1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <termios.h>
50 #include <string.h>
51 #include <stdbool.h>
52 #include "bt_hci_bdroid.h"
53 #include "bt_vendor_qcom.h"
54 #include "hci_uart.h"
55 #include "hw_rome.h"
56
57 #ifdef __cplusplus
58 }
59 #endif
60
61 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
62
63 int read_vs_hci_event(int fd, unsigned char* buf, int size);
64
65 /******************************************************************************
66 ** Variables
67 ******************************************************************************/
68 FILE *file;
69 unsigned char *phdr_buffer;
70 unsigned char *pdata_buffer = NULL;
71 patch_info rampatch_patch_info;
72 int chipset_ver = 0;
73 unsigned char gTlv_type;
74 unsigned char gTlv_dwndCfg;
75 static unsigned int wipower_flag = 0;
76 static unsigned int wipower_handoff_ready = 0;
77 char *rampatch_file_path = NULL;
78 char *nvm_file_path = NULL;
79 char *fw_su_info = NULL;
80 unsigned short fw_su_offset =0;
81 extern char enable_extldo;
82 unsigned char wait_vsc_evt = TRUE;
83 bool patch_dnld_pending = FALSE;
84 int dnld_fd = -1;
85
86 /******************************************************************************
87 ** Extern variables
88 ******************************************************************************/
89
90 /*****************************************************************************
91 ** Functions
92 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)93 int do_write(int fd, unsigned char *buf,int len)
94 {
95 int ret = 0;
96 int write_offset = 0;
97 int write_len = len;
98 do {
99 ret = write(fd,buf+write_offset,write_len);
100 if (ret < 0)
101 {
102 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
103 return -1;
104 } else if (ret == 0) {
105 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
106 return 0;
107 } else {
108 if (ret < write_len) {
109 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
110 strerror(errno));
111 write_len = write_len - ret;
112 write_offset = ret;
113 } else {
114 ALOGV("Write successful");
115 break;
116 }
117 }
118 } while(1);
119 return len;
120 }
121
get_vs_hci_event(unsigned char * rsp)122 int get_vs_hci_event(unsigned char *rsp)
123 {
124 int err = 0;
125 unsigned char paramlen = 0;
126 unsigned char EMBEDDED_MODE_CHECK = 0x02;
127 FILE *btversionfile = 0;
128 unsigned int soc_id = 0;
129 unsigned int productid = 0;
130 unsigned short patchversion = 0;
131 char build_label[255];
132 int build_lbl_len;
133 unsigned short buildversion = 0;
134
135 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
136 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
137 else {
138 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
139 err = -EIO;
140 goto failed;
141 }
142
143 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
144 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
145 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
146
147 /* Check the status of the operation */
148 switch ( rsp[CMD_RSP_OFFSET] )
149 {
150 case EDL_CMD_REQ_RES_EVT:
151 ALOGI("%s: Command Request Response", __FUNCTION__);
152 switch(rsp[RSP_TYPE_OFFSET])
153 {
154 case EDL_PATCH_VER_RES_EVT:
155 case EDL_APP_VER_RES_EVT:
156 ALOGI("\t Current Product ID\t\t: 0x%08x",
157 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
158 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
159 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
160 rsp[PATCH_PROD_ID_OFFSET] ));
161
162 /* Patch Version indicates FW patch version */
163 ALOGI("\t Current Patch Version\t\t: 0x%04x",
164 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
165 rsp[PATCH_PATCH_VER_OFFSET] )));
166
167 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
168 ALOGI("\t Current ROM Build Version\t: 0x%04x", buildversion =
169 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
170 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
171
172 /* In case rome 1.0/1.1, there is no SOC ID version available */
173 if (paramlen - 10)
174 {
175 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
176 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
177 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
178 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
179 rsp[PATCH_SOC_VER_OFFSET] ));
180 }
181
182 /* Rome Chipset Version can be decided by Patch version and SOC version,
183 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
184 used for SOC as combination for BT host driver */
185 chipset_ver = (buildversion << 16) |(soc_id & 0x0000ffff);
186
187 break;
188 case EDL_TVL_DNLD_RES_EVT:
189 case EDL_CMD_EXE_STATUS_EVT:
190 switch (err = rsp[CMD_STATUS_OFFSET])
191 {
192 case HCI_CMD_SUCCESS:
193 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
194 break;
195 case PATCH_LEN_ERROR:
196 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
197 "SET REQ cmd", __FUNCTION__);
198 break;
199 case PATCH_VER_ERROR:
200 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
201 "SET REQ cmd", __FUNCTION__);
202 break;
203 case PATCH_CRC_ERROR:
204 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
205 break;
206 case PATCH_NOT_FOUND:
207 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
208 break;
209 case TLV_TYPE_ERROR:
210 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
211 break;
212 default:
213 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
214 break;
215 }
216 break;
217 case HCI_VS_GET_BUILD_VER_EVT:
218 build_lbl_len = rsp[5];
219 memcpy (build_label, &rsp[6], build_lbl_len);
220 *(build_label+build_lbl_len) = '\0';
221
222 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
223 break;
224 }
225 break;
226
227 case NVM_ACCESS_CODE:
228 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
229 err = HCI_CMD_SUCCESS;
230 break;
231 case EDL_SET_BAUDRATE_RSP_EVT:
232 /* Rome 1.1 has bug with the response, so it should ignore it. */
233 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
234 {
235 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
236 rsp[CMD_STATUS_OFFSET]);
237 err = -1;
238 }
239 break;
240 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
241 /* Query charging command has below return values
242 0 - in embedded mode not charging
243 1 - in embedded mode and charging
244 2 - hadofff completed and in normal mode
245 3 - no wipower supported on mtp. so irrepective of charging
246 handoff command has to be sent if return values are 0 or 1.
247 These change include logic to enable generic BT turn on sequence.*/
248 if (rsp[4] < EMBEDDED_MODE_CHECK)
249 {
250 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
251 wipower_handoff_ready = rsp[4];
252 wipower_flag = 1;
253 }
254 break;
255 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
256 /*TODO: rsp code 00 mean no charging
257 this is going to change in FW soon*/
258 if (rsp[4] == NON_WIPOWER_MODE)
259 {
260 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
261 }
262 break;
263 case HCI_VS_GET_ADDON_FEATURES_EVENT:
264 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
265 {
266 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
267 property_set("persist.bluetooth.a4wp", "true");
268 }
269 break;
270 case HCI_VS_STRAY_EVT:
271 /* WAR to handle stray Power Apply EVT during patch download */
272 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
273 if (patch_dnld_pending && dnld_fd != -1)
274 {
275 unsigned char rsp[HCI_MAX_EVENT_SIZE];
276 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
277 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
278 }
279 else
280 {
281 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
282 err = -1;
283 }
284 break;
285 default:
286 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
287 err = -1;
288 break;
289 }
290
291 failed:
292 return err;
293 }
294
295
296 /*
297 * Read an VS HCI event from the given file descriptor.
298 */
read_vs_hci_event(int fd,unsigned char * buf,int size)299 int read_vs_hci_event(int fd, unsigned char* buf, int size)
300 {
301 int remain, r;
302 int count = 0, i;
303
304 if (size <= 0) {
305 ALOGE("Invalid size arguement!");
306 return -1;
307 }
308
309 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
310
311 /* The first byte identifies the packet type. For HCI event packets, it
312 * should be 0x04, so we read until we get to the 0x04. */
313 /* It will keep reading until find 0x04 byte */
314 while (1) {
315 r = read(fd, buf, 1);
316 if (r <= 0)
317 return -1;
318 if (buf[0] == 0x04)
319 break;
320 }
321 count++;
322
323 /* The next two bytes are the event code and parameter total length. */
324 while (count < 3) {
325 r = read(fd, buf + count, 3 - count);
326 if ((r <= 0) || (buf[1] != 0xFF )) {
327 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
328 return -1;
329 }
330 count += r;
331 }
332
333 /* Now we read the parameters. */
334 if (buf[2] < (size - 3))
335 remain = buf[2];
336 else
337 remain = size - 3;
338
339 while ((count - 3) < remain) {
340 r = read(fd, buf + count, remain - (count - 3));
341 if (r <= 0)
342 return -1;
343 count += r;
344 }
345
346 /* Check if the set patch command is successful or not */
347 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
348 return -1;
349
350 return count;
351 }
352
353 /*
354 * For Hand-Off related Wipower commands, Command complete arrives first and
355 * the followd with VS event
356 *
357 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)358 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
359 {
360 int ret = 0;
361 int err = 0;
362
363 /* Send the HCI command packet to UART for transmission */
364 ret = do_write(fd, cmd, size);
365 if (ret != size) {
366 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
367 goto failed;
368 }
369
370 /* Wait for command complete event */
371 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
372 if ( err < 0) {
373 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
374 goto failed;
375 }
376
377 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
378 failed:
379 return ret;
380 }
381
382
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)383 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
384 {
385 int ret = 0;
386
387 /* Send the HCI command packet to UART for transmission */
388 ret = do_write(fd, cmd, size);
389 if (ret != size) {
390 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
391 goto failed;
392 }
393
394 if (wait_vsc_evt) {
395 /* Check for response from the Controller */
396 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
397 ret = -ETIMEDOUT;
398 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
399 goto failed;
400 }
401 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
402 }
403
404 failed:
405 return ret;
406 }
407
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)408 void frame_hci_cmd_pkt(
409 unsigned char *cmd,
410 int edl_cmd, unsigned int p_base_addr,
411 int segtNo, int size
412 )
413 {
414 int offset = 0;
415 hci_command_hdr *cmd_hdr;
416
417 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
418
419 cmd_hdr = (void *) (cmd + 1);
420
421 cmd[0] = HCI_COMMAND_PKT;
422 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
423 cmd_hdr->plen = size;
424 cmd[4] = edl_cmd;
425
426 switch (edl_cmd)
427 {
428 case EDL_PATCH_SET_REQ_CMD:
429 /* Copy the patch header info as CMD params */
430 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
431 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
432 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
433 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
434 break;
435 case EDL_PATCH_DLD_REQ_CMD:
436 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
437 p_base_addr += offset;
438 cmd_hdr->plen = (size + 6);
439 cmd[5] = (size + 4);
440 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
441 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
442 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
443 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
444 memcpy(&cmd[10], (pdata_buffer + offset), size);
445
446 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
447 __FUNCTION__, size);
448 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
449 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
450 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
451 break;
452 case EDL_PATCH_ATCH_REQ_CMD:
453 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
454 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
455 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
456 break;
457 case EDL_PATCH_RST_REQ_CMD:
458 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
459 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
460 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
461 break;
462 case EDL_PATCH_VER_REQ_CMD:
463 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
464 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
465 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
466 break;
467 case EDL_PATCH_TLV_REQ_CMD:
468 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
469 /* Parameter Total Length */
470 cmd[3] = size +2;
471
472 /* TLV Segment Length */
473 cmd[5] = size;
474 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
475 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
476 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
477 memcpy(&cmd[6], (pdata_buffer + offset), size);
478 break;
479 case EDL_GET_BUILD_INFO:
480 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
481 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
482 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
483 break;
484 default:
485 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
486 }
487 }
488
rome_extract_patch_header_info(unsigned char * buf)489 void rome_extract_patch_header_info(unsigned char *buf)
490 {
491 int index;
492
493 /* Extract patch id */
494 for (index = 0; index < 4; index++)
495 rampatch_patch_info.patch_id |=
496 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
497
498 /* Extract (ROM and BUILD) version information */
499 for (index = 0; index < 2; index++)
500 rampatch_patch_info.patch_ver.rom_version |=
501 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
502
503 for (index = 0; index < 2; index++)
504 rampatch_patch_info.patch_ver.build_version |=
505 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
506
507 /* Extract patch base and entry addresses */
508 for (index = 0; index < 4; index++)
509 rampatch_patch_info.patch_base_addr |=
510 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
511
512 /* Patch BASE & ENTRY addresses are same */
513 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
514
515 /* Extract total length of the patch payload */
516 for (index = 0; index < 4; index++)
517 rampatch_patch_info.patch_length |=
518 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
519
520 /* Extract the CRC checksum of the patch payload */
521 for (index = 0; index < 4; index++)
522 rampatch_patch_info.patch_crc |=
523 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
524
525 /* Extract patch control value */
526 for (index = 0; index < 4; index++)
527 rampatch_patch_info.patch_ctrl |=
528 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
529
530 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
531 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
532 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
533 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
534 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
535 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
536 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
537
538 }
539
rome_edl_set_patch_request(int fd)540 int rome_edl_set_patch_request(int fd)
541 {
542 int size, err;
543 unsigned char cmd[HCI_MAX_CMD_SIZE];
544 unsigned char rsp[HCI_MAX_EVENT_SIZE];
545
546 /* Frame the HCI CMD to be sent to the Controller */
547 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
548 -1, PATCH_HDR_LEN + 1);
549
550 /* Total length of the packet to be sent to the Controller */
551 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
552
553 /* Send HCI Command packet to Controller */
554 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
555 if ( err != size) {
556 ALOGE("Failed to set the patch info to the Controller!");
557 goto error;
558 }
559
560 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
561 if ( err < 0) {
562 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
563 goto error;
564 }
565 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
566 error:
567 return err;
568 }
569
rome_edl_patch_download_request(int fd)570 int rome_edl_patch_download_request(int fd)
571 {
572 int no_of_patch_segment;
573 int index = 1, err = 0, size = 0;
574 unsigned int p_base_addr;
575 unsigned char cmd[HCI_MAX_CMD_SIZE];
576 unsigned char rsp[HCI_MAX_EVENT_SIZE];
577
578 no_of_patch_segment = (rampatch_patch_info.patch_length /
579 MAX_DATA_PER_SEGMENT);
580 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
581 __FUNCTION__, no_of_patch_segment,
582 rampatch_patch_info.patch_base_addr);
583
584 /* Initialize the patch base address from the one read from bin file */
585 p_base_addr = rampatch_patch_info.patch_base_addr;
586
587 /*
588 * Depending upon size of the patch payload, download the patches in
589 * segments with a max. size of 239 bytes
590 */
591 for (index = 1; index <= no_of_patch_segment; index++) {
592
593 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
594
595 /* Frame the HCI CMD PKT to be sent to Controller*/
596 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
597 index, MAX_DATA_PER_SEGMENT);
598
599 /* Total length of the packet to be sent to the Controller */
600 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
601
602 /* Initialize the RSP packet everytime to 0 */
603 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
604
605 /* Send HCI Command packet to Controller */
606 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
607 if ( err != size) {
608 ALOGE("Failed to send the patch payload to the Controller!");
609 goto error;
610 }
611
612 /* Read Command Complete Event */
613 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
614 if ( err < 0) {
615 ALOGE("%s: Failed to downlaod patch segment: %d!",
616 __FUNCTION__, index);
617 goto error;
618 }
619 ALOGI("%s: Successfully downloaded patch segment: %d",
620 __FUNCTION__, index);
621 }
622
623 /* Check if any pending patch data to be sent */
624 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
625 rampatch_patch_info.patch_length :
626 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
627
628 if (size)
629 {
630 /* Frame the HCI CMD PKT to be sent to Controller*/
631 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
632
633 /* Initialize the RSP packet everytime to 0 */
634 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
635
636 /* Total length of the packet to be sent to the Controller */
637 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
638
639 /* Send HCI Command packet to Controller */
640 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
641 if ( err != size) {
642 ALOGE("Failed to send the patch payload to the Controller!");
643 goto error;
644 }
645
646 /* Read Command Complete Event */
647 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
648 if ( err < 0) {
649 ALOGE("%s: Failed to downlaod patch segment: %d!",
650 __FUNCTION__, index);
651 goto error;
652 }
653
654 ALOGI("%s: Successfully downloaded patch segment: %d",
655 __FUNCTION__, index);
656 }
657
658 error:
659 return err;
660 }
661
rome_download_rampatch(int fd)662 static int rome_download_rampatch(int fd)
663 {
664 int c, tmp, size, index, ret = -1;
665
666 ALOGI("%s: ", __FUNCTION__);
667
668 /* Get handle to the RAMPATCH binary file */
669 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
670 file = fopen(ROME_FW_PATH, "r");
671 if (file == NULL) {
672 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
673 __FUNCTION__);
674 return -ENFILE;
675 }
676
677 /* Allocate memory for the patch headder info */
678 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
679 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
680 if (phdr_buffer == NULL) {
681 ALOGE("%s: Failed to allocate memory for patch header",
682 __FUNCTION__);
683 goto phdr_alloc_failed;
684 }
685 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
686 phdr_buffer[index] = 0x0;
687
688 /* Read 28 bytes of patch header information */
689 ALOGI("%s: Reading patch header info", __FUNCTION__);
690 index = 0;
691 do {
692 c = fgetc (file);
693 phdr_buffer[index++] = (unsigned char)c;
694 } while (index != PATCH_HDR_LEN);
695
696 /* Save the patch header info into local structure */
697 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
698 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
699
700 /* Set the patch header info onto the Controller */
701 ret = rome_edl_set_patch_request(fd);
702 if (ret < 0) {
703 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
704 goto pdata_alloc_failed;
705 }
706
707 /* Allocate memory for the patch payload */
708 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
709 size = rampatch_patch_info.patch_length;
710 pdata_buffer = (unsigned char *) malloc(size+1);
711 if (pdata_buffer == NULL) {
712 ALOGE("%s: Failed to allocate memory for patch payload",
713 __FUNCTION__);
714 goto pdata_alloc_failed;
715 }
716 for (index = 0; index < size+1; index++)
717 pdata_buffer[index] = 0x0;
718
719 /* Read the patch data from Rampatch binary image */
720 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
721 index = 0;
722 do {
723 c = fgetc (file);
724 pdata_buffer[index++] = (unsigned char)c;
725 } while (c != EOF);
726
727 /* Downloading patches in segments to controller */
728 ret = rome_edl_patch_download_request(fd);
729 if (ret < 0) {
730 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
731 goto cleanup;
732 }
733 cleanup:
734 free(pdata_buffer);
735 pdata_alloc_failed:
736 free(phdr_buffer);
737 phdr_alloc_failed:
738 fclose(file);
739 error:
740 return ret;
741 }
742
rome_attach_rampatch(int fd)743 int rome_attach_rampatch(int fd)
744 {
745 int size, err;
746 unsigned char cmd[HCI_MAX_CMD_SIZE];
747 unsigned char rsp[HCI_MAX_EVENT_SIZE];
748
749 /* Frame the HCI CMD to be sent to the Controller */
750 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
751 -1, EDL_PATCH_CMD_LEN);
752
753 /* Total length of the packet to be sent to the Controller */
754 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
755
756 /* Send HCI Command packet to Controller */
757 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
758 if ( err != size) {
759 ALOGE("Failed to attach the patch payload to the Controller!");
760 goto error;
761 }
762
763 /* Read Command Complete Event */
764 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
765 if ( err < 0) {
766 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
767 goto error;
768 }
769 error:
770 return err;
771 }
772
rome_rampatch_reset(int fd)773 int rome_rampatch_reset(int fd)
774 {
775 int size, err = 0, flags;
776 unsigned char cmd[HCI_MAX_CMD_SIZE];
777 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
778
779 /* Frame the HCI CMD to be sent to the Controller */
780 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
781 -1, EDL_PATCH_CMD_LEN);
782
783 /* Total length of the packet to be sent to the Controller */
784 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
785
786 /* Send HCI Command packet to Controller */
787 err = do_write(fd, cmd, size);
788 if (err != size) {
789 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
790 goto error;
791 }
792
793 /*
794 * Controller doesn't sends any response for the patch reset
795 * command. HOST has to wait for 100ms before proceeding.
796 */
797 nanosleep(&tm, NULL);
798
799 error:
800 return err;
801 }
802
803 /* This function is called with q_lock held and q is non-NULL */
rome_get_tlv_file(char * file_path)804 int rome_get_tlv_file(char *file_path)
805 {
806 FILE * pFile;
807 long fileSize;
808 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
809 unsigned short nvm_tag_len;
810 tlv_patch_info *ptlv_header;
811 tlv_nvm_hdr *nvm_ptr;
812 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
813 unsigned char *nvm_byte_ptr;
814
815 ALOGI("File Open (%s)", file_path);
816 pFile = fopen ( file_path , "r" );
817 if (pFile==NULL) {;
818 ALOGE("%s File Open Fail", file_path);
819 return -1;
820 }
821
822 /* Get File Size */
823 fseek (pFile , 0 , SEEK_END);
824 fileSize = ftell (pFile);
825 rewind (pFile);
826
827 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
828 if (pdata_buffer == NULL) {
829 ALOGE("Allocated Memory failed");
830 fclose (pFile);
831 return -1;
832 }
833
834 /* Copy file into allocated buffer */
835 readSize = fread (pdata_buffer,1,fileSize,pFile);
836
837 /* File Close */
838 fclose (pFile);
839
840 if (readSize != fileSize) {
841 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
842 return -1;
843 }
844
845 ptlv_header = (tlv_patch_info *) pdata_buffer;
846
847 /* To handle different event between rampatch and NVM */
848 gTlv_type = ptlv_header->tlv_type;
849 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
850
851 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
852 ALOGI("====================================================");
853 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
854 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
855 (ptlv_header->tlv_length2 << 8) |
856 (ptlv_header->tlv_length3 << 16));
857 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
858 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
859 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
860 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
861 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
862 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
863 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
864 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
865 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
866 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
867 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
868 ALOGI("====================================================");
869
870 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
871 ALOGI("====================================================");
872 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
873 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
874 (ptlv_header->tlv_length2 << 8) |
875 (ptlv_header->tlv_length3 << 16));
876
877 if(nvm_length <= 0)
878 return readSize;
879
880 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
881 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
882 {
883 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
884 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
885 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
886 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
887
888 /* Increase nvm_index to NVM data */
889 nvm_index+=sizeof(tlv_nvm_hdr);
890 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
891
892 /* Write BD Address */
893 if(nvm_ptr->tag_id == TAG_NUM_2){
894 memcpy(nvm_byte_ptr, q->bdaddr, 6);
895 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
896 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
897 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
898 }
899
900 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
901 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
902
903 ALOGI("TAG Data\t\t\t : %s", data_buf);
904
905 /* Clear buffer */
906 memset(data_buf, 0x0, PRINT_BUF_SIZE);
907
908 /* increased by tag_len */
909 nvm_index+=nvm_ptr->tag_len;
910 nvm_byte_ptr +=nvm_ptr->tag_len;
911 }
912
913 ALOGI("====================================================");
914
915 } else {
916 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
917 }
918
919 return readSize;
920 }
921
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)922 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
923 {
924 int size=0, err = -1;
925 unsigned char cmd[HCI_MAX_CMD_SIZE];
926 unsigned char rsp[HCI_MAX_EVENT_SIZE];
927
928 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
929
930 /* Frame the HCI CMD PKT to be sent to Controller*/
931 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
932
933 /* Total length of the packet to be sent to the Controller */
934 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
935
936 /* Initialize the RSP packet everytime to 0 */
937 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
938
939 /* Send HCI Command packet to Controller */
940 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
941 if ( err != size) {
942 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
943 return err;
944 }
945
946 if(wait_cc_evt) {
947 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
948 if ( err < 0) {
949 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
950 return err;
951 }
952 }
953
954 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
955 return err;
956 }
957
rome_tlv_dnld_req(int fd,int tlv_size)958 int rome_tlv_dnld_req(int fd, int tlv_size)
959 {
960 int total_segment, remain_size, i, err = -1;
961 unsigned char wait_cc_evt = TRUE;
962
963 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
964 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
965 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
966
967 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
968 __FUNCTION__,tlv_size, total_segment, remain_size);
969
970 if (gTlv_type == TLV_TYPE_PATCH) {
971 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
972 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
973 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
974 */
975 switch(gTlv_dwndCfg)
976 {
977 case ROME_SKIP_EVT_NONE:
978 wait_vsc_evt = TRUE;
979 wait_cc_evt = TRUE;
980 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
981 break;
982 case ROME_SKIP_EVT_VSE_CC:
983 wait_vsc_evt = FALSE;
984 wait_cc_evt = FALSE;
985 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
986 break;
987 /* Not handled for now */
988 case ROME_SKIP_EVT_VSE:
989 case ROME_SKIP_EVT_CC:
990 default:
991 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
992 break;
993 }
994 } else {
995 wait_vsc_evt = TRUE;
996 wait_cc_evt = TRUE;
997 }
998
999 for(i=0;i<total_segment ;i++){
1000 if ((i+1) == total_segment) {
1001 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1002 /* If the Rome version is from 1.1 to 3.1
1003 * 1. No CCE for the last command segment but all other segment
1004 * 2. All the command segments get VSE including the last one
1005 */
1006 wait_cc_evt = !remain_size ? FALSE: TRUE;
1007 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1008 /* If the Rome version is 3.2
1009 * 1. None of the command segments receive CCE
1010 * 2. No command segments receive VSE except the last one
1011 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1012 * same as Rome 2.1, 2.2, 3.0
1013 */
1014 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1015 wait_cc_evt = !remain_size ? FALSE: TRUE;
1016 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1017 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1018 }
1019 }
1020 }
1021
1022 patch_dnld_pending = TRUE;
1023 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1024 goto error;
1025 patch_dnld_pending = FALSE;
1026 }
1027
1028 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1029 /* If the Rome version is from 1.1 to 3.1
1030 * 1. No CCE for the last command segment but all other segment
1031 * 2. All the command segments get VSE including the last one
1032 */
1033 wait_cc_evt = remain_size ? FALSE: TRUE;
1034 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1035 /* If the Rome version is 3.2
1036 * 1. None of the command segments receive CCE
1037 * 2. No command segments receive VSE except the last one
1038 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1039 * same as Rome 2.1, 2.2, 3.0
1040 */
1041 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1042 wait_cc_evt = remain_size ? FALSE: TRUE;
1043 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1044 wait_vsc_evt = remain_size ? TRUE: FALSE;
1045 }
1046 }
1047 patch_dnld_pending = TRUE;
1048 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1049 patch_dnld_pending = FALSE;
1050 error:
1051 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1052 return err;
1053 }
1054
rome_download_tlv_file(int fd)1055 int rome_download_tlv_file(int fd)
1056 {
1057 int tlv_size, err = -1;
1058
1059 /* Rampatch TLV file Downloading */
1060 pdata_buffer = NULL;
1061 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1062 goto error;
1063
1064 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1065 goto error;
1066
1067 if (pdata_buffer != NULL){
1068 free (pdata_buffer);
1069 pdata_buffer = NULL;
1070 }
1071 nvm_download:
1072 if(!nvm_file_path) {
1073 ALOGI("%s: nvm file is not available", __FUNCTION__);
1074 err = 0; // in case of nvm/rampatch is not available
1075 goto error;
1076 }
1077
1078 /* NVM TLV file Downloading */
1079 if((tlv_size = rome_get_tlv_file(nvm_file_path)) <= 0)
1080 goto error;
1081
1082 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1083 goto error;
1084
1085 error:
1086 if (pdata_buffer != NULL)
1087 free (pdata_buffer);
1088
1089 return err;
1090 }
1091
rome_1_0_nvm_tag_dnld(int fd)1092 int rome_1_0_nvm_tag_dnld(int fd)
1093 {
1094 int i, size, err = 0;
1095 unsigned char cmd[HCI_MAX_CMD_SIZE];
1096 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1097
1098 #if (NVM_VERSION >= ROME_1_0_100019)
1099 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1100 {
1101 /* Tag 2 */ /* BD Address */
1102 { /* Packet Type */HCI_COMMAND_PKT,
1103 /* Opcode */ 0x0b,0xfc,
1104 /* Total Len */ 9,
1105 /* NVM CMD */ NVM_ACCESS_SET,
1106 /* Tag Num */ 2,
1107 /* Tag Len */ 6,
1108 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1109 },
1110 /* Tag 6 */ /* Bluetooth Support Features */
1111 { /* Packet Type */HCI_COMMAND_PKT,
1112 /* Opcode */ 0x0b,0xfc,
1113 /* Total Len */ 11,
1114 /* NVM CMD */ NVM_ACCESS_SET,
1115 /* Tag Num */ 6,
1116 /* Tag Len */ 8,
1117 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1118 },
1119 /* Tag 17 */ /* HCI Transport Layer Setting */
1120 { /* Packet Type */HCI_COMMAND_PKT,
1121 /* Opcode */ 0x0b,0xfc,
1122 /* Total Len */ 11,
1123 /* NVM CMD */ NVM_ACCESS_SET,
1124 /* Tag Num */ 17,
1125 /* Tag Len */ 8,
1126 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1127 },
1128 /* Tag 35 */
1129 { /* Packet Type */HCI_COMMAND_PKT,
1130 /* Opcode */ 0x0b,0xfc,
1131 /* Total Len */ 58,
1132 /* NVM CMD */ NVM_ACCESS_SET,
1133 /* Tag Num */ 35,
1134 /* Tag Len */ 55,
1135 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1136 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1137 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1138 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1139 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1140 0x1B, 0x14, 0x01, 0x04, 0x48
1141 },
1142 /* Tag 36 */
1143 { /* Packet Type */HCI_COMMAND_PKT,
1144 /* Opcode */ 0x0b,0xfc,
1145 /* Total Len */ 15,
1146 /* NVM CMD */ NVM_ACCESS_SET,
1147 /* Tag Num */ 36,
1148 /* Tag Len */ 12,
1149 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1150 },
1151 /* Tag 39 */
1152 { /* Packet Type */HCI_COMMAND_PKT,
1153 /* Opcode */ 0x0b,0xfc,
1154 /* Total Len */ 7,
1155 /* NVM CMD */ NVM_ACCESS_SET,
1156 /* Tag Num */ 39,
1157 /* Tag Len */ 4,
1158 /* Tag Value */ 0x12,0x00,0x00,0x00
1159 },
1160 /* Tag 41 */
1161 { /* Packet Type */HCI_COMMAND_PKT,
1162 /* Opcode */ 0x0b,0xfc,
1163 /* Total Len */ 91,
1164 /* NVM CMD */ NVM_ACCESS_SET,
1165 /* Tag Num */ 41,
1166 /* Tag Len */ 88,
1167 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1168 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1169 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1170 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1171 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1172 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1173 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1174 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1175 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1176 },
1177 /* Tag 42 */
1178 { /* Packet Type */HCI_COMMAND_PKT,
1179 /* Opcode */ 0x0b,0xfc,
1180 /* Total Len */ 63,
1181 /* NVM CMD */ NVM_ACCESS_SET,
1182 /* Tag Num */ 42,
1183 /* Tag Len */ 60,
1184 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1185 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1186 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1187 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1188 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1189 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1190 },
1191 /* Tag 84 */
1192 { /* Packet Type */HCI_COMMAND_PKT,
1193 /* Opcode */ 0x0b,0xfc,
1194 /* Total Len */ 153,
1195 /* NVM CMD */ NVM_ACCESS_SET,
1196 /* Tag Num */ 84,
1197 /* Tag Len */ 150,
1198 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1199 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1200 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1201 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1202 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1203 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1204 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1205 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1206 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1207 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1208 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1209 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1210 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1211 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1212 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1213 },
1214 /* Tag 85 */
1215 { /* Packet Type */HCI_COMMAND_PKT,
1216 /* Opcode */ 0x0b,0xfc,
1217 /* Total Len */ 119,
1218 /* NVM CMD */ NVM_ACCESS_SET,
1219 /* Tag Num */ 85,
1220 /* Tag Len */ 116,
1221 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1222 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1223 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1224 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1225 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1226 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1227 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1228 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1229 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1230 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1231 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1232 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1233 },
1234 {TAG_END}
1235 };
1236 #elif (NVM_VERSION == ROME_1_0_6002)
1237 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1238 {
1239 /* Tag 2 */
1240 { /* Packet Type */HCI_COMMAND_PKT,
1241 /* Opcode */ 0x0b,0xfc,
1242 /* Total Len */ 9,
1243 /* NVM CMD */ NVM_ACCESS_SET,
1244 /* Tag Num */ 2,
1245 /* Tag Len */ 6,
1246 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1247 },
1248 /* Tag 6 */
1249 { /* Packet Type */HCI_COMMAND_PKT,
1250 /* Opcode */ 0x0b,0xfc,
1251 /* Total Len */ 11,
1252 /* NVM CMD */ NVM_ACCESS_SET,
1253 /* Tag Num */ 6,
1254 /* Tag Len */ 8,
1255 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1256 },
1257 /* Tag 17 */
1258 { /* Packet Type */HCI_COMMAND_PKT,
1259 /* Opcode */ 0x0b,0xfc,
1260 /* Total Len */ 11,
1261 /* NVM CMD */ NVM_ACCESS_SET,
1262 /* Tag Num */ 17,
1263 /* Tag Len */ 8,
1264 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1265 },
1266 /* Tag 36 */
1267 { /* Packet Type */HCI_COMMAND_PKT,
1268 /* Opcode */ 0x0b,0xfc,
1269 /* Total Len */ 15,
1270 /* NVM CMD */ NVM_ACCESS_SET,
1271 /* Tag Num */ 36,
1272 /* Tag Len */ 12,
1273 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1274 },
1275
1276 /* Tag 39 */
1277 { /* Packet Type */HCI_COMMAND_PKT,
1278 /* Opcode */ 0x0b,0xfc,
1279 /* Total Len */ 7,
1280 /* NVM CMD */ NVM_ACCESS_SET,
1281 /* Tag Num */ 39,
1282 /* Tag Len */ 4,
1283 /* Tag Value */ 0x12,0x00,0x00,0x00
1284 },
1285
1286 /* Tag 41 */
1287 { /* Packet Type */HCI_COMMAND_PKT,
1288 /* Opcode */ 0x0b,0xfc,
1289 /* Total Len */ 199,
1290 /* NVM CMD */ NVM_ACCESS_SET,
1291 /* Tag Num */ 41,
1292 /* Tag Len */ 196,
1293 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1294 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1295 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1296 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1297 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1298 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1299 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1300 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1301 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1302 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1303 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1304 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1305 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1306 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1307 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1308 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1309 0x0B,0x01,0x03,0x00
1310 },
1311
1312 /* Tag 44 */
1313 { /* Packet Type */HCI_COMMAND_PKT,
1314 /* Opcode */ 0x0b,0xfc,
1315 /* Total Len */ 44,
1316 /* NVM CMD */ NVM_ACCESS_SET,
1317 /* Tag Num */ 44,
1318 /* Tag Len */ 41,
1319 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1320 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1321 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1322 0x00,0x14,0x01,0x02,0x03
1323 },
1324 {TAG_END}
1325 };
1326 #endif
1327
1328 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1329
1330 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1331 {
1332 /* Write BD Address */
1333 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1334 memcpy(&cmds[i][TAG_BDADDR_OFFSET], q->bdaddr, 6);
1335 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1336 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1337 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1338 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1339 }
1340 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1341 /* Send HCI Command packet to Controller */
1342 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1343 if ( err != size) {
1344 ALOGE("Failed to attach the patch payload to the Controller!");
1345 goto error;
1346 }
1347
1348 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1349 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1350 if ( err < 0) {
1351 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1352 goto error;
1353 }
1354 }
1355
1356 error:
1357 return err;
1358 }
1359
1360
1361
rome_patch_ver_req(int fd)1362 int rome_patch_ver_req(int fd)
1363 {
1364 int size, err = 0;
1365 unsigned char cmd[HCI_MAX_CMD_SIZE];
1366 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1367
1368 /* Frame the HCI CMD to be sent to the Controller */
1369 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1370 -1, EDL_PATCH_CMD_LEN);
1371
1372 /* Total length of the packet to be sent to the Controller */
1373 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1374
1375 /* Send HCI Command packet to Controller */
1376 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1377 if ( err != size) {
1378 ALOGE("Failed to attach the patch payload to the Controller!");
1379 goto error;
1380 }
1381
1382 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1383 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1384 if ( err < 0) {
1385 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1386 goto error;
1387 }
1388 error:
1389 return err;
1390
1391 }
1392
rome_get_build_info_req(int fd)1393 int rome_get_build_info_req(int fd)
1394 {
1395 int size, err = 0;
1396 unsigned char cmd[HCI_MAX_CMD_SIZE];
1397 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1398
1399 /* Frame the HCI CMD to be sent to the Controller */
1400 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1401 -1, EDL_PATCH_CMD_LEN);
1402
1403 /* Total length of the packet to be sent to the Controller */
1404 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1405
1406 /* Send HCI Command packet to Controller */
1407 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1408 if ( err != size) {
1409 ALOGE("Failed to send get build info cmd to the SoC!");
1410 goto error;
1411 }
1412
1413 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1414 if ( err < 0) {
1415 ALOGE("%s: Failed to get build info", __FUNCTION__);
1416 goto error;
1417 }
1418 error:
1419 return err;
1420
1421 }
1422
1423
rome_set_baudrate_req(int fd)1424 int rome_set_baudrate_req(int fd)
1425 {
1426 int size, err = 0;
1427 unsigned char cmd[HCI_MAX_CMD_SIZE];
1428 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1429 hci_command_hdr *cmd_hdr;
1430 int flags;
1431
1432 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1433
1434 cmd_hdr = (void *) (cmd + 1);
1435 cmd[0] = HCI_COMMAND_PKT;
1436 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1437 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1438 cmd[4] = BAUDRATE_3000000;
1439
1440 /* Total length of the packet to be sent to the Controller */
1441 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1442
1443 /* Flow off during baudrate change */
1444 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1445 {
1446 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1447 goto error;
1448 }
1449
1450 /* Send the HCI command packet to UART for transmission */
1451 err = do_write(fd, cmd, size);
1452 if (err != size) {
1453 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1454 goto error;
1455 }
1456
1457 /* Change Local UART baudrate to high speed UART */
1458 userial_vendor_set_baud(USERIAL_BAUD_3M);
1459
1460 /* Flow on after changing local uart baudrate */
1461 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1462 {
1463 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1464 return err;
1465 }
1466
1467 /* Check for response from the Controller */
1468 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1469 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1470 goto error;
1471 }
1472
1473 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1474
1475 /* Wait for command complete event */
1476 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1477 if ( err < 0) {
1478 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1479 goto error;
1480 }
1481
1482 error:
1483 return err;
1484
1485 }
1486
1487
rome_hci_reset_req(int fd)1488 int rome_hci_reset_req(int fd)
1489 {
1490 int size, err = 0;
1491 unsigned char cmd[HCI_MAX_CMD_SIZE];
1492 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1493 hci_command_hdr *cmd_hdr;
1494 int flags;
1495
1496 ALOGI("%s: HCI RESET ", __FUNCTION__);
1497
1498 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1499
1500 cmd_hdr = (void *) (cmd + 1);
1501 cmd[0] = HCI_COMMAND_PKT;
1502 cmd_hdr->opcode = HCI_RESET;
1503 cmd_hdr->plen = 0;
1504
1505 /* Total length of the packet to be sent to the Controller */
1506 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1507
1508 /* Flow off during baudrate change */
1509 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1510 {
1511 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1512 goto error;
1513 }
1514
1515 /* Send the HCI command packet to UART for transmission */
1516 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1517 err = do_write(fd, cmd, size);
1518 if (err != size) {
1519 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1520 goto error;
1521 }
1522
1523 /* Change Local UART baudrate to high speed UART */
1524 userial_vendor_set_baud(USERIAL_BAUD_3M);
1525
1526 /* Flow on after changing local uart baudrate */
1527 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1528 {
1529 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1530 return err;
1531 }
1532
1533 /* Wait for command complete event */
1534 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1535 if ( err < 0) {
1536 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1537 goto error;
1538 }
1539
1540 error:
1541 return err;
1542
1543 }
1544
1545
rome_hci_reset(int fd)1546 int rome_hci_reset(int fd)
1547 {
1548 int size, err = 0;
1549 unsigned char cmd[HCI_MAX_CMD_SIZE];
1550 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1551 hci_command_hdr *cmd_hdr;
1552 int flags;
1553
1554 ALOGI("%s: HCI RESET ", __FUNCTION__);
1555
1556 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1557
1558 cmd_hdr = (void *) (cmd + 1);
1559 cmd[0] = HCI_COMMAND_PKT;
1560 cmd_hdr->opcode = HCI_RESET;
1561 cmd_hdr->plen = 0;
1562
1563 /* Total length of the packet to be sent to the Controller */
1564 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1565 err = do_write(fd, cmd, size);
1566 if (err != size) {
1567 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1568 err = -1;
1569 goto error;
1570 }
1571
1572 /* Wait for command complete event */
1573 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1574 if ( err < 0) {
1575 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1576 goto error;
1577 }
1578
1579 error:
1580 return err;
1581
1582 }
1583
rome_wipower_current_charging_status_req(int fd)1584 int rome_wipower_current_charging_status_req(int fd)
1585 {
1586 int size, err = 0;
1587 unsigned char cmd[HCI_MAX_CMD_SIZE];
1588 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1589 hci_command_hdr *cmd_hdr;
1590 int flags;
1591
1592 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1593
1594 cmd_hdr = (void *) (cmd + 1);
1595 cmd[0] = HCI_COMMAND_PKT;
1596 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1597 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1598 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1599
1600 /* Total length of the packet to be sent to the Controller */
1601 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1602
1603 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1604 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1605
1606 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1607 if ( err != size) {
1608 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1609 goto error;
1610 }
1611
1612 /* Check for response from the Controller */
1613 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1614 err = -ETIMEDOUT;
1615 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1616 goto error;
1617 }
1618
1619 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1620 if (rsp[4] >= NON_WIPOWER_MODE) {
1621 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1622 if (err < 0) {
1623 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1624 goto error;
1625 }
1626 }
1627
1628 error:
1629 return err;
1630 }
1631
addon_feature_req(int fd)1632 int addon_feature_req(int fd)
1633 {
1634 int size, err = 0;
1635 unsigned char cmd[HCI_MAX_CMD_SIZE];
1636 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1637 hci_command_hdr *cmd_hdr;
1638 int flags;
1639
1640 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1641
1642 cmd_hdr = (void *) (cmd + 1);
1643 cmd[0] = HCI_COMMAND_PKT;
1644 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1645 cmd_hdr->plen = 0x00;
1646
1647 /* Total length of the packet to be sent to the Controller */
1648 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1649
1650 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1651 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1652 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1653 if ( err != size) {
1654 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1655 goto error;
1656 }
1657
1658 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1659 if (err < 0) {
1660 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1661 goto error;
1662 }
1663 error:
1664 return err;
1665 }
1666
1667
check_embedded_mode(int fd)1668 int check_embedded_mode(int fd) {
1669 int err = 0;
1670
1671 wipower_flag = 0;
1672 /* Get current wipower charging status */
1673 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1674 {
1675 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1676 }
1677 usleep(500);
1678
1679 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1680
1681 return wipower_flag;
1682 }
1683
rome_get_addon_feature_list(int fd)1684 int rome_get_addon_feature_list(int fd) {
1685 int err = 0;
1686
1687 /* Get addon features that are supported by FW */
1688 if ((err = addon_feature_req(fd)) < 0)
1689 {
1690 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1691 }
1692 return err;
1693 }
1694
rome_wipower_forward_handoff_req(int fd)1695 int rome_wipower_forward_handoff_req(int fd)
1696 {
1697 int size, err = 0;
1698 unsigned char cmd[HCI_MAX_CMD_SIZE];
1699 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1700 hci_command_hdr *cmd_hdr;
1701 int flags;
1702
1703 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1704
1705 cmd_hdr = (void *) (cmd + 1);
1706 cmd[0] = HCI_COMMAND_PKT;
1707 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1708 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1709 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1710
1711 /* Total length of the packet to be sent to the Controller */
1712 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1713
1714 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1715 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1716 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1717 if ( err != size) {
1718 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1719 goto error;
1720 }
1721
1722 /* Check for response from the Controller */
1723 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1724 err = -ETIMEDOUT;
1725 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1726 goto error;
1727 }
1728
1729 error:
1730 return err;
1731 }
1732
1733
enable_controller_log(int fd,unsigned char wait_for_evt)1734 void enable_controller_log (int fd, unsigned char wait_for_evt)
1735 {
1736 int ret = 0;
1737 /* VS command to enable controller logging to the HOST. By default it is disabled */
1738 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1739 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1740 char value[PROPERTY_VALUE_MAX] = {'\0'};
1741
1742 property_get("persist.service.bdroid.soclog", value, "false");
1743
1744 // value at cmd[5]: 1 - to enable, 0 - to disable
1745 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1746 ALOGI("%s: %d", __func__, ret);
1747 /* Ignore vsc evt if wait_for_evt is true */
1748 if (wait_for_evt) wait_vsc_evt = FALSE;
1749
1750 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1751 if (ret != 6) {
1752 ALOGE("%s: command failed", __func__);
1753 }
1754 /*Ignore hci_event if wait_for_evt is true*/
1755 if (wait_for_evt)
1756 goto end;
1757 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1758 if (ret < 0) {
1759 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1760 }
1761 end:
1762 wait_vsc_evt = TRUE;
1763 return;
1764 }
1765
1766
1767 /* This function is called with q_lock held and q is non-NULL */
disable_internal_ldo(int fd)1768 static int disable_internal_ldo(int fd)
1769 {
1770 int ret = 0;
1771 if (q->enable_extldo) {
1772 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1773 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1774
1775 ALOGI(" %s ", __FUNCTION__);
1776 ret = do_write(fd, cmd, 5);
1777 if (ret != 5) {
1778 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1779 ret = -1;
1780 } else {
1781 /* Wait for command complete event */
1782 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1783 if ( ret < 0) {
1784 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1785 }
1786 }
1787 }
1788 return ret;
1789 }
1790
rome_soc_init(int fd,char * bdaddr)1791 int rome_soc_init(int fd, char *bdaddr)
1792 {
1793 int err = -1, size = 0;
1794 dnld_fd = fd;
1795 ALOGI(" %s ", __FUNCTION__);
1796 RESERVED(bdaddr);
1797
1798 /* If wipower charging is going on in embedded mode then start hand off req */
1799 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1800 {
1801 wipower_flag = 0;
1802 wipower_handoff_ready = 0;
1803 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1804 {
1805 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1806 }
1807 }
1808
1809 /* Get Rome version information */
1810 if((err = rome_patch_ver_req(fd)) <0){
1811 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1812 goto error;
1813 }
1814
1815 ALOGI("%s: Chipset Version (0x%08x)", __FUNCTION__, chipset_ver);
1816
1817 switch (chipset_ver){
1818 case ROME_VER_1_0:
1819 {
1820 /* Set and Download the RAMPATCH */
1821 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1822 err = rome_download_rampatch(fd);
1823 if (err < 0) {
1824 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1825 goto error;
1826 }
1827 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1828
1829 /* Attach the RAMPATCH */
1830 ALOGI("%s: Attaching the patches", __FUNCTION__);
1831 err = rome_attach_rampatch(fd);
1832 if (err < 0) {
1833 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1834 goto error;
1835 }
1836 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1837
1838 /* Send Reset */
1839 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1840 err = rome_rampatch_reset(fd);
1841 if ( err < 0 ) {
1842 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1843 goto error;
1844 }
1845
1846 /* NVM download */
1847 ALOGI("%s: Downloading NVM", __FUNCTION__);
1848 err = rome_1_0_nvm_tag_dnld(fd);
1849 if ( err <0 ) {
1850 ALOGE("Downloading NVM Failed !!");
1851 goto error;
1852 }
1853
1854 /* Change baud rate 115.2 kbps to 3Mbps*/
1855 err = rome_hci_reset_req(fd);
1856 if (err < 0) {
1857 ALOGE("HCI Reset Failed !!");
1858 goto error;
1859 }
1860
1861 ALOGI("HCI Reset is done\n");
1862 }
1863 break;
1864 case ROME_VER_1_1:
1865 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1866 nvm_file_path = ROME_NVM_TLV_PATH;
1867 goto download;
1868 case ROME_VER_1_3:
1869 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1870 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1871 goto download;
1872 case ROME_VER_2_1:
1873 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1874 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1875 goto download;
1876 case ROME_VER_3_0:
1877 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1878 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1879 fw_su_info = ROME_3_1_FW_SU;
1880 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1881 goto download;
1882 case ROME_VER_3_2:
1883 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1884 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1885 fw_su_info = ROME_3_2_FW_SU;
1886 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1887
1888 download:
1889 /* Change baud rate 115.2 kbps to 3Mbps*/
1890 err = rome_set_baudrate_req(fd);
1891 if (err < 0) {
1892 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1893 goto error;
1894 }
1895 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1896 /* Donwload TLV files (rampatch, NVM) */
1897 err = rome_download_tlv_file(fd);
1898 if (err < 0) {
1899 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1900 goto error;
1901 }
1902 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1903
1904 /* Get SU FM label information */
1905 if((err = rome_get_build_info_req(fd)) <0){
1906 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1907 //Ignore the failure of ROME FW SU label information
1908 err = 0;
1909 }
1910
1911 /* Disable internal LDO to use external LDO instead*/
1912 err = disable_internal_ldo(fd);
1913
1914 /* Send HCI Reset */
1915 err = rome_hci_reset(fd);
1916 if ( err <0 ) {
1917 ALOGE("HCI Reset Failed !!");
1918 goto error;
1919 }
1920
1921 ALOGI("HCI Reset is done\n");
1922
1923 break;
1924 default:
1925 ALOGI("%s: Detected unknown SoC version: 0x%08x", __FUNCTION__, chipset_ver);
1926 err = -1;
1927 break;
1928 }
1929
1930 error:
1931 dnld_fd = -1;
1932 return err;
1933 }
1934