1/*
2 *
3 *  Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 *  Not a Contribution.
5 *
6 *  Copyright 2012 The Android Open Source Project
7 *
8 *  Licensed under the Apache License, Version 2.0 (the "License"); you
9 *  may not use this file except in compliance with the License. You may
10 *  obtain a copy of the License at
11 *
12 *  http://www.apache.org/licenses/LICENSE-2.0
13 *
14 *  Unless required by applicable law or agreed to in writing, software
15 *  distributed under the License is distributed on an "AS IS" BASIS,
16 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 *  implied. See the License for the specific language governing
18 *  permissions and limitations under the License.
19 *
20 */
21
22/******************************************************************************
23 *
24 *  Filename:      hw_rome.c
25 *
26 *  Description:   Contains controller-specific functions, like
27 *                      firmware patch download
28 *                      low power mode operations
29 *
30 ******************************************************************************/
31#ifdef __cplusplus
32extern "C" {
33#endif
34
35#define LOG_TAG "bt_vendor"
36
37#include <sys/socket.h>
38#include <utils/Log.h>
39#include <sys/types.h>
40#include <sys/stat.h>
41#include <signal.h>
42#include <time.h>
43#include <errno.h>
44#include <fcntl.h>
45#include <dirent.h>
46#include <ctype.h>
47#include <cutils/properties.h>
48#include <stdlib.h>
49#include <termios.h>
50#include <string.h>
51#include <stdbool.h>
52#include "bt_hci_bdroid.h"
53#include "bt_vendor_qcom.h"
54#include "hci_uart.h"
55#include "hw_rome.h"
56
57#define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt"
58
59#ifdef __cplusplus
60}
61#endif
62
63int read_vs_hci_event(int fd, unsigned char* buf, int size);
64
65/******************************************************************************
66**  Variables
67******************************************************************************/
68FILE *file;
69unsigned char *phdr_buffer;
70unsigned char *pdata_buffer = NULL;
71patch_info rampatch_patch_info;
72int rome_ver = ROME_VER_UNKNOWN;
73unsigned char gTlv_type;
74unsigned char gTlv_dwndCfg;
75static unsigned int wipower_flag = 0;
76static unsigned int wipower_handoff_ready = 0;
77char *rampatch_file_path;
78char *nvm_file_path;
79char *fw_su_info = NULL;
80unsigned short fw_su_offset =0;
81extern char enable_extldo;
82unsigned char wait_vsc_evt = TRUE;
83bool patch_dnld_pending = FALSE;
84int dnld_fd = -1;
85/******************************************************************************
86**  Extern variables
87******************************************************************************/
88extern uint8_t vnd_local_bd_addr[6];
89
90/*****************************************************************************
91**   Functions
92*****************************************************************************/
93int do_write(int fd, unsigned char *buf,int len)
94{
95    int ret = 0;
96    int write_offset = 0;
97    int write_len = len;
98    do {
99        ret = write(fd,buf+write_offset,write_len);
100        if (ret < 0)
101        {
102            ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
103            return -1;
104        } else if (ret == 0) {
105            ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
106            return 0;
107        } else {
108            if (ret < write_len) {
109                ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
110                       strerror(errno));
111                write_len = write_len - ret;
112                write_offset = ret;
113            } else {
114                ALOGV("Write successful");
115                break;
116            }
117        }
118    } while(1);
119    return len;
120}
121
122int get_vs_hci_event(unsigned char *rsp)
123{
124    int err = 0;
125    unsigned char paramlen = 0;
126    unsigned char EMBEDDED_MODE_CHECK = 0x02;
127    FILE *btversionfile = 0;
128    unsigned int soc_id = 0;
129    unsigned int productid = 0;
130    unsigned short patchversion = 0;
131    char build_label[255];
132    int build_lbl_len;
133
134    if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
135        ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
136    else {
137        ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
138        err = -EIO;
139        goto failed;
140    }
141
142    ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
143    ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
144    ALOGI("%s: Response type   : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
145
146    /* Check the status of the operation */
147    switch ( rsp[CMD_RSP_OFFSET] )
148    {
149        case EDL_CMD_REQ_RES_EVT:
150        ALOGI("%s: Command Request Response", __FUNCTION__);
151        switch(rsp[RSP_TYPE_OFFSET])
152        {
153            case EDL_PATCH_VER_RES_EVT:
154            case EDL_APP_VER_RES_EVT:
155                ALOGI("\t Current Product ID\t\t: 0x%08x",
156                    productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
157                                        rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
158                                        rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
159                                        rsp[PATCH_PROD_ID_OFFSET]  ));
160
161                /* Patch Version indicates FW patch version */
162                ALOGI("\t Current Patch Version\t\t: 0x%04x",
163                    (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
164                                            rsp[PATCH_PATCH_VER_OFFSET] )));
165
166                /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
167                ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
168                    (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
169                                            rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
170
171                /* In case rome 1.0/1.1, there is no SOC ID version available */
172                if (paramlen - 10)
173                {
174                    ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
175                        (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
176                                                rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
177                                                rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
178                                                rsp[PATCH_SOC_VER_OFFSET]  ));
179                }
180
181                if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) {
182                    fprintf(btversionfile, "Bluetooth Controller Product ID    : 0x%08x\n", productid);
183                    fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion);
184                    fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", rome_ver);
185                    fprintf(btversionfile, "Bluetooth Controller SOC Version   : 0x%08x\n", soc_id);
186                    fclose(btversionfile);
187                }else {
188                    ALOGI("Failed to dump SOC version info. Errno:%d", errno);
189                }
190
191                /* Rome Chipset Version can be decided by Patch version and SOC version,
192                Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
193                used for SOC as combination for BT host driver */
194                rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
195                break;
196            case EDL_TVL_DNLD_RES_EVT:
197            case EDL_CMD_EXE_STATUS_EVT:
198                switch (err = rsp[CMD_STATUS_OFFSET])
199                    {
200                    case HCI_CMD_SUCCESS:
201                        ALOGI("%s: Download Packet successfully!", __FUNCTION__);
202                        break;
203                    case PATCH_LEN_ERROR:
204                        ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
205                        "SET REQ cmd", __FUNCTION__);
206                        break;
207                    case PATCH_VER_ERROR:
208                        ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
209                        "SET REQ cmd", __FUNCTION__);
210                        break;
211                    case PATCH_CRC_ERROR:
212                        ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
213                        break;
214                    case PATCH_NOT_FOUND:
215                        ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
216                        break;
217                    case TLV_TYPE_ERROR:
218                        ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
219                        break;
220                    default:
221                        ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
222                        break;
223                    }
224            break;
225            case HCI_VS_GET_BUILD_VER_EVT:
226                build_lbl_len = rsp[5];
227                memcpy (build_label, &rsp[6], build_lbl_len);
228                *(build_label+build_lbl_len) = '\0';
229
230                ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
231                if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) {
232                    fprintf(btversionfile, "Bluetooth Contoller SU Build info  : %s\n", build_label);
233                    fclose(btversionfile);
234                } else {
235                    ALOGI("Failed to dump  FW SU build info. Errno:%d", errno);
236                }
237            break;
238        }
239        break;
240
241        case NVM_ACCESS_CODE:
242            ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
243            err = HCI_CMD_SUCCESS;
244            break;
245        case EDL_SET_BAUDRATE_RSP_EVT:
246            /* Rome 1.1 has bug with the response, so it should ignore it. */
247            if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
248            {
249                ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
250                    rsp[CMD_STATUS_OFFSET]);
251                err = -1;
252            }
253            break;
254       case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
255            /* Query charging command has below return values
256            0 - in embedded mode not charging
257            1 - in embedded mode and charging
258            2 - hadofff completed and in normal mode
259            3 - no wipower supported on mtp. so irrepective of charging
260            handoff command has to be sent if return values are 0 or 1.
261            These change include logic to enable generic BT turn on sequence.*/
262            if (rsp[4] < EMBEDDED_MODE_CHECK)
263            {
264               ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
265               wipower_handoff_ready = rsp[4];
266               wipower_flag = 1;
267            }
268            break;
269        case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
270            /*TODO: rsp code 00 mean no charging
271            this is going to change in FW soon*/
272            if (rsp[4] == NON_WIPOWER_MODE)
273            {
274               ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
275            }
276            break;
277        case HCI_VS_GET_ADDON_FEATURES_EVENT:
278            if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
279            {
280               ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
281               property_set("persist.bluetooth.a4wp", "true");
282            }
283            break;
284        case HCI_VS_STRAY_EVT:
285            /* WAR to handle stray Power Apply EVT during patch download */
286            ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
287            if (patch_dnld_pending && dnld_fd != -1)
288            {
289                unsigned char rsp[HCI_MAX_EVENT_SIZE];
290                memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
291                read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
292            }
293            else
294            {
295                ALOGE("%s: Not a valid status!!!", __FUNCTION__);
296                err = -1;
297            }
298            break;
299        default:
300            ALOGE("%s: Not a valid status!!!", __FUNCTION__);
301            err = -1;
302            break;
303    }
304
305failed:
306    return err;
307}
308
309
310/*
311 * Read an VS HCI event from the given file descriptor.
312 */
313int read_vs_hci_event(int fd, unsigned char* buf, int size)
314{
315    int remain, r;
316    int count = 0, i;
317
318    if (size <= 0) {
319        ALOGE("Invalid size arguement!");
320        return -1;
321    }
322
323    ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
324
325    /* The first byte identifies the packet type. For HCI event packets, it
326     * should be 0x04, so we read until we get to the 0x04. */
327    /* It will keep reading until find 0x04 byte */
328    while (1) {
329            r = read(fd, buf, 1);
330            if (r <= 0)
331                    return -1;
332            if (buf[0] == 0x04)
333                    break;
334    }
335    count++;
336
337    /* The next two bytes are the event code and parameter total length. */
338    while (count < 3) {
339            r = read(fd, buf + count, 3 - count);
340            if ((r <= 0) || (buf[1] != 0xFF )) {
341                ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
342                return -1;
343            }
344            count += r;
345    }
346
347    /* Now we read the parameters. */
348    if (buf[2] < (size - 3))
349            remain = buf[2];
350    else
351            remain = size - 3;
352
353    while ((count - 3) < remain) {
354            r = read(fd, buf + count, remain - (count - 3));
355            if (r <= 0)
356                    return -1;
357            count += r;
358    }
359
360     /* Check if the set patch command is successful or not */
361    if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
362        return -1;
363
364    return count;
365}
366
367/*
368 * For Hand-Off related Wipower commands, Command complete arrives first and
369 * the followd with VS event
370 *
371 */
372int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
373{
374    int ret = 0;
375    int err = 0;
376
377    /* Send the HCI command packet to UART for transmission */
378    ret = do_write(fd, cmd, size);
379    if (ret != size) {
380        ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
381        goto failed;
382    }
383
384    /* Wait for command complete event */
385    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
386    if ( err < 0) {
387        ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
388        goto failed;
389    }
390
391    ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
392failed:
393    return ret;
394}
395
396
397int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
398{
399    int ret = 0;
400
401    /* Send the HCI command packet to UART for transmission */
402    ret = do_write(fd, cmd, size);
403    if (ret != size) {
404        ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
405        goto failed;
406    }
407
408    if (wait_vsc_evt) {
409        /* Check for response from the Controller */
410        if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
411           ret = -ETIMEDOUT;
412           ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
413           goto failed;
414        }
415        ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
416    }
417
418failed:
419    return ret;
420}
421
422void frame_hci_cmd_pkt(
423    unsigned char *cmd,
424    int edl_cmd, unsigned int p_base_addr,
425    int segtNo, int size
426    )
427{
428    int offset = 0;
429    hci_command_hdr *cmd_hdr;
430
431    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
432
433    cmd_hdr = (void *) (cmd + 1);
434
435    cmd[0]      = HCI_COMMAND_PKT;
436    cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
437    cmd_hdr->plen   = size;
438    cmd[4]      = edl_cmd;
439
440    switch (edl_cmd)
441    {
442        case EDL_PATCH_SET_REQ_CMD:
443            /* Copy the patch header info as CMD params */
444            memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
445            ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
446            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
447                segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
448            break;
449        case EDL_PATCH_DLD_REQ_CMD:
450            offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
451            p_base_addr += offset;
452            cmd_hdr->plen   = (size + 6);
453            cmd[5]  = (size + 4);
454            cmd[6]  = EXTRACT_BYTE(p_base_addr, 0);
455            cmd[7]  = EXTRACT_BYTE(p_base_addr, 1);
456            cmd[8]  = EXTRACT_BYTE(p_base_addr, 2);
457            cmd[9]  = EXTRACT_BYTE(p_base_addr, 3);
458            memcpy(&cmd[10], (pdata_buffer + offset), size);
459
460            ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
461                __FUNCTION__, size);
462            ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
463                "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
464                cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
465            break;
466        case EDL_PATCH_ATCH_REQ_CMD:
467            ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
468            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
469            segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
470            break;
471        case EDL_PATCH_RST_REQ_CMD:
472            ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
473            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
474            segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
475            break;
476        case EDL_PATCH_VER_REQ_CMD:
477            ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
478            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
479            segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
480            break;
481        case EDL_PATCH_TLV_REQ_CMD:
482            ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
483            /* Parameter Total Length */
484            cmd[3] = size +2;
485
486            /* TLV Segment Length */
487            cmd[5] = size;
488            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
489            segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
490            offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
491            memcpy(&cmd[6], (pdata_buffer + offset), size);
492            break;
493        case EDL_GET_BUILD_INFO:
494            ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
495            ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
496                segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
497            break;
498        default:
499            ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
500    }
501}
502
503void rome_extract_patch_header_info(unsigned char *buf)
504{
505    int index;
506
507    /* Extract patch id */
508    for (index = 0; index < 4; index++)
509        rampatch_patch_info.patch_id |=
510            (LSH(buf[index + P_ID_OFFSET], (index * 8)));
511
512    /* Extract (ROM and BUILD) version information */
513    for (index = 0; index < 2; index++)
514        rampatch_patch_info.patch_ver.rom_version |=
515            (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
516
517    for (index = 0; index < 2; index++)
518        rampatch_patch_info.patch_ver.build_version |=
519            (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
520
521    /* Extract patch base and entry addresses */
522    for (index = 0; index < 4; index++)
523        rampatch_patch_info.patch_base_addr |=
524            (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
525
526    /* Patch BASE & ENTRY addresses are same */
527    rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
528
529    /* Extract total length of the patch payload */
530    for (index = 0; index < 4; index++)
531        rampatch_patch_info.patch_length |=
532            (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
533
534    /* Extract the CRC checksum of the patch payload */
535    for (index = 0; index < 4; index++)
536        rampatch_patch_info.patch_crc |=
537            (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
538
539    /* Extract patch control value */
540    for (index = 0; index < 4; index++)
541        rampatch_patch_info.patch_ctrl |=
542            (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
543
544    ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
545    ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
546    ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
547    ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
548    ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
549    ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
550    ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
551
552}
553
554int rome_edl_set_patch_request(int fd)
555{
556    int size, err;
557    unsigned char cmd[HCI_MAX_CMD_SIZE];
558    unsigned char rsp[HCI_MAX_EVENT_SIZE];
559
560    /* Frame the HCI CMD to be sent to the Controller */
561    frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
562        -1, PATCH_HDR_LEN + 1);
563
564    /* Total length of the packet to be sent to the Controller */
565    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
566
567    /* Send HCI Command packet to Controller */
568    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
569    if ( err != size) {
570        ALOGE("Failed to set the patch info to the Controller!");
571        goto error;
572    }
573
574    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
575    if ( err < 0) {
576        ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
577        goto error;
578    }
579    ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
580error:
581    return err;
582}
583
584int rome_edl_patch_download_request(int fd)
585{
586    int no_of_patch_segment;
587    int index = 1, err = 0, size = 0;
588    unsigned int p_base_addr;
589    unsigned char cmd[HCI_MAX_CMD_SIZE];
590    unsigned char rsp[HCI_MAX_EVENT_SIZE];
591
592    no_of_patch_segment = (rampatch_patch_info.patch_length /
593        MAX_DATA_PER_SEGMENT);
594    ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
595        __FUNCTION__, no_of_patch_segment,
596    rampatch_patch_info.patch_base_addr);
597
598    /* Initialize the patch base address from the one read from bin file */
599    p_base_addr = rampatch_patch_info.patch_base_addr;
600
601    /*
602    * Depending upon size of the patch payload, download the patches in
603    * segments with a max. size of 239 bytes
604    */
605    for (index = 1; index <= no_of_patch_segment; index++) {
606
607        ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
608
609        /* Frame the HCI CMD PKT to be sent to Controller*/
610        frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
611        index, MAX_DATA_PER_SEGMENT);
612
613        /* Total length of the packet to be sent to the Controller */
614        size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
615
616        /* Initialize the RSP packet everytime to 0 */
617        memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
618
619        /* Send HCI Command packet to Controller */
620        err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
621        if ( err != size) {
622            ALOGE("Failed to send the patch payload to the Controller!");
623            goto error;
624        }
625
626        /* Read Command Complete Event */
627        err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
628        if ( err < 0) {
629            ALOGE("%s: Failed to downlaod patch segment: %d!",
630            __FUNCTION__, index);
631            goto error;
632        }
633        ALOGI("%s: Successfully downloaded patch segment: %d",
634        __FUNCTION__, index);
635    }
636
637    /* Check if any pending patch data to be sent */
638    size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
639        rampatch_patch_info.patch_length :
640        (rampatch_patch_info.patch_length  % MAX_DATA_PER_SEGMENT);
641
642    if (size)
643    {
644        /* Frame the HCI CMD PKT to be sent to Controller*/
645        frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
646
647        /* Initialize the RSP packet everytime to 0 */
648        memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
649
650        /* Total length of the packet to be sent to the Controller */
651        size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
652
653        /* Send HCI Command packet to Controller */
654        err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
655        if ( err != size) {
656            ALOGE("Failed to send the patch payload to the Controller!");
657            goto error;
658        }
659
660        /* Read Command Complete Event */
661        err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
662        if ( err < 0) {
663            ALOGE("%s: Failed to downlaod patch segment: %d!",
664                __FUNCTION__, index);
665            goto error;
666        }
667
668        ALOGI("%s: Successfully downloaded patch segment: %d",
669        __FUNCTION__, index);
670    }
671
672error:
673    return err;
674}
675
676static int rome_download_rampatch(int fd)
677{
678    int c, tmp, size, index, ret = -1;
679
680    ALOGI("%s: ", __FUNCTION__);
681
682    /* Get handle to the RAMPATCH binary file */
683    ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
684    file = fopen(ROME_FW_PATH, "r");
685    if (file == NULL) {
686        ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
687        __FUNCTION__);
688        return -ENFILE;
689    }
690
691    /* Allocate memory for the patch headder info */
692    ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
693    phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
694    if (phdr_buffer == NULL) {
695        ALOGE("%s: Failed to allocate memory for patch header",
696        __FUNCTION__);
697        goto phdr_alloc_failed;
698    }
699    for (index = 0; index < PATCH_HDR_LEN + 1; index++)
700        phdr_buffer[index] = 0x0;
701
702    /* Read 28 bytes of patch header information */
703    ALOGI("%s: Reading patch header info", __FUNCTION__);
704    index = 0;
705    do {
706        c = fgetc (file);
707        phdr_buffer[index++] = (unsigned char)c;
708    } while (index != PATCH_HDR_LEN);
709
710    /* Save the patch header info into local structure */
711    ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
712    rome_extract_patch_header_info((unsigned char *)phdr_buffer);
713
714    /* Set the patch header info onto the Controller */
715    ret = rome_edl_set_patch_request(fd);
716    if (ret < 0) {
717        ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
718        goto pdata_alloc_failed;
719    }
720
721    /* Allocate memory for the patch payload */
722    ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
723    size = rampatch_patch_info.patch_length;
724    pdata_buffer = (unsigned char *) malloc(size+1);
725    if (pdata_buffer == NULL) {
726        ALOGE("%s: Failed to allocate memory for patch payload",
727            __FUNCTION__);
728        goto pdata_alloc_failed;
729    }
730    for (index = 0; index < size+1; index++)
731        pdata_buffer[index] = 0x0;
732
733    /* Read the patch data from Rampatch binary image */
734    ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
735    index = 0;
736    do {
737        c = fgetc (file);
738        pdata_buffer[index++] = (unsigned char)c;
739    } while (c != EOF);
740
741    /* Downloading patches in segments to controller */
742    ret = rome_edl_patch_download_request(fd);
743    if (ret < 0) {
744        ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
745        goto cleanup;
746    }
747cleanup:
748    free(pdata_buffer);
749pdata_alloc_failed:
750    free(phdr_buffer);
751phdr_alloc_failed:
752    fclose(file);
753error:
754    return ret;
755}
756
757int rome_attach_rampatch(int fd)
758{
759    int size, err;
760    unsigned char cmd[HCI_MAX_CMD_SIZE];
761    unsigned char rsp[HCI_MAX_EVENT_SIZE];
762
763    /* Frame the HCI CMD to be sent to the Controller */
764    frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
765        -1, EDL_PATCH_CMD_LEN);
766
767    /* Total length of the packet to be sent to the Controller */
768    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
769
770    /* Send HCI Command packet to Controller */
771    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
772    if ( err != size) {
773        ALOGE("Failed to attach the patch payload to the Controller!");
774        goto error;
775    }
776
777    /* Read Command Complete Event */
778    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
779    if ( err < 0) {
780        ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
781        goto error;
782    }
783error:
784    return err;
785}
786
787int rome_rampatch_reset(int fd)
788{
789    int size, err = 0, flags;
790    unsigned char cmd[HCI_MAX_CMD_SIZE];
791    struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
792
793    /* Frame the HCI CMD to be sent to the Controller */
794    frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
795                                        -1, EDL_PATCH_CMD_LEN);
796
797    /* Total length of the packet to be sent to the Controller */
798    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
799
800    /* Send HCI Command packet to Controller */
801    err = do_write(fd, cmd, size);
802    if (err != size) {
803        ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
804        goto error;
805    }
806
807    /*
808    * Controller doesn't sends any response for the patch reset
809    * command. HOST has to wait for 100ms before proceeding.
810    */
811    nanosleep(&tm, NULL);
812
813error:
814    return err;
815}
816
817int rome_get_tlv_file(char *file_path)
818{
819    FILE * pFile;
820    long fileSize;
821    int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
822    unsigned short nvm_tag_len;
823    tlv_patch_info *ptlv_header;
824    tlv_nvm_hdr *nvm_ptr;
825    unsigned char data_buf[PRINT_BUF_SIZE]={0,};
826    unsigned char *nvm_byte_ptr;
827
828    ALOGI("File Open (%s)", file_path);
829    pFile = fopen ( file_path , "r" );
830    if (pFile==NULL) {;
831        ALOGE("%s File Open Fail", file_path);
832        return -1;
833    }
834
835    /* Get File Size */
836    fseek (pFile , 0 , SEEK_END);
837    fileSize = ftell (pFile);
838    rewind (pFile);
839
840    pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
841    if (pdata_buffer == NULL) {
842        ALOGE("Allocated Memory failed");
843        fclose (pFile);
844        return -1;
845    }
846
847    /* Copy file into allocated buffer */
848    readSize = fread (pdata_buffer,1,fileSize,pFile);
849
850    /* File Close */
851    fclose (pFile);
852
853    if (readSize != fileSize) {
854        ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
855        return -1;
856    }
857
858    ptlv_header = (tlv_patch_info *) pdata_buffer;
859
860    /* To handle different event between rampatch and NVM */
861    gTlv_type = ptlv_header->tlv_type;
862    gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
863
864    if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
865        ALOGI("====================================================");
866        ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
867        ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
868                                                    (ptlv_header->tlv_length2 << 8) |
869                                                    (ptlv_header->tlv_length3 << 16));
870        ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
871        ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
872        ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
873        ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
874        ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
875        ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
876        ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
877        ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
878        ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
879        ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
880        ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
881        ALOGI("====================================================");
882
883    } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
884        ALOGI("====================================================");
885        ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
886        ALOGI("Length\t\t\t : %d bytes",  nvm_length = (ptlv_header->tlv_length1) |
887                                                    (ptlv_header->tlv_length2 << 8) |
888                                                    (ptlv_header->tlv_length3 << 16));
889
890        if(nvm_length <= 0)
891            return readSize;
892
893       for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
894             nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
895       {
896            ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
897            ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
898            ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
899            ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
900
901            /* Increase nvm_index to NVM data */
902            nvm_index+=sizeof(tlv_nvm_hdr);
903            nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
904
905            /* Write BD Address */
906            if(nvm_ptr->tag_id == TAG_NUM_2){
907                memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
908                ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
909                    *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
910                    *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
911            }
912
913            for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
914                snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
915
916            ALOGI("TAG Data\t\t\t : %s", data_buf);
917
918            /* Clear buffer */
919            memset(data_buf, 0x0, PRINT_BUF_SIZE);
920
921            /* increased by tag_len */
922            nvm_index+=nvm_ptr->tag_len;
923            nvm_byte_ptr +=nvm_ptr->tag_len;
924        }
925
926        ALOGI("====================================================");
927
928    } else {
929        ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
930    }
931
932    return readSize;
933}
934
935int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
936{
937    int size=0, err = -1;
938    unsigned char cmd[HCI_MAX_CMD_SIZE];
939    unsigned char rsp[HCI_MAX_EVENT_SIZE];
940
941    ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
942
943    /* Frame the HCI CMD PKT to be sent to Controller*/
944    frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
945
946    /* Total length of the packet to be sent to the Controller */
947    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
948
949    /* Initialize the RSP packet everytime to 0 */
950    memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
951
952    /* Send HCI Command packet to Controller */
953    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
954    if ( err != size) {
955        ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
956        return err;
957    }
958
959    if(wait_cc_evt) {
960        err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
961        if ( err < 0) {
962            ALOGE("%s: Failed to downlaod patch segment: %d!",  __FUNCTION__, index);
963            return err;
964        }
965    }
966
967    ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
968    return err;
969}
970
971int rome_tlv_dnld_req(int fd, int tlv_size)
972{
973    int  total_segment, remain_size, i, err = -1;
974    unsigned char wait_cc_evt;
975
976    total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
977    remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
978        tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
979
980    ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
981        __FUNCTION__,tlv_size, total_segment, remain_size);
982
983    if (gTlv_type == TLV_TYPE_PATCH) {
984       /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
985        * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
986        * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
987        */
988       switch(gTlv_dwndCfg)
989       {
990           case ROME_SKIP_EVT_NONE:
991              wait_vsc_evt = TRUE;
992              wait_cc_evt = TRUE;
993              ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
994              break;
995           case ROME_SKIP_EVT_VSE_CC:
996              wait_vsc_evt = FALSE;
997              wait_cc_evt = FALSE;
998              ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
999              break;
1000           /* Not handled for now */
1001           case ROME_SKIP_EVT_VSE:
1002           case ROME_SKIP_EVT_CC:
1003           default:
1004              ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
1005              break;
1006       }
1007    } else {
1008        wait_vsc_evt = TRUE;
1009        wait_cc_evt = TRUE;
1010    }
1011
1012    for(i=0;i<total_segment ;i++){
1013        if ((i+1) == total_segment) {
1014             if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1015               /* If the Rome version is from 1.1 to 3.1
1016                * 1. No CCE for the last command segment but all other segment
1017                * 2. All the command segments get VSE including the last one
1018                */
1019                wait_cc_evt = !remain_size ? FALSE: TRUE;
1020             } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1021                /* If the Rome version is 3.2
1022                 * 1. None of the command segments receive CCE
1023                 * 2. No command segments receive VSE except the last one
1024                 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1025                 *    same as Rome 2.1, 2.2, 3.0
1026                 */
1027                 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1028                    wait_cc_evt = !remain_size ? FALSE: TRUE;
1029                 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1030                    wait_vsc_evt = !remain_size ? TRUE: FALSE;
1031                 }
1032             }
1033        }
1034
1035        patch_dnld_pending = TRUE;
1036        if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1037            goto error;
1038        patch_dnld_pending = FALSE;
1039    }
1040
1041    if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1042       /* If the Rome version is from 1.1 to 3.1
1043        * 1. No CCE for the last command segment but all other segment
1044        * 2. All the command segments get VSE including the last one
1045        */
1046        wait_cc_evt = remain_size ? FALSE: TRUE;
1047    } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1048        /* If the Rome version is 3.2
1049         * 1. None of the command segments receive CCE
1050         * 2. No command segments receive VSE except the last one
1051         * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1052         *    same as Rome 2.1, 2.2, 3.0
1053         */
1054        if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1055           wait_cc_evt = remain_size ? FALSE: TRUE;
1056        } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1057           wait_vsc_evt = remain_size ? TRUE: FALSE;
1058        }
1059    }
1060    patch_dnld_pending = TRUE;
1061    if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1062    patch_dnld_pending = FALSE;
1063error:
1064    if(patch_dnld_pending) patch_dnld_pending = FALSE;
1065    return err;
1066}
1067
1068int rome_download_tlv_file(int fd)
1069{
1070    int tlv_size, err = -1;
1071
1072    /* Rampatch TLV file Downloading */
1073    pdata_buffer = NULL;
1074    if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1075        goto error;
1076
1077    if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1078        goto error;
1079
1080    if (pdata_buffer != NULL){
1081        free (pdata_buffer);
1082        pdata_buffer = NULL;
1083    }
1084    /* NVM TLV file Downloading */
1085    if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1086        goto error;
1087
1088    if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1089        goto error;
1090
1091error:
1092    if (pdata_buffer != NULL)
1093        free (pdata_buffer);
1094
1095    return err;
1096}
1097
1098int rome_1_0_nvm_tag_dnld(int fd)
1099{
1100    int i, size, err = 0;
1101    unsigned char cmd[HCI_MAX_CMD_SIZE];
1102    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1103
1104#if (NVM_VERSION >= ROME_1_0_100019)
1105    unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1106    {
1107        /* Tag 2 */ /* BD Address */
1108        {  /* Packet Type */HCI_COMMAND_PKT,
1109            /* Opcode */       0x0b,0xfc,
1110            /* Total Len */     9,
1111            /* NVM CMD */    NVM_ACCESS_SET,
1112            /* Tag Num */     2,
1113            /* Tag Len */      6,
1114            /* Tag Value */   0x77,0x78,0x23,0x01,0x56,0x22
1115         },
1116        /* Tag 6 */ /* Bluetooth Support Features */
1117        {  /* Packet Type */HCI_COMMAND_PKT,
1118            /* Opcode */       0x0b,0xfc,
1119            /* Total Len */     11,
1120            /* NVM CMD */    NVM_ACCESS_SET,
1121            /* Tag Num */     6,
1122            /* Tag Len */      8,
1123            /* Tag Value */   0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1124         },
1125        /* Tag 17 */ /* HCI Transport Layer Setting */
1126        {  /* Packet Type */HCI_COMMAND_PKT,
1127            /* Opcode */       0x0b,0xfc,
1128            /* Total Len */     11,
1129            /* NVM CMD */    NVM_ACCESS_SET,
1130            /* Tag Num */     17,
1131            /* Tag Len */      8,
1132            /* Tag Value */   0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1133         },
1134        /* Tag 35 */
1135        {  /* Packet Type */HCI_COMMAND_PKT,
1136            /* Opcode */       0x0b,0xfc,
1137            /* Total Len */     58,
1138            /* NVM CMD */    NVM_ACCESS_SET,
1139            /* Tag Num */     35,
1140            /* Tag Len */      55,
1141            /* Tag Value */   0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1142                                      0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1143                                      0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1144                                      0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1145                                      0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1146                                      0x1B, 0x14, 0x01, 0x04, 0x48
1147         },
1148        /* Tag 36 */
1149        {  /* Packet Type */HCI_COMMAND_PKT,
1150            /* Opcode */       0x0b,0xfc,
1151            /* Total Len */     15,
1152            /* NVM CMD */    NVM_ACCESS_SET,
1153            /* Tag Num */     36,
1154            /* Tag Len */      12,
1155            /* Tag Value */   0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1156         },
1157        /* Tag 39 */
1158        {  /* Packet Type */HCI_COMMAND_PKT,
1159            /* Opcode */       0x0b,0xfc,
1160            /* Total Len */     7,
1161            /* NVM CMD */    NVM_ACCESS_SET,
1162            /* Tag Num */     39,
1163            /* Tag Len */      4,
1164            /* Tag Value */   0x12,0x00,0x00,0x00
1165         },
1166        /* Tag 41 */
1167        {  /* Packet Type */HCI_COMMAND_PKT,
1168            /* Opcode */       0x0b,0xfc,
1169            /* Total Len */     91,
1170            /* NVM CMD */    NVM_ACCESS_SET,
1171            /* Tag Num */     41,
1172            /* Tag Len */      88,
1173            /* Tag Value */   0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1174                                      0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1175                                      0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1176                                      0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1177                                      0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1178                                      0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1179                                      0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1180                                      0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1181                                      0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1182         },
1183        /* Tag 42 */
1184        {  /* Packet Type */HCI_COMMAND_PKT,
1185            /* Opcode */       0x0b,0xfc,
1186            /* Total Len */     63,
1187            /* NVM CMD */    NVM_ACCESS_SET,
1188            /* Tag Num */     42,
1189            /* Tag Len */      60,
1190            /* Tag Value */   0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1191                                      0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1192                                      0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1193                                      0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1194                                      0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1195                                      0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1196         },
1197        /* Tag 84 */
1198        {  /* Packet Type */HCI_COMMAND_PKT,
1199            /* Opcode */       0x0b,0xfc,
1200            /* Total Len */     153,
1201            /* NVM CMD */    NVM_ACCESS_SET,
1202            /* Tag Num */     84,
1203            /* Tag Len */      150,
1204            /* Tag Value */   0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1205                                      0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1206                                      0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1207                                      0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1208                                      0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1209                                      0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1210                                      0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1211                                      0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1212                                      0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1213                                      0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1214                                      0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1215                                      0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1216                                      0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1217                                      0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1218                                      0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1219         },
1220        /* Tag 85 */
1221        {  /* Packet Type */HCI_COMMAND_PKT,
1222            /* Opcode */       0x0b,0xfc,
1223            /* Total Len */     119,
1224            /* NVM CMD */    NVM_ACCESS_SET,
1225            /* Tag Num */     85,
1226            /* Tag Len */      116,
1227            /* Tag Value */   0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1228                                      0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1229                                      0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1230                                      0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1231                                      0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1232                                      0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1233                                      0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1234                                      0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1235                                      0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1236                                      0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1237                                      0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1238                                      0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1239         },
1240        {TAG_END}
1241    };
1242#elif (NVM_VERSION == ROME_1_0_6002)
1243    unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1244    {
1245        /* Tag 2 */
1246        {  /* Packet Type */HCI_COMMAND_PKT,
1247            /* Opcode */       0x0b,0xfc,
1248            /* Total Len */     9,
1249            /* NVM CMD */    NVM_ACCESS_SET,
1250            /* Tag Num */     2,
1251            /* Tag Len */      6,
1252            /* Tag Value */   0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1253         },
1254        /* Tag 6 */
1255        {  /* Packet Type */HCI_COMMAND_PKT,
1256            /* Opcode */       0x0b,0xfc,
1257            /* Total Len */     11,
1258            /* NVM CMD */    NVM_ACCESS_SET,
1259            /* Tag Num */     6,
1260            /* Tag Len */      8,
1261            /* Tag Value */   0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1262         },
1263        /* Tag 17 */
1264        {  /* Packet Type */HCI_COMMAND_PKT,
1265            /* Opcode */       0x0b,0xfc,
1266            /* Total Len */     11,
1267            /* NVM CMD */    NVM_ACCESS_SET,
1268            /* Tag Num */     17,
1269            /* Tag Len */      8,
1270            /* Tag Value */   0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1271         },
1272        /* Tag 36 */
1273        {  /* Packet Type */HCI_COMMAND_PKT,
1274            /* Opcode */       0x0b,0xfc,
1275            /* Total Len */     15,
1276            /* NVM CMD */    NVM_ACCESS_SET,
1277            /* Tag Num */     36,
1278            /* Tag Len */      12,
1279            /* Tag Value */   0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1280         },
1281
1282        /* Tag 39 */
1283        {  /* Packet Type */HCI_COMMAND_PKT,
1284            /* Opcode */       0x0b,0xfc,
1285            /* Total Len */     7,
1286            /* NVM CMD */    NVM_ACCESS_SET,
1287            /* Tag Num */     39,
1288            /* Tag Len */      4,
1289            /* Tag Value */   0x12,0x00,0x00,0x00
1290         },
1291
1292        /* Tag 41 */
1293        {  /* Packet Type */HCI_COMMAND_PKT,
1294            /* Opcode */       0x0b,0xfc,
1295            /* Total Len */     199,
1296            /* NVM CMD */    NVM_ACCESS_SET,
1297            /* Tag Num */     41,
1298            /* Tag Len */      196,
1299            /* Tag Value */   0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1300                                      0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1301                                      0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1302                                      0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1303                                      0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1304                                      0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1305                                      0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1306                                      0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1307                                      0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1308                                      0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1309                                      0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1310                                      0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1311                                      0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1312                                      0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1313                                      0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1314                                      0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1315                                      0x0B,0x01,0x03,0x00
1316         },
1317
1318        /* Tag 44 */
1319        {  /* Packet Type */HCI_COMMAND_PKT,
1320            /* Opcode */       0x0b,0xfc,
1321            /* Total Len */     44,
1322            /* NVM CMD */    NVM_ACCESS_SET,
1323            /* Tag Num */     44,
1324            /* Tag Len */      41,
1325            /* Tag Value */   0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1326                                      0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1327                                      0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1328                                      0x00,0x14,0x01,0x02,0x03
1329         },
1330        {TAG_END}
1331    };
1332#endif
1333
1334    ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1335
1336    for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1337    {
1338        /* Write BD Address */
1339        if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1340            memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1341            ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1342                cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1343                cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1344                cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1345        }
1346        size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1347        /* Send HCI Command packet to Controller */
1348        err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1349        if ( err != size) {
1350            ALOGE("Failed to attach the patch payload to the Controller!");
1351            goto error;
1352        }
1353
1354        /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1355        err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1356        if ( err < 0) {
1357            ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1358            goto error;
1359        }
1360    }
1361
1362error:
1363    return err;
1364}
1365
1366
1367
1368int rome_patch_ver_req(int fd)
1369{
1370    int size, err = 0;
1371    unsigned char cmd[HCI_MAX_CMD_SIZE];
1372    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1373
1374    /* Frame the HCI CMD to be sent to the Controller */
1375    frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1376    -1, EDL_PATCH_CMD_LEN);
1377
1378    /* Total length of the packet to be sent to the Controller */
1379    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1380
1381    /* Send HCI Command packet to Controller */
1382    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1383    if ( err != size) {
1384        ALOGE("Failed to attach the patch payload to the Controller!");
1385        goto error;
1386    }
1387
1388    /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1389    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1390    if ( err < 0) {
1391        ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1392        goto error;
1393    }
1394error:
1395    return err;
1396
1397}
1398
1399int rome_get_build_info_req(int fd)
1400{
1401    int size, err = 0;
1402    unsigned char cmd[HCI_MAX_CMD_SIZE];
1403    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1404
1405    /* Frame the HCI CMD to be sent to the Controller */
1406    frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1407    -1, EDL_PATCH_CMD_LEN);
1408
1409    /* Total length of the packet to be sent to the Controller */
1410    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1411
1412    /* Send HCI Command packet to Controller */
1413    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1414    if ( err != size) {
1415        ALOGE("Failed to send get build info cmd to the SoC!");
1416        goto error;
1417    }
1418
1419    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1420    if ( err < 0) {
1421        ALOGE("%s: Failed to get build info", __FUNCTION__);
1422        goto error;
1423    }
1424error:
1425    return err;
1426
1427}
1428
1429
1430int rome_set_baudrate_req(int fd)
1431{
1432    int size, err = 0;
1433    unsigned char cmd[HCI_MAX_CMD_SIZE];
1434    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1435    hci_command_hdr *cmd_hdr;
1436    int flags;
1437
1438    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1439
1440    cmd_hdr = (void *) (cmd + 1);
1441    cmd[0]  = HCI_COMMAND_PKT;
1442    cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1443    cmd_hdr->plen     = VSC_SET_BAUDRATE_REQ_LEN;
1444    cmd[4]  = BAUDRATE_3000000;
1445
1446    /* Total length of the packet to be sent to the Controller */
1447    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1448    tcflush(fd,TCIOFLUSH);
1449    /* Flow off during baudrate change */
1450    if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1451    {
1452      ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1453      goto error;
1454    }
1455
1456    /* Send the HCI command packet to UART for transmission */
1457    err = do_write(fd, cmd, size);
1458    if (err != size) {
1459        ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1460        goto error;
1461    }
1462
1463    /* Change Local UART baudrate to high speed UART */
1464    userial_vendor_set_baud(USERIAL_BAUD_3M);
1465
1466    /* Flow on after changing local uart baudrate */
1467    if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1468    {
1469        ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1470        return err;
1471    }
1472
1473    /* Check for response from the Controller */
1474    if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1475            ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1476            goto error;
1477    }
1478
1479    ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1480
1481    /* Wait for command complete event */
1482    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1483    if ( err < 0) {
1484        ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1485        goto error;
1486    }
1487
1488error:
1489    return err;
1490
1491}
1492
1493
1494int rome_hci_reset_req(int fd)
1495{
1496    int size, err = 0;
1497    unsigned char cmd[HCI_MAX_CMD_SIZE];
1498    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1499    hci_command_hdr *cmd_hdr;
1500    int flags;
1501
1502    ALOGI("%s: HCI RESET ", __FUNCTION__);
1503
1504    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1505
1506    cmd_hdr = (void *) (cmd + 1);
1507    cmd[0]  = HCI_COMMAND_PKT;
1508    cmd_hdr->opcode = HCI_RESET;
1509    cmd_hdr->plen   = 0;
1510
1511    /* Total length of the packet to be sent to the Controller */
1512    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1513
1514    /* Flow off during baudrate change */
1515    if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1516    {
1517      ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1518      goto error;
1519    }
1520
1521    /* Send the HCI command packet to UART for transmission */
1522    ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1523    err = do_write(fd, cmd, size);
1524    if (err != size) {
1525        ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1526        goto error;
1527    }
1528
1529    /* Change Local UART baudrate to high speed UART */
1530    userial_vendor_set_baud(USERIAL_BAUD_3M);
1531
1532    /* Flow on after changing local uart baudrate */
1533    if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1534    {
1535        ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1536        return err;
1537    }
1538
1539    /* Wait for command complete event */
1540    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1541    if ( err < 0) {
1542        ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1543        goto error;
1544    }
1545
1546error:
1547    return err;
1548
1549}
1550
1551
1552int rome_hci_reset(int fd)
1553{
1554    int size, err = 0;
1555    unsigned char cmd[HCI_MAX_CMD_SIZE];
1556    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1557    hci_command_hdr *cmd_hdr;
1558    int flags;
1559
1560    ALOGI("%s: HCI RESET ", __FUNCTION__);
1561
1562    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1563
1564    cmd_hdr = (void *) (cmd + 1);
1565    cmd[0]  = HCI_COMMAND_PKT;
1566    cmd_hdr->opcode = HCI_RESET;
1567    cmd_hdr->plen   = 0;
1568
1569    /* Total length of the packet to be sent to the Controller */
1570    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1571    err = do_write(fd, cmd, size);
1572    if (err != size) {
1573        ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1574        err = -1;
1575        goto error;
1576    }
1577
1578    /* Wait for command complete event */
1579    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1580    if ( err < 0) {
1581        ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1582        goto error;
1583    }
1584
1585error:
1586    return err;
1587
1588}
1589
1590int rome_wipower_current_charging_status_req(int fd)
1591{
1592    int size, err = 0;
1593    unsigned char cmd[HCI_MAX_CMD_SIZE];
1594    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1595    hci_command_hdr *cmd_hdr;
1596    int flags;
1597
1598    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1599
1600    cmd_hdr = (void *) (cmd + 1);
1601    cmd[0]  = HCI_COMMAND_PKT;
1602    cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1603    cmd_hdr->plen     = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1604    cmd[4]  = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1605
1606    /* Total length of the packet to be sent to the Controller */
1607    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1608
1609    ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1610    ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1611
1612    err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1613    if ( err != size) {
1614        ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1615        goto error;
1616    }
1617
1618    /* Check for response from the Controller */
1619    if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1620        err = -ETIMEDOUT;
1621        ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1622        goto error;
1623    }
1624
1625    /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1626    if (rsp[4] >= NON_WIPOWER_MODE) {
1627        err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1628        if (err < 0) {
1629            ALOGE("%s: Failed to get charging status", __FUNCTION__);
1630            goto error;
1631        }
1632    }
1633
1634error:
1635    return err;
1636}
1637
1638int addon_feature_req(int fd)
1639{
1640    int size, err = 0;
1641    unsigned char cmd[HCI_MAX_CMD_SIZE];
1642    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1643    hci_command_hdr *cmd_hdr;
1644    int flags;
1645
1646    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1647
1648    cmd_hdr = (void *) (cmd + 1);
1649    cmd[0]  = HCI_COMMAND_PKT;
1650    cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1651    cmd_hdr->plen     = 0x00;
1652
1653    /* Total length of the packet to be sent to the Controller */
1654    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1655
1656    ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1657    ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1658    err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1659    if ( err != size) {
1660        ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1661        goto error;
1662    }
1663
1664    err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1665    if (err < 0) {
1666        ALOGE("%s: Failed to get feature request", __FUNCTION__);
1667        goto error;
1668    }
1669error:
1670    return err;
1671}
1672
1673
1674int check_embedded_mode(int fd) {
1675    int err = 0;
1676
1677    wipower_flag = 0;
1678    /* Get current wipower charging status */
1679    if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1680    {
1681        ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1682    }
1683    usleep(500);
1684
1685    ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1686
1687    return wipower_flag;
1688}
1689
1690int rome_get_addon_feature_list(fd) {
1691    int err = 0;
1692
1693    /* Get addon features that are supported by FW */
1694    if ((err = addon_feature_req(fd)) < 0)
1695    {
1696        ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1697    }
1698    return err;
1699}
1700
1701int rome_wipower_forward_handoff_req(int fd)
1702{
1703    int size, err = 0;
1704    unsigned char cmd[HCI_MAX_CMD_SIZE];
1705    unsigned char rsp[HCI_MAX_EVENT_SIZE];
1706    hci_command_hdr *cmd_hdr;
1707    int flags;
1708
1709    memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1710
1711    cmd_hdr = (void *) (cmd + 1);
1712    cmd[0]  = HCI_COMMAND_PKT;
1713    cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1714    cmd_hdr->plen     = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1715    cmd[4]  = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1716
1717    /* Total length of the packet to be sent to the Controller */
1718    size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1719
1720    ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1721    ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1722    err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1723    if ( err != size) {
1724        ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1725        goto error;
1726    }
1727
1728    /* Check for response from the Controller */
1729    if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1730        err = -ETIMEDOUT;
1731        ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1732        goto error;
1733    }
1734
1735error:
1736    return err;
1737}
1738
1739
1740void enable_controller_log (int fd, unsigned char wait_for_evt)
1741{
1742   int ret = 0;
1743   /* VS command to enable controller logging to the HOST. By default it is disabled */
1744   unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1745   unsigned char rsp[HCI_MAX_EVENT_SIZE];
1746   char value[PROPERTY_VALUE_MAX] = {'\0'};
1747
1748   property_get("persist.service.bdroid.soclog", value, "false");
1749
1750   // value at cmd[5]: 1 - to enable, 0 - to disable
1751   ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1752   ALOGI("%s: %d", __func__, ret);
1753   /* Ignore vsc evt if wait_for_evt is true */
1754   if (wait_for_evt) wait_vsc_evt = FALSE;
1755
1756   ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1757   if (ret != 6) {
1758       ALOGE("%s: command failed", __func__);
1759   }
1760   /*Ignore hci_event if wait_for_evt is true*/
1761   if (wait_for_evt)
1762       goto end;
1763   ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1764   if (ret < 0) {
1765       ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1766   }
1767end:
1768   wait_vsc_evt = TRUE;
1769   return;
1770}
1771
1772
1773static int disable_internal_ldo(int fd)
1774{
1775    int ret = 0;
1776    if (enable_extldo) {
1777        unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1778        unsigned char rsp[HCI_MAX_EVENT_SIZE];
1779
1780        ALOGI(" %s ", __FUNCTION__);
1781        ret = do_write(fd, cmd, 5);
1782        if (ret != 5) {
1783            ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1784            ret = -1;
1785        } else {
1786            /* Wait for command complete event */
1787            ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1788            if ( ret < 0) {
1789                ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1790            }
1791        }
1792    }
1793    return ret;
1794}
1795
1796int rome_soc_init(int fd, char *bdaddr)
1797{
1798    int err = -1, size = 0;
1799    dnld_fd = fd;
1800    ALOGI(" %s ", __FUNCTION__);
1801
1802    /* If wipower charging is going on in embedded mode then start hand off req */
1803    if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1804    {
1805        wipower_flag = 0;
1806        wipower_handoff_ready = 0;
1807        if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1808        {
1809            ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1810        }
1811    }
1812
1813    /* Get Rome version information */
1814    if((err = rome_patch_ver_req(fd)) <0){
1815        ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1816        goto error;
1817    }
1818
1819    ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1820
1821    switch (rome_ver){
1822        case ROME_VER_1_0:
1823            {
1824                /* Set and Download the RAMPATCH */
1825                ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1826                err = rome_download_rampatch(fd);
1827                if (err < 0) {
1828                    ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1829                    goto error;
1830                }
1831                ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1832
1833                /* Attach the RAMPATCH */
1834                ALOGI("%s: Attaching the patches", __FUNCTION__);
1835                err = rome_attach_rampatch(fd);
1836                if (err < 0) {
1837                    ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1838                    goto error;
1839                }
1840                ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1841
1842                /* Send Reset */
1843                size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1844                err = rome_rampatch_reset(fd);
1845                if ( err < 0 ) {
1846                    ALOGE("Failed to RESET after RAMPATCH upgrade!");
1847                    goto error;
1848                }
1849
1850                /* NVM download */
1851                ALOGI("%s: Downloading NVM", __FUNCTION__);
1852                err = rome_1_0_nvm_tag_dnld(fd);
1853                if ( err <0 ) {
1854                    ALOGE("Downloading NVM Failed !!");
1855                    goto error;
1856                }
1857
1858                /* Change baud rate 115.2 kbps to 3Mbps*/
1859                err = rome_hci_reset_req(fd);
1860                if (err < 0) {
1861                    ALOGE("HCI Reset Failed !!");
1862                    goto error;
1863                }
1864
1865                ALOGI("HCI Reset is done\n");
1866            }
1867            break;
1868        case ROME_VER_1_1:
1869            rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1870            nvm_file_path = ROME_NVM_TLV_PATH;
1871            goto download;
1872        case ROME_VER_1_3:
1873            rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1874            nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1875            goto download;
1876        case ROME_VER_2_1:
1877            rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1878            nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1879            goto download;
1880        case ROME_VER_3_0:
1881            rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1882            nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1883            fw_su_info = ROME_3_1_FW_SU;
1884            fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1885            goto download;
1886        case ROME_VER_3_2:
1887            rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1888            nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1889            fw_su_info = ROME_3_2_FW_SU;
1890            fw_su_offset =  ROME_3_2_FW_SW_OFFSET;
1891
1892download:
1893            /* Change baud rate 115.2 kbps to 3Mbps*/
1894            err = rome_set_baudrate_req(fd);
1895            if (err < 0) {
1896                ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1897                goto error;
1898            }
1899            ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1900            /* Donwload TLV files (rampatch, NVM) */
1901            err = rome_download_tlv_file(fd);
1902            if (err < 0) {
1903                ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1904                goto error;
1905            }
1906            ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1907
1908            /* Get SU FM label information */
1909            if((err = rome_get_build_info_req(fd)) <0){
1910                ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1911                //Ignore the failure of ROME FW SU label information
1912                err = 0;
1913            }
1914
1915            /* Disable internal LDO to use external LDO instead*/
1916            err = disable_internal_ldo(fd);
1917
1918            /* Send HCI Reset */
1919            err = rome_hci_reset(fd);
1920            if ( err <0 ) {
1921                ALOGE("HCI Reset Failed !!");
1922                goto error;
1923            }
1924
1925            ALOGI("HCI Reset is done\n");
1926
1927            break;
1928        case ROME_VER_UNKNOWN:
1929        default:
1930            ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1931            err = -1;
1932            break;
1933    }
1934
1935error:
1936    dnld_fd = -1;
1937    return err;
1938}
1939