMAND_PKT,
1153 /* Opcode */ 0x0b,0xfc,
1154 /* Total Len */ 11,
1155 /* NVM CMD */ NVM_ACCESS_SET,
1156 /* Tag Num */ 17,
1157 /* Tag Len */ 8,
1158 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1159 },
1160 /* Tag 35 */
1161 { /* Packet Type */HCI_COMMAND_PKT,
1162 /* Opcode */ 0x0b,0xfc,
1163 /* Total Len */ 58,
1164 /* NVM CMD */ NVM_ACCESS_SET,
1165 /* Tag Num */ 35,
1166 /* Tag Len */ 55,
1167 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1168 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1169 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1170 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1171 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1172 0x1B, 0x14, 0x01, 0x04, 0x48
1173 },
1174 /* Tag 36 */
1175 { /* Packet Type */HCI_COMMAND_PKT,
1176 /* Opcode */ 0x0b,0xfc,
1177 /* Total Len */ 15,
1178 /* NVM CMD */ NVM_ACCESS_SET,
1179 /* Tag Num */ 36,
1180 /* Tag Len */ 12,
1181 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1182 },
1183 /* Tag 39 */
1184 { /* Packet Type */HCI_COMMAND_PKT,
1185 /* Opcode */ 0x0b,0xfc,
1186 /* Total Len */ 7,
1187 /* NVM CMD */ NVM_ACCESS_SET,
1188 /* Tag Num */ 39,
1189 /* Tag Len */ 4,
1190 /* Tag Value */ 0x12,0x00,0x00,0x00
1191 },
1192 /* Tag 41 */
1193 { /* Packet Type */HCI_COMMAND_PKT,
1194 /* Opcode */ 0x0b,0xfc,
1195 /* Total Len */ 91,
1196 /* NVM CMD */ NVM_ACCESS_SET,
1197 /* Tag Num */ 41,
1198 /* Tag Len */ 88,
1199 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1200 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1201 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1202 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1203 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1204 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1205 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1206 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1207 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1208 },
1209 /* Tag 42 */
1210 { /* Packet Type */HCI_COMMAND_PKT,
1211 /* Opcode */ 0x0b,0xfc,
1212 /* Total Len */ 63,
1213 /* NVM CMD */ NVM_ACCESS_SET,
1214 /* Tag Num */ 42,
1215 /* Tag Len */ 60,
1216 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1217 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1218 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1219 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1220 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1221 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1222 },
1223 /* Tag 84 */
1224 { /* Packet Type */HCI_COMMAND_PKT,
1225 /* Opcode */ 0x0b,0xfc,
1226 /* Total Len */ 153,
1227 /* NVM CMD */ NVM_ACCESS_SET,
1228 /* Tag Num */ 84,
1229 /* Tag Len */ 150,
1230 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1231 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1232 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1233 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1234 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1235 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1236 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1237 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1238 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1239 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1240 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1241 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1242 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1243 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1244 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1245 },
1246 /* Tag 85 */
1247 { /* Packet Type */HCI_COMMAND_PKT,
1248 /* Opcode */ 0x0b,0xfc,
1249 /* Total Len */ 119,
1250 /* NVM CMD */ NVM_ACCESS_SET,
1251 /* Tag Num */ 85,
1252 /* Tag Len */ 116,
1253 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1254 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1255 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1256 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1257 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1258 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1259 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1260 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1261 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1262 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1263 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1264 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1265 },
1266 {TAG_END}
1267 };
1268 #elif (NVM_VERSION == ROME_1_0_6002)
1269 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1270 {
1271 /* Tag 2 */
1272 { /* Packet Type */HCI_COMMAND_PKT,
1273 /* Opcode */ 0x0b,0xfc,
1274 /* Total Len */ 9,
1275 /* NVM CMD */ NVM_ACCESS_SET,
1276 /* Tag Num */ 2,
1277 /* Tag Len */ 6,
1278 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1279 },
1280 /* Tag 6 */
1281 { /* Packet Type */HCI_COMMAND_PKT,
1282 /* Opcode */ 0x0b,0xfc,
1283 /* Total Len */ 11,
1284 /* NVM CMD */ NVM_ACCESS_SET,
1285 /* Tag Num */ 6,
1286 /* Tag Len */ 8,
1287 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1288 },
1289 /* Tag 17 */
1290 { /* Packet Type */HCI_COMMAND_PKT,
1291 /* Opcode */ 0x0b,0xfc,
1292 /* Total Len */ 11,
1293 /* NVM CMD */ NVM_ACCESS_SET,
1294 /* Tag Num */ 17,
1295 /* Tag Len */ 8,
1296 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1297 },
1298 /* Tag 36 */
1299 { /* Packet Type */HCI_COMMAND_PKT,
1300 /* Opcode */ 0x0b,0xfc,
1301 /* Total Len */ 15,
1302 /* NVM CMD */ NVM_ACCESS_SET,
1303 /* Tag Num */ 36,
1304 /* Tag Len */ 12,
1305 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1306 },
1307
1308 /* Tag 39 */
1309 { /* Packet Type */HCI_COMMAND_PKT,
1310 /* Opcode */ 0x0b,0xfc,
1311 /* Total Len */ 7,
1312 /* NVM CMD */ NVM_ACCESS_SET,
1313 /* Tag Num */ 39,
1314 /* Tag Len */ 4,
1315 /* Tag Value */ 0x12,0x00,0x00,0x00
1316 },
1317
1318 /* Tag 41 */
1319 { /* Packet Type */HCI_COMMAND_PKT,
1320 /* Opcode */ 0x0b,0xfc,
1321 /* Total Len */ 199,
1322 /* NVM CMD */ NVM_ACCESS_SET,
1323 /* Tag Num */ 41,
1324 /* Tag Len */ 196,
1325 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1326 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1327 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1328 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1329 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1330 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1331 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1332 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1333 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1334 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1335 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1336 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1337 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1338 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1339 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1340 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1341 0x0B,0x01,0x03,0x00
1342 },
1343
1344 /* Tag 44 */
1345 { /* Packet Type */HCI_COMMAND_PKT,
1346 /* Opcode */ 0x0b,0xfc,
1347 /* Total Len */ 44,
1348 /* NVM CMD */ NVM_ACCESS_SET,
1349 /* Tag Num */ 44,
1350 /* Tag Len */ 41,
1351 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1352 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1353 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1354 0x00,0x14,0x01,0x02,0x03
1355 },
1356 {TAG_END}
1357 };
1358 #endif
1359
1360 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1361
1362 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1363 {
1364 /* Write BD Address */
1365 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1366 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1367 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1368 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1369 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1370 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1371 }
1372 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1373 /* Send HCI Command packet to Controller */
1374 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1375 if ( err != size) {
1376 ALOGE("Failed to attach the patch payload to the Controller!");
1377 goto error;
1378 }
1379
1380 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1381 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1382 if ( err < 0) {
1383 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1384 goto error;
1385 }
1386 }
1387
1388 error:
1389 return err;
1390 }
1391
1392
1393
rome_patch_ver_req(int fd)1394 int rome_patch_ver_req(int fd)
1395 {
1396 int size, err = 0;
1397 unsigned char cmd[HCI_MAX_CMD_SIZE];
1398 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1399
1400 /* Frame the HCI CMD to be sent to the Controller */
1401 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1402 -1, EDL_PATCH_CMD_LEN);
1403
1404 /* Total length of the packet to be sent to the Controller */
1405 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1406
1407 /* Send HCI Command packet to Controller */
1408 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1409 if ( err != size) {
1410 ALOGE("Failed to attach the patch payload to the Controller!");
1411 goto error;
1412 }
1413
1414 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1415 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1416 if ( err < 0) {
1417 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1418 goto error;
1419 }
1420 error:
1421 return err;
1422
1423 }
1424
rome_get_build_info_req(int fd)1425 int rome_get_build_info_req(int fd)
1426 {
1427 int size, err = 0;
1428 unsigned char cmd[HCI_MAX_CMD_SIZE];
1429 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1430
1431 /* Frame the HCI CMD to be sent to the Controller */
1432 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1433 -1, EDL_PATCH_CMD_LEN);
1434
1435 /* Total length of the packet to be sent to the Controller */
1436 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1437
1438 /* Send HCI Command packet to Controller */
1439 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1440 if ( err != size) {
1441 ALOGE("Failed to send get build info cmd to the SoC!");
1442 goto error;
1443 }
1444
1445 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1446 if ( err < 0) {
1447 ALOGE("%s: Failed to get build info", __FUNCTION__);
1448 goto error;
1449 }
1450 error:
1451 return err;
1452
1453 }
1454
1455
rome_set_baudrate_req(int fd)1456 int rome_set_baudrate_req(int fd)
1457 {
1458 int size, err = 0;
1459 unsigned char cmd[HCI_MAX_CMD_SIZE];
1460 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1461 hci_command_hdr *cmd_hdr;
1462 int flags;
1463
1464 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1465
1466 cmd_hdr = (void *) (cmd + 1);
1467 cmd[0] = HCI_COMMAND_PKT;
1468 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1469 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1470 cmd[4] = BAUDRATE_3000000;
1471
1472 /* Total length of the packet to be sent to the Controller */
1473 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1474 tcflush(fd,TCIOFLUSH);
1475 /* Flow off during baudrate change */
1476 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1477 {
1478 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1479 goto error;
1480 }
1481
1482 /* Send the HCI command packet to UART for transmission */
1483 err = do_write(fd, cmd, size);
1484 if (err != size) {
1485 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1486 goto error;
1487 }
1488
1489 /* Change Local UART baudrate to high speed UART */
1490 userial_vendor_set_baud(USERIAL_BAUD_3M);
1491
1492 /* Flow on after changing local uart baudrate */
1493 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1494 {
1495 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1496 return err;
1497 }
1498
1499 /* Check for response from the Controller */
1500 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1501 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1502 goto error;
1503 }
1504
1505 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1506
1507 /* Wait for command complete event */
1508 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1509 if ( err < 0) {
1510 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1511 goto error;
1512 }
1513
1514 error:
1515 return err;
1516
1517 }
1518
1519
rome_hci_reset_req(int fd)1520 int rome_hci_reset_req(int fd)
1521 {
1522 int size, err = 0;
1523 unsigned char cmd[HCI_MAX_CMD_SIZE];
1524 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1525 hci_command_hdr *cmd_hdr;
1526 int flags;
1527
1528 ALOGI("%s: HCI RESET ", __FUNCTION__);
1529
1530 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1531
1532 cmd_hdr = (void *) (cmd + 1);
1533 cmd[0] = HCI_COMMAND_PKT;
1534 cmd_hdr->opcode = HCI_RESET;
1535 cmd_hdr->plen = 0;
1536
1537 /* Total length of the packet to be sent to the Controller */
1538 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1539
1540 /* Flow off during baudrate change */
1541 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1542 {
1543 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1544 goto error;
1545 }
1546
1547 /* Send the HCI command packet to UART for transmission */
1548 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1549 err = do_write(fd, cmd, size);
1550 if (err != size) {
1551 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1552 goto error;
1553 }
1554
1555 /* Change Local UART baudrate to high speed UART */
1556 userial_vendor_set_baud(USERIAL_BAUD_3M);
1557
1558 /* Flow on after changing local uart baudrate */
1559 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1560 {
1561 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1562 return err;
1563 }
1564
1565 /* Wait for command complete event */
1566 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1567 if ( err < 0) {
1568 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1569 goto error;
1570 }
1571
1572 error:
1573 return err;
1574
1575 }
1576
1577
rome_hci_reset(int fd)1578 int rome_hci_reset(int fd)
1579 {
1580 int size, err = 0;
1581 unsigned char cmd[HCI_MAX_CMD_SIZE];
1582 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1583 hci_command_hdr *cmd_hdr;
1584
1585 ALOGI("%s: HCI RESET ", __FUNCTION__);
1586
1587 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1588
1589 cmd_hdr = (void *) (cmd + 1);
1590 cmd[0] = HCI_COMMAND_PKT;
1591 cmd_hdr->opcode = HCI_RESET;
1592 cmd_hdr->plen = 0;
1593
1594 /* Total length of the packet to be sent to the Controller */
1595 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1596 err = do_write(fd, cmd, size);
1597 if (err != size) {
1598 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1599 err = -1;
1600 goto error;
1601 }
1602
1603 /* Wait for command complete event */
1604 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1605 if ( err < 0) {
1606 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1607 goto error;
1608 }
1609
1610 error:
1611 return err;
1612
1613 }
1614
rome_wipower_current_charging_status_req(int fd)1615 int rome_wipower_current_charging_status_req(int fd)
1616 {
1617 int size, err = 0;
1618 unsigned char cmd[HCI_MAX_CMD_SIZE];
1619 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1620 hci_command_hdr *cmd_hdr;
1621
1622 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1623
1624 cmd_hdr = (void *) (cmd + 1);
1625 cmd[0] = HCI_COMMAND_PKT;
1626 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1627 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1628 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1629
1630 /* Total length of the packet to be sent to the Controller */
1631 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1632
1633 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1634 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1635
1636 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1637 if ( err != size) {
1638 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1639 goto error;
1640 }
1641
1642 /* Check for response from the Controller */
1643 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1644 err = -ETIMEDOUT;
1645 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1646 goto error;
1647 }
1648
1649 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1650 if (rsp[4] >= NON_WIPOWER_MODE) {
1651 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1652 if (err < 0) {
1653 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1654 goto error;
1655 }
1656 }
1657
1658 error:
1659 return err;
1660 }
1661
get_boardid_req(int fd)1662 int get_boardid_req(int fd)
1663 {
1664 int size, err = 0;
1665 unsigned char cmd[HCI_MAX_CMD_SIZE];
1666 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1667 bool cmd_supported = TRUE;
1668
1669 /* Frame the HCI CMD to be sent to the Controller */
1670 frame_hci_cmd_pkt(cmd, EDL_GET_BOARD_ID, 0,
1671 -1, EDL_PATCH_CMD_LEN);
1672 /* Total length of the packet to be sent to the Controller */
1673 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1674
1675 ALOGI("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
1676 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1677 if ( err != size) {
1678 ALOGE("Failed to send EDL_GET_BOARD_ID command!");
1679 cmd_supported = FALSE;
1680 }
1681
1682 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1683 if (err < 0) {
1684 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1685 goto error;
1686 }
1687 error:
1688 return (cmd_supported == TRUE? err: -1);
1689 }
1690
1691
addon_feature_req(int fd)1692 int addon_feature_req(int fd)
1693 {
1694 int size, err = 0;
1695 unsigned char cmd[HCI_MAX_CMD_SIZE];
1696 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1697 hci_command_hdr *cmd_hdr;
1698
1699 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1700
1701 cmd_hdr = (void *) (cmd + 1);
1702 cmd[0] = HCI_COMMAND_PKT;
1703 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1704 cmd_hdr->plen = 0x00;
1705
1706 /* Total length of the packet to be sent to the Controller */
1707 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1708
1709 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1710 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1711 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1712 if ( err != size) {
1713 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1714 goto error;
1715 }
1716
1717 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1718 if (err < 0) {
1719 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1720 goto error;
1721 }
1722 error:
1723 return err;
1724 }
1725
1726
check_embedded_mode(int fd)1727 int check_embedded_mode(int fd) {
1728 int err = 0;
1729
1730 wipower_flag = 0;
1731 /* Get current wipower charging status */
1732 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1733 {
1734 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1735 }
1736 usleep(500);
1737
1738 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1739
1740 return wipower_flag;
1741 }
1742
rome_get_addon_feature_list(int fd)1743 int rome_get_addon_feature_list(int fd) {
1744 int err = 0;
1745
1746 /* Get addon features that are supported by FW */
1747 if ((err = addon_feature_req(fd)) < 0)
1748 {
1749 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1750 }
1751 return err;
1752 }
1753
rome_wipower_forward_handoff_req(int fd)1754 int rome_wipower_forward_handoff_req(int fd)
1755 {
1756 int size, err = 0;
1757 unsigned char cmd[HCI_MAX_CMD_SIZE];
1758 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1759 hci_command_hdr *cmd_hdr;
1760
1761 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1762
1763 cmd_hdr = (void *) (cmd + 1);
1764 cmd[0] = HCI_COMMAND_PKT;
1765 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1766 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1767 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1768
1769 /* Total length of the packet to be sent to the Controller */
1770 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1771
1772 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1773 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1774 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1775 if ( err != size) {
1776 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1777 goto error;
1778 }
1779
1780 /* Check for response from the Controller */
1781 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1782 err = -ETIMEDOUT;
1783 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1784 goto error;
1785 }
1786
1787 error:
1788 return err;
1789 }
1790
1791
enable_controller_log(int fd,unsigned char wait_for_evt)1792 void enable_controller_log (int fd, unsigned char wait_for_evt)
1793 {
1794 int ret = 0;
1795 /* VS command to enable controller logging to the HOST. By default it is disabled */
1796 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1797 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1798 char value[PROPERTY_VALUE_MAX] = {'\0'};
1799
1800 property_get("persist.service.bdroid.soclog", value, "false");
1801
1802 // value at cmd[5]: 1 - to enable, 0 - to disable
1803 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1804 ALOGI("%s: %d", __func__, ret);
1805 /* Ignore vsc evt if wait_for_evt is true */
1806 if (wait_for_evt) wait_vsc_evt = FALSE;
1807
1808 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1809 if (ret != 6) {
1810 ALOGE("%s: command failed", __func__);
1811 }
1812 /*Ignore hci_event if wait_for_evt is true*/
1813 if (wait_for_evt)
1814 goto end;
1815 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1816 if (ret < 0) {
1817 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1818 }
1819 end:
1820 wait_vsc_evt = TRUE;
1821 return;
1822 }
1823
1824
disable_internal_ldo(int fd)1825 static int disable_internal_ldo(int fd)
1826 {
1827 int ret = 0;
1828 if (enable_extldo) {
1829 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1830 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1831
1832 ALOGI(" %s ", __FUNCTION__);
1833 ret = do_write(fd, cmd, 5);
1834 if (ret != 5) {
1835 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1836 ret = -1;
1837 } else {
1838 /* Wait for command complete event */
1839 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1840 if ( ret < 0) {
1841 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1842 }
1843 }
1844 }
1845 return ret;
1846 }
1847
rome_soc_init(int fd,char * bdaddr)1848 int rome_soc_init(int fd, char *bdaddr)
1849 {
1850 int err = -1, size = 0;
1851 dnld_fd = fd;
1852 ALOGI(" %s ", __FUNCTION__);
1853 RESERVED(bdaddr);
1854
1855 /* If wipower charging is going on in embedded mode then start hand off req */
1856 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1857 {
1858 wipower_flag = 0;
1859 wipower_handoff_ready = 0;
1860 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1861 {
1862 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1863 }
1864 }
1865
1866 /* Get Rome version information */
1867 if((err = rome_patch_ver_req(fd)) <0){
1868 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1869 goto error;
1870 }
1871
1872 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1873
1874 switch (rome_ver){
1875 case ROME_VER_1_0:
1876 {
1877 /* Set and Download the RAMPATCH */
1878 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1879 err = rome_download_rampatch(fd);
1880 if (err < 0) {
1881 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1882 goto error;
1883 }
1884 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1885
1886 /* Attach the RAMPATCH */
1887 ALOGI("%s: Attaching the patches", __FUNCTION__);
1888 err = rome_attach_rampatch(fd);
1889 if (err < 0) {
1890 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1891 goto error;
1892 }
1893 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1894
1895 /* Send Reset */
1896 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1897 err = rome_rampatch_reset(fd);
1898 if ( err < 0 ) {
1899 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1900 goto error;
1901 }
1902
1903 /* NVM download */
1904 ALOGI("%s: Downloading NVM", __FUNCTION__);
1905 err = rome_1_0_nvm_tag_dnld(fd);
1906 if ( err <0 ) {
1907 ALOGE("Downloading NVM Failed !!");
1908 goto error;
1909 }
1910
1911 /* Change baud rate 115.2 kbps to 3Mbps*/
1912 err = rome_hci_reset_req(fd);
1913 if (err < 0) {
1914 ALOGE("HCI Reset Failed !!");
1915 goto error;
1916 }
1917
1918 ALOGI("HCI Reset is done\n");
1919 }
1920 break;
1921 case ROME_VER_1_1:
1922 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1923 nvm_file_path = ROME_NVM_TLV_PATH;
1924 goto download;
1925 case ROME_VER_1_3:
1926 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1927 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1928 goto download;
1929 case ROME_VER_2_1:
1930 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1931 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1932 goto download;
1933 case ROME_VER_3_0:
1934 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1935 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1936 fw_su_info = ROME_3_1_FW_SU;
1937 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1938 goto download;
1939 case ROME_VER_3_2:
1940 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1941 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1942 fw_su_info = ROME_3_2_FW_SU;
1943 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1944
1945 download:
1946 /* Change baud rate 115.2 kbps to 3Mbps*/
1947 err = rome_set_baudrate_req(fd);
1948 if (err < 0) {
1949 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1950 goto error;
1951 }
1952 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1953 /* Donwload TLV files (rampatch, NVM) */
1954 err = rome_download_tlv_file(fd);
1955 if (err < 0) {
1956 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1957 goto error;
1958 }
1959 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1960
1961 /* Get SU FM label information */
1962 if((err = rome_get_build_info_req(fd)) <0){
1963 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1964 //Ignore the failure of ROME FW SU label information
1965 err = 0;
1966 }
1967
1968 /* Disable internal LDO to use external LDO instead*/
1969 err = disable_internal_ldo(fd);
1970
1971 /* Send HCI Reset */
1972 err = rome_hci_reset(fd);
1973 if ( err <0 ) {
1974 ALOGE("HCI Reset Failed !!");
1975 goto error;
1976 }
1977
1978 ALOGI("HCI Reset is done\n");
1979
1980 break;
1981 case ROME_VER_UNKNOWN:
1982 default:
1983 ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1984 err = -1;
1985 break;
1986 }
1987
1988 error:
1989 dnld_fd = -1;
1990 return err;
1991 }
1992
convert2ascii(unsigned char temp)1993 unsigned char convert2ascii(unsigned char temp)
1994 {
1995 unsigned char n = temp;
1996 if ( n >= 0 && n <= 9)
1997 n = n + 0x30;
1998 else
1999 n = n + 0x57;
2000 return n;
2001 }
2002