hciattach_qualcomm.c revision c6be8dcf9e52713b6a040c3be5e1b32e5fafe513 
1/*
2 *
3 *  BlueZ - Bluetooth protocol stack for Linux
4 *
5 *  Copyright (C) 2005-2010  Marcel Holtmann <marcel@holtmann.org>
6 *  Copyright (c) 2010, Code Aurora Forum. All rights reserved.
7 *
8 *
9 *  This program is free software; you can redistribute it and/or modify
10 *  it under the terms of the GNU General Public License as published by
11 *  the Free Software Foundation; either version 2 of the License, or
12 *  (at your option) any later version.
13 *
14 *  This program is distributed in the hope that it will be useful,
15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 *  GNU General Public License for more details.
18 *
19 *  You should have received a copy of the GNU General Public License
20 *  along with this program; if not, write to the Free Software
21 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
22 *
23 */
24
25#ifdef HAVE_CONFIG_H
26#include <config.h>
27#endif
28
29#include <stdio.h>
30#include <errno.h>
31#include <fcntl.h>
32#include <unistd.h>
33#include <stdlib.h>
34#include <string.h>
35#include <signal.h>
36#include <syslog.h>
37#include <termios.h>
38#include <time.h>
39#include <sys/time.h>
40#include <sys/poll.h>
41#include <sys/param.h>
42#include <sys/ioctl.h>
43#include <sys/socket.h>
44#include <sys/uio.h>
45
46#include <bluetooth/bluetooth.h>
47#include <bluetooth/hci.h>
48#include <bluetooth/hci_lib.h>
49
50#include "hciattach.h"
51
52#define FAILIF(x, args...) do { \
53	if (x) { \
54		fprintf(stderr, ##args); \
55		return -1; \
56	} \
57} while (0)
58
59typedef struct {
60	uint8_t uart_prefix;
61	hci_event_hdr hci_hdr;
62	evt_cmd_complete cmd_complete;
63	uint8_t status;
64	uint8_t data[16];
65} __attribute__((packed)) command_complete_t;
66
67static int read_command_complete(int fd,
68					unsigned short opcode,
69					unsigned char len)
70{
71	command_complete_t resp;
72	unsigned char vsevent[512];
73	int n;
74
75	/* Read reply. */
76	n = read_hci_event(fd, vsevent, sizeof(vsevent));
77	FAILIF(n < 0, "Failed to read response");
78
79	FAILIF(vsevent[1] != 0xFF, "Failed to read response");
80
81	n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
82	FAILIF(n < 0, "Failed to read response");
83
84	/* event must be event-complete */
85	FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE,
86		"Error in response: not a cmd-complete event, "
87		"but 0x%02x!\n", resp.hci_hdr.evt);
88
89	FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
90		"Error in response: plen is not >= 4, but 0x%02x!\n",
91		resp.hci_hdr.plen);
92
93	/* cmd-complete event: opcode */
94	FAILIF(resp.cmd_complete.opcode != 0,
95		"Error in response: opcode is 0x%04x, not 0!",
96		resp.cmd_complete.opcode);
97
98	return resp.status == 0 ? 0 : -1;
99}
100
101static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s)
102{
103
104	int fw = open(firmware, O_RDONLY);
105
106	fprintf(stdout, "Opening firmware file: %s\n", firmware);
107
108	FAILIF(fw < 0,
109		"Could not open firmware file %s: %s (%d).\n",
110		firmware, strerror(errno), errno);
111
112	fprintf(stdout, "Uploading firmware...\n");
113	do {
114		/* Read each command and wait for a response. */
115		unsigned char data[1024];
116		unsigned char cmdp[1 + sizeof(hci_command_hdr)];
117		hci_command_hdr *cmd = (hci_command_hdr *) (cmdp + 1);
118		int nr;
119
120		nr = read(fw, cmdp, sizeof(cmdp));
121		if (!nr)
122			break;
123
124		FAILIF(nr != sizeof(cmdp),
125			"Could not read H4 + HCI header!\n");
126		FAILIF(*cmdp != HCI_COMMAND_PKT,
127			"Command is not an H4 command packet!\n");
128
129		FAILIF(read(fw, data, cmd->plen) != cmd->plen,
130				"Could not read %d bytes of data \
131				for command with opcode %04x!\n",
132				cmd->plen, cmd->opcode);
133
134		if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
135			bdaddr_t bdaddr;
136			if (bdaddr_s != NULL) {
137				str2ba(bdaddr_s, &bdaddr);
138				memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
139			}
140		}
141
142		{
143			int nw;
144			struct iovec iov_cmd[2];
145			iov_cmd[0].iov_base = cmdp;
146			iov_cmd[0].iov_len = sizeof(cmdp);
147			iov_cmd[1].iov_base = data;
148			iov_cmd[1].iov_len = cmd->plen;
149			nw = writev(fd, iov_cmd, 2);
150			FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
151				"Could not send entire command \
152				(sent only %d bytes)!\n",
153				nw);
154		}
155
156		/* Wait for response */
157		if (read_command_complete(fd, cmd->opcode, cmd->plen) < 0)
158			return -1;
159	} while (1);
160	fprintf(stdout, "Firmware upload successful.\n");
161
162	close(fw);
163
164	return 0;
165}
166
167int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
168{
169	struct timespec tm = {0, 50000};
170	char cmd[5];
171	unsigned char resp[100];		/* Response */
172	char fw[100];
173	int n;
174
175	memset(resp, 0, 100);
176
177	/* Get Manufacturer and LMP version */
178	cmd[0] = HCI_COMMAND_PKT;
179	cmd[1] = 0x01;
180	cmd[2] = 0x10;
181	cmd[3] = 0x00;
182
183	do {
184		n = write(fd, cmd, 4);
185		if (n < 4) {
186			perror("Failed to write init command");
187			return -1;
188		}
189
190		/* Read reply. */
191		if (read_hci_event(fd, resp, 100) < 0) {
192			perror("Failed to read init response");
193			return -1;
194		}
195
196		/* Wait for command complete event for our Opcode */
197	} while (resp[4] != cmd[1] && resp[5] != cmd[2]);
198
199	/* Verify manufacturer */
200	if ((resp[11] & 0xFF) != 0x1d)
201		fprintf(stderr,
202			"WARNING : module's manufacturer is not Qualcomm\n");
203
204	/* Print LMP version */
205	fprintf(stderr,
206		"Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
207
208	/* Print LMP subversion */
209	{
210		unsigned short lmp_subv = resp[13] | (resp[14] << 8);
211
212		fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n",
213								lmp_subv);
214	}
215
216	/* Get SoC type */
217	cmd[0] = HCI_COMMAND_PKT;
218	cmd[1] = 0x00;
219	cmd[2] = 0xFC;
220	cmd[3] = 0x01;
221	cmd[4] = 0x06;
222
223	do {
224		n = write(fd, cmd, 5);
225		if (n < 5) {
226			perror("Failed to write vendor init command");
227			return -1;
228		}
229
230		/* Read reply. */
231		if ((n = read_hci_event(fd, resp, 100)) < 0) {
232			perror("Failed to read vendor init response");
233			return -1;
234		}
235
236	} while (resp[3] != 0 && resp[4] != 2);
237
238	snprintf(fw, sizeof(fw), "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
239				resp[18], resp[19], resp[20], resp[21],
240				resp[22], resp[23],
241				resp[32], resp[33], resp[34], resp[35]);
242
243	/* Wait for command complete event for our Opcode */
244	if (read_hci_event(fd, resp, 100) < 0) {
245		perror("Failed to read init response");
246		return -1;
247	}
248
249	qualcomm_load_firmware(fd, fw, bdaddr);
250
251	/* Reset */
252	cmd[0] = HCI_COMMAND_PKT;
253	cmd[1] = 0x03;
254	cmd[2] = 0x0C;
255	cmd[3] = 0x00;
256
257	do {
258		n = write(fd, cmd, 4);
259		if (n < 4) {
260			perror("Failed to write reset command");
261			return -1;
262		}
263
264		/* Read reply. */
265		if ((n = read_hci_event(fd, resp, 100)) < 0) {
266			perror("Failed to read reset response");
267			return -1;
268		}
269
270	} while (resp[4] != cmd[1] && resp[5] != cmd[2]);
271
272	nanosleep(&tm, NULL);
273
274	return 0;
275}
276