1/* 2 * 3 * Copyright (c) 2013, The Linux Foundation. All rights reserved. 4 * Not a Contribution. 5 * 6 * Copyright 2012 The Android Open Source Project 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you 9 * may not use this file except in compliance with the License. You may 10 * obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * permissions and limitations under the License. 19 * 20 */ 21 22/****************************************************************************** 23 * 24 * Filename: hw_rome.c 25 * 26 * Description: Contains controller-specific functions, like 27 * firmware patch download 28 * low power mode operations 29 * 30 ******************************************************************************/ 31#ifdef __cplusplus 32extern "C" { 33#endif 34 35#define LOG_TAG "bt_vendor" 36 37#include <sys/socket.h> 38#include <utils/Log.h> 39#include <sys/types.h> 40#include <sys/stat.h> 41#include <signal.h> 42#include <time.h> 43#include <errno.h> 44#include <fcntl.h> 45#include <dirent.h> 46#include <ctype.h> 47#include <cutils/properties.h> 48#include <stdlib.h> 49#include <string.h> 50#include <termios.h> 51#include <stdbool.h> 52 53#include "bt_hci_bdroid.h" 54#include "bt_vendor_qcom.h" 55#include "hci_uart.h" 56#include "hw_rome.h" 57 58#ifdef __cplusplus 59} 60#endif 61 62/****************************************************************************** 63** Variables 64******************************************************************************/ 65FILE *file; 66unsigned char *phdr_buffer; 67unsigned char *pdata_buffer = NULL; 68patch_info rampatch_patch_info; 69int rome_ver = ROME_VER_UNKNOWN; 70unsigned char gTlv_type; 71unsigned char gTlv_dwndCfg; 72static unsigned int wipower_flag = 0; 73static unsigned int wipower_handoff_ready = 0; 74char *rampatch_file_path; 75char *nvm_file_path; 76char *fw_su_info = NULL; 77unsigned short fw_su_offset =0; 78extern char enable_extldo; 79unsigned char wait_vsc_evt = TRUE; 80 81/****************************************************************************** 82** Extern variables 83******************************************************************************/ 84extern uint8_t vnd_local_bd_addr[6]; 85 86/***************************************************************************** 87** Functions 88*****************************************************************************/ 89int do_write(int fd, unsigned char *buf,int len) 90{ 91 int ret = 0; 92 int write_offset = 0; 93 int write_len = len; 94 do { 95 ret = write(fd,buf+write_offset,write_len); 96 if (ret < 0) 97 { 98 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno)); 99 return -1; 100 } else if (ret == 0) { 101 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno)); 102 return 0; 103 } else { 104 if (ret < write_len) { 105 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret, 106 strerror(errno)); 107 write_len = write_len - ret; 108 write_offset = ret; 109 } else { 110 ALOGV("Write successful"); 111 break; 112 } 113 } 114 } while(1); 115 return len; 116} 117 118int get_vs_hci_event(unsigned char *rsp) 119{ 120 int err = 0; 121 unsigned char paramlen = 0; 122 unsigned char EMBEDDED_MODE_CHECK = 0x02; 123 FILE *btversionfile = 0; 124 unsigned int soc_id = 0; 125 unsigned int productid = 0; 126 unsigned short patchversion = 0; 127 char build_label[255]; 128 int build_lbl_len; 129 130 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE)) 131 ALOGV("%s: Received HCI-Vendor Specific event", __FUNCTION__); 132 else { 133 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__); 134 err = -EIO; 135 goto failed; 136 } 137 138 ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN], 139 rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]); 140 141 /* Check the status of the operation */ 142 switch ( rsp[CMD_RSP_OFFSET] ) 143 { 144 case EDL_CMD_REQ_RES_EVT: 145 ALOGV("%s: Command Request Response", __FUNCTION__); 146 switch(rsp[RSP_TYPE_OFFSET]) 147 { 148 case EDL_PATCH_VER_RES_EVT: 149 case EDL_APP_VER_RES_EVT: 150 ALOGI("\t Current Product ID\t\t: 0x%08x", 151 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 | 152 rsp[PATCH_PROD_ID_OFFSET+2] << 16 | 153 rsp[PATCH_PROD_ID_OFFSET+1] << 8 | 154 rsp[PATCH_PROD_ID_OFFSET] )); 155 156 /* Patch Version indicates FW patch version */ 157 ALOGI("\t Current Patch Version\t\t: 0x%04x", 158 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 | 159 rsp[PATCH_PATCH_VER_OFFSET] ))); 160 161 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */ 162 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver = 163 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 | 164 rsp[PATCH_ROM_BUILD_VER_OFFSET] )); 165 166 /* In case rome 1.0/1.1, there is no SOC ID version available */ 167 if (paramlen - 10) 168 { 169 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id = 170 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 | 171 rsp[PATCH_SOC_VER_OFFSET+2] << 16 | 172 rsp[PATCH_SOC_VER_OFFSET+1] << 8 | 173 rsp[PATCH_SOC_VER_OFFSET] )); 174 } 175 176 /* Rome Chipset Version can be decided by Patch version and SOC version, 177 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be 178 used for SOC as combination for BT host driver */ 179 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff); 180 break; 181 case EDL_TVL_DNLD_RES_EVT: 182 case EDL_CMD_EXE_STATUS_EVT: 183 switch (err = rsp[CMD_STATUS_OFFSET]) 184 { 185 case HCI_CMD_SUCCESS: 186 ALOGV("%s: Download Packet successfully!", __FUNCTION__); 187 break; 188 case PATCH_LEN_ERROR: 189 ALOGI("%s: Invalid patch length argument passed for EDL PATCH " 190 "SET REQ cmd", __FUNCTION__); 191 break; 192 case PATCH_VER_ERROR: 193 ALOGI("%s: Invalid patch version argument passed for EDL PATCH " 194 "SET REQ cmd", __FUNCTION__); 195 break; 196 case PATCH_CRC_ERROR: 197 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__); 198 break; 199 case PATCH_NOT_FOUND: 200 ALOGI("%s: Invalid patch data!!!", __FUNCTION__); 201 break; 202 case TLV_TYPE_ERROR: 203 ALOGI("%s: TLV Type Error !!!", __FUNCTION__); 204 break; 205 default: 206 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err); 207 break; 208 } 209 break; 210 case HCI_VS_GET_BUILD_VER_EVT: 211 build_lbl_len = rsp[5]; 212 memcpy (build_label, &rsp[6], build_lbl_len); 213 *(build_label+build_lbl_len) = '\0'; 214 215 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len); 216 break; 217 } 218 break; 219 220 case NVM_ACCESS_CODE: 221 ALOGI("%s: NVM Access Code!!!", __FUNCTION__); 222 err = HCI_CMD_SUCCESS; 223 break; 224 case EDL_SET_BAUDRATE_RSP_EVT: 225 /* Rome 1.1 has bug with the response, so it should ignore it. */ 226 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS) 227 { 228 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__, 229 rsp[CMD_STATUS_OFFSET]); 230 err = -1; 231 } 232 break; 233 case EDL_WIP_QUERY_CHARGING_STATUS_EVT: 234 /*TODO: rsp code 00 mean no charging 235 this is going to change in FW soon*/ 236 if (rsp[4] != EMBEDDED_MODE_CHECK) 237 { 238 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__); 239 wipower_handoff_ready = rsp[4]; 240 wipower_flag = 1; 241 } 242 break; 243 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT: 244 /*TODO: rsp code 00 mean no charging 245 this is going to change in FW soon*/ 246 if (rsp[4] == NON_WIPOWER_MODE) 247 { 248 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__); 249 } 250 break; 251 case HCI_VS_GET_ADDON_FEATURES_EVENT: 252 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK)) 253 { 254 ALOGD("%s: WiPower feature supported!!", __FUNCTION__); 255 property_set("persist.bluetooth.a4wp", "true"); 256 } 257 break; 258 default: 259 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 260 err = -1; 261 break; 262 } 263 264failed: 265 return err; 266} 267 268 269/* 270 * Read an VS HCI event from the given file descriptor. 271 */ 272int read_vs_hci_event(int fd, unsigned char* buf, int size) 273{ 274 int remain, r; 275 int count = 0, i; 276 277 if (size <= 0) { 278 ALOGE("Invalid size arguement!"); 279 return -1; 280 } 281 282 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__); 283 284 /* The first byte identifies the packet type. For HCI event packets, it 285 * should be 0x04, so we read until we get to the 0x04. */ 286 /* It will keep reading until find 0x04 byte */ 287 while (1) { 288 r = read(fd, buf, 1); 289 if (r <= 0) 290 return -1; 291 if (buf[0] == 0x04) 292 break; 293 } 294 count++; 295 296 /* The next two bytes are the event code and parameter total length. */ 297 while (count < 3) { 298 r = read(fd, buf + count, 3 - count); 299 if ((r <= 0) || (buf[1] != 0xFF )) { 300 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]); 301 return -1; 302 } 303 count += r; 304 } 305 306 /* Now we read the parameters. */ 307 if (buf[2] < (size - 3)) 308 remain = buf[2]; 309 else 310 remain = size - 3; 311 312 while ((count - 3) < remain) { 313 r = read(fd, buf + count, remain - (count - 3)); 314 if (r <= 0) 315 return -1; 316 count += r; 317 } 318 319 /* Check if the set patch command is successful or not */ 320 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS) 321 return -1; 322 323 return count; 324} 325 326/* 327 * For Hand-Off related Wipower commands, Command complete arrives first and 328 * the followd with VS event 329 * 330 */ 331int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 332{ 333 int ret = 0; 334 int err = 0; 335 336 /* Send the HCI command packet to UART for transmission */ 337 ret = do_write(fd, cmd, size); 338 if (ret != size) { 339 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret); 340 goto failed; 341 } 342 343 /* Wait for command complete event */ 344 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 345 if ( err < 0) { 346 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__); 347 goto failed; 348 } 349 350 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__); 351failed: 352 return ret; 353} 354 355 356int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 357{ 358 int ret = 0; 359 360 /* Send the HCI command packet to UART for transmission */ 361 ret = do_write(fd, cmd, size); 362 if (ret != size) { 363 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 364 goto failed; 365 } 366 367 if (wait_vsc_evt) { 368 /* Check for response from the Controller */ 369 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 370 ret = -ETIMEDOUT; 371 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 372 goto failed; 373 } 374 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 375 } 376 377failed: 378 return ret; 379} 380 381void frame_hci_cmd_pkt( 382 unsigned char *cmd, 383 int edl_cmd, unsigned int p_base_addr, 384 int segtNo, int size 385 ) 386{ 387 int offset = 0; 388 hci_command_hdr *cmd_hdr; 389 390 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 391 392 cmd_hdr = (void *) (cmd + 1); 393 394 cmd[0] = HCI_COMMAND_PKT; 395 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF); 396 cmd_hdr->plen = size; 397 cmd[4] = edl_cmd; 398 399 switch (edl_cmd) 400 { 401 case EDL_PATCH_SET_REQ_CMD: 402 /* Copy the patch header info as CMD params */ 403 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN); 404 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__); 405 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 406 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 407 break; 408 case EDL_PATCH_DLD_REQ_CMD: 409 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT); 410 p_base_addr += offset; 411 cmd_hdr->plen = (size + 6); 412 cmd[5] = (size + 4); 413 cmd[6] = EXTRACT_BYTE(p_base_addr, 0); 414 cmd[7] = EXTRACT_BYTE(p_base_addr, 1); 415 cmd[8] = EXTRACT_BYTE(p_base_addr, 2); 416 cmd[9] = EXTRACT_BYTE(p_base_addr, 3); 417 memcpy(&cmd[10], (pdata_buffer + offset), size); 418 419 ALOGV("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes", 420 __FUNCTION__, size); 421 ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t" 422 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2], 423 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]); 424 break; 425 case EDL_PATCH_ATCH_REQ_CMD: 426 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__); 427 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 428 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 429 break; 430 case EDL_PATCH_RST_REQ_CMD: 431 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__); 432 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 433 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 434 break; 435 case EDL_PATCH_VER_REQ_CMD: 436 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__); 437 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 438 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 439 break; 440 case EDL_PATCH_TLV_REQ_CMD: 441 ALOGV("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__); 442 /* Parameter Total Length */ 443 cmd[3] = size +2; 444 445 /* TLV Segment Length */ 446 cmd[5] = size; 447 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 448 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]); 449 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT); 450 memcpy(&cmd[6], (pdata_buffer + offset), size); 451 break; 452 case EDL_GET_BUILD_INFO: 453 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__); 454 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 455 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 456 break; 457 case EDL_GET_BOARD_ID: 458 ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__); 459 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 460 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 461 break; 462 default: 463 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__); 464 } 465} 466 467void rome_extract_patch_header_info(unsigned char *buf) 468{ 469 int index; 470 471 /* Extract patch id */ 472 for (index = 0; index < 4; index++) 473 rampatch_patch_info.patch_id |= 474 (LSH(buf[index + P_ID_OFFSET], (index * 8))); 475 476 /* Extract (ROM and BUILD) version information */ 477 for (index = 0; index < 2; index++) 478 rampatch_patch_info.patch_ver.rom_version |= 479 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8))); 480 481 for (index = 0; index < 2; index++) 482 rampatch_patch_info.patch_ver.build_version |= 483 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8))); 484 485 /* Extract patch base and entry addresses */ 486 for (index = 0; index < 4; index++) 487 rampatch_patch_info.patch_base_addr |= 488 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8))); 489 490 /* Patch BASE & ENTRY addresses are same */ 491 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr; 492 493 /* Extract total length of the patch payload */ 494 for (index = 0; index < 4; index++) 495 rampatch_patch_info.patch_length |= 496 (LSH(buf[index + P_LEN_OFFSET], (index * 8))); 497 498 /* Extract the CRC checksum of the patch payload */ 499 for (index = 0; index < 4; index++) 500 rampatch_patch_info.patch_crc |= 501 (LSH(buf[index + P_CRC_OFFSET], (index * 8))); 502 503 /* Extract patch control value */ 504 for (index = 0; index < 4; index++) 505 rampatch_patch_info.patch_ctrl |= 506 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8))); 507 508 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id); 509 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version); 510 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version); 511 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length); 512 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc); 513 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl); 514 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr); 515 516} 517 518int rome_edl_set_patch_request(int fd) 519{ 520 int size, err; 521 unsigned char cmd[HCI_MAX_CMD_SIZE]; 522 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 523 524 /* Frame the HCI CMD to be sent to the Controller */ 525 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0, 526 -1, PATCH_HDR_LEN + 1); 527 528 /* Total length of the packet to be sent to the Controller */ 529 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 530 531 /* Send HCI Command packet to Controller */ 532 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 533 if ( err != size) { 534 ALOGE("Failed to set the patch info to the Controller!"); 535 goto error; 536 } 537 538 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 539 if ( err < 0) { 540 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 541 goto error; 542 } 543 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__); 544error: 545 return err; 546} 547 548int rome_edl_patch_download_request(int fd) 549{ 550 int no_of_patch_segment; 551 int index = 1, err = 0, size = 0; 552 unsigned int p_base_addr; 553 unsigned char cmd[HCI_MAX_CMD_SIZE]; 554 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 555 556 no_of_patch_segment = (rampatch_patch_info.patch_length / 557 MAX_DATA_PER_SEGMENT); 558 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x", 559 __FUNCTION__, no_of_patch_segment, 560 rampatch_patch_info.patch_base_addr); 561 562 /* Initialize the patch base address from the one read from bin file */ 563 p_base_addr = rampatch_patch_info.patch_base_addr; 564 565 /* 566 * Depending upon size of the patch payload, download the patches in 567 * segments with a max. size of 239 bytes 568 */ 569 for (index = 1; index <= no_of_patch_segment; index++) { 570 571 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index); 572 573 /* Frame the HCI CMD PKT to be sent to Controller*/ 574 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, 575 index, MAX_DATA_PER_SEGMENT); 576 577 /* Total length of the packet to be sent to the Controller */ 578 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 579 580 /* Initialize the RSP packet everytime to 0 */ 581 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 582 583 /* Send HCI Command packet to Controller */ 584 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 585 if ( err != size) { 586 ALOGE("Failed to send the patch payload to the Controller!"); 587 goto error; 588 } 589 590 /* Read Command Complete Event */ 591 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 592 if ( err < 0) { 593 ALOGE("%s: Failed to downlaod patch segment: %d!", 594 __FUNCTION__, index); 595 goto error; 596 } 597 ALOGI("%s: Successfully downloaded patch segment: %d", 598 __FUNCTION__, index); 599 } 600 601 /* Check if any pending patch data to be sent */ 602 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ? 603 rampatch_patch_info.patch_length : 604 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT); 605 606 if (size) 607 { 608 /* Frame the HCI CMD PKT to be sent to Controller*/ 609 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size); 610 611 /* Initialize the RSP packet everytime to 0 */ 612 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 613 614 /* Total length of the packet to be sent to the Controller */ 615 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 616 617 /* Send HCI Command packet to Controller */ 618 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 619 if ( err != size) { 620 ALOGE("Failed to send the patch payload to the Controller!"); 621 goto error; 622 } 623 624 /* Read Command Complete Event */ 625 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 626 if ( err < 0) { 627 ALOGE("%s: Failed to downlaod patch segment: %d!", 628 __FUNCTION__, index); 629 goto error; 630 } 631 632 ALOGI("%s: Successfully downloaded patch segment: %d", 633 __FUNCTION__, index); 634 } 635 636error: 637 return err; 638} 639 640static int rome_download_rampatch(int fd) 641{ 642 int c, tmp, size, index, ret = -1; 643 644 ALOGI("%s: ", __FUNCTION__); 645 646 /* Get handle to the RAMPATCH binary file */ 647 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH); 648 file = fopen(ROME_FW_PATH, "r"); 649 if (file == NULL) { 650 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!", 651 __FUNCTION__); 652 return -ENFILE; 653 } 654 655 /* Allocate memory for the patch headder info */ 656 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__); 657 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1); 658 if (phdr_buffer == NULL) { 659 ALOGE("%s: Failed to allocate memory for patch header", 660 __FUNCTION__); 661 goto phdr_alloc_failed; 662 } 663 for (index = 0; index < PATCH_HDR_LEN + 1; index++) 664 phdr_buffer[index] = 0x0; 665 666 /* Read 28 bytes of patch header information */ 667 ALOGI("%s: Reading patch header info", __FUNCTION__); 668 index = 0; 669 do { 670 c = fgetc (file); 671 phdr_buffer[index++] = (unsigned char)c; 672 } while (index != PATCH_HDR_LEN); 673 674 /* Save the patch header info into local structure */ 675 ALOGI("%s: Saving patch hdr. info", __FUNCTION__); 676 rome_extract_patch_header_info((unsigned char *)phdr_buffer); 677 678 /* Set the patch header info onto the Controller */ 679 ret = rome_edl_set_patch_request(fd); 680 if (ret < 0) { 681 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__); 682 goto pdata_alloc_failed; 683 } 684 685 /* Allocate memory for the patch payload */ 686 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__); 687 size = rampatch_patch_info.patch_length; 688 pdata_buffer = (unsigned char *) malloc(size+1); 689 if (pdata_buffer == NULL) { 690 ALOGE("%s: Failed to allocate memory for patch payload", 691 __FUNCTION__); 692 goto pdata_alloc_failed; 693 } 694 for (index = 0; index < size+1; index++) 695 pdata_buffer[index] = 0x0; 696 697 /* Read the patch data from Rampatch binary image */ 698 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__); 699 index = 0; 700 do { 701 c = fgetc (file); 702 pdata_buffer[index++] = (unsigned char)c; 703 } while (c != EOF); 704 705 /* Downloading patches in segments to controller */ 706 ret = rome_edl_patch_download_request(fd); 707 if (ret < 0) { 708 ALOGE("%s: Error downloading patch segments!", __FUNCTION__); 709 goto cleanup; 710 } 711cleanup: 712 free(pdata_buffer); 713pdata_alloc_failed: 714 free(phdr_buffer); 715phdr_alloc_failed: 716 fclose(file); 717error: 718 return ret; 719} 720 721int rome_attach_rampatch(int fd) 722{ 723 int size, err; 724 unsigned char cmd[HCI_MAX_CMD_SIZE]; 725 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 726 727 /* Frame the HCI CMD to be sent to the Controller */ 728 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0, 729 -1, EDL_PATCH_CMD_LEN); 730 731 /* Total length of the packet to be sent to the Controller */ 732 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 733 734 /* Send HCI Command packet to Controller */ 735 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 736 if ( err != size) { 737 ALOGE("Failed to attach the patch payload to the Controller!"); 738 goto error; 739 } 740 741 /* Read Command Complete Event */ 742 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 743 if ( err < 0) { 744 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__); 745 goto error; 746 } 747error: 748 return err; 749} 750 751int rome_rampatch_reset(int fd) 752{ 753 int size, err = 0, flags; 754 unsigned char cmd[HCI_MAX_CMD_SIZE]; 755 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */ 756 757 /* Frame the HCI CMD to be sent to the Controller */ 758 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0, 759 -1, EDL_PATCH_CMD_LEN); 760 761 /* Total length of the packet to be sent to the Controller */ 762 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 763 764 /* Send HCI Command packet to Controller */ 765 err = do_write(fd, cmd, size); 766 if (err != size) { 767 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 768 goto error; 769 } 770 771 /* 772 * Controller doesn't sends any response for the patch reset 773 * command. HOST has to wait for 100ms before proceeding. 774 */ 775 nanosleep(&tm, NULL); 776 777error: 778 return err; 779} 780 781int rome_get_tlv_file(char *file_path) 782{ 783 FILE * pFile; 784 long fileSize; 785 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i; 786 unsigned short nvm_tag_len; 787 tlv_patch_info *ptlv_header; 788 tlv_nvm_hdr *nvm_ptr; 789 unsigned char data_buf[PRINT_BUF_SIZE]={0,}; 790 unsigned char *nvm_byte_ptr; 791 792 ALOGI("File Open (%s)", file_path); 793 pFile = fopen ( file_path , "r" ); 794 if (pFile==NULL) {; 795 ALOGE("%s File Open Fail", file_path); 796 return -1; 797 } 798 799 /* Get File Size */ 800 fseek (pFile , 0 , SEEK_END); 801 fileSize = ftell (pFile); 802 rewind (pFile); 803 804 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize); 805 if (pdata_buffer == NULL) { 806 ALOGE("Allocated Memory failed"); 807 fclose (pFile); 808 return -1; 809 } 810 811 /* Copy file into allocated buffer */ 812 readSize = fread (pdata_buffer,1,fileSize,pFile); 813 814 /* File Close */ 815 fclose (pFile); 816 817 if (readSize != fileSize) { 818 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize); 819 return -1; 820 } 821 822 ptlv_header = (tlv_patch_info *) pdata_buffer; 823 824 /* To handle different event between rampatch and NVM */ 825 gTlv_type = ptlv_header->tlv_type; 826 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg; 827 828 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){ 829 ALOGI("===================================================="); 830 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 831 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) | 832 (ptlv_header->tlv_length2 << 8) | 833 (ptlv_header->tlv_length3 << 16)); 834 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len); 835 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len); 836 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver); 837 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm); 838 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg); 839 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1); 840 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id); 841 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver); 842 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver); 843 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2); 844 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr)); 845 ALOGI("===================================================="); 846 847 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) { 848 ALOGV("===================================================="); 849 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 850 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) | 851 (ptlv_header->tlv_length2 << 8) | 852 (ptlv_header->tlv_length3 << 16)); 853 854 if(nvm_length <= 0) 855 return readSize; 856 857 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0; 858 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr) 859 { 860 ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id); 861 ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len); 862 ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr); 863 ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag); 864 865 /* Increase nvm_index to NVM data */ 866 nvm_index+=sizeof(tlv_nvm_hdr); 867 nvm_byte_ptr+=sizeof(tlv_nvm_hdr); 868 869 /* Write BD Address */ 870 if(nvm_ptr->tag_id == TAG_NUM_2){ 871 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6); 872 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x", 873 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2), 874 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5)); 875 } 876 877 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++) 878 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i)); 879 880 ALOGV("TAG Data\t\t\t : %s", data_buf); 881 882 /* Clear buffer */ 883 memset(data_buf, 0x0, PRINT_BUF_SIZE); 884 885 /* increased by tag_len */ 886 nvm_index+=nvm_ptr->tag_len; 887 nvm_byte_ptr +=nvm_ptr->tag_len; 888 } 889 890 ALOGV("===================================================="); 891 892 } else { 893 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type); 894 } 895 896 return readSize; 897} 898 899int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt) 900{ 901 int size=0, err = -1; 902 unsigned char cmd[HCI_MAX_CMD_SIZE]; 903 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 904 905 ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size); 906 907 /* Frame the HCI CMD PKT to be sent to Controller*/ 908 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size); 909 910 /* Total length of the packet to be sent to the Controller */ 911 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 912 913 /* Initialize the RSP packet everytime to 0 */ 914 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 915 916 /* Send HCI Command packet to Controller */ 917 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 918 if ( err != size) { 919 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err); 920 return err; 921 } 922 923 if(wait_cc_evt) { 924 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 925 if ( err < 0) { 926 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index); 927 return err; 928 } 929 } 930 931 ALOGV("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index); 932 return err; 933} 934 935int rome_tlv_dnld_req(int fd, int tlv_size) 936{ 937 int total_segment, remain_size, i, err = -1; 938 unsigned char wait_cc_evt; 939 940 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT; 941 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\ 942 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT); 943 944 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d", 945 __FUNCTION__,tlv_size, total_segment, remain_size); 946 947 if (gTlv_type == TLV_TYPE_PATCH) { 948 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event 949 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the 950 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now 951 */ 952 switch(gTlv_dwndCfg) 953 { 954 case ROME_SKIP_EVT_NONE: 955 wait_vsc_evt = TRUE; 956 wait_cc_evt = TRUE; 957 ALOGI("Event handling type: ROME_SKIP_EVT_NONE"); 958 break; 959 case ROME_SKIP_EVT_VSE_CC: 960 wait_vsc_evt = FALSE; 961 wait_cc_evt = FALSE; 962 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC"); 963 break; 964 /* Not handled for now */ 965 case ROME_SKIP_EVT_VSE: 966 case ROME_SKIP_EVT_CC: 967 default: 968 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg); 969 break; 970 } 971 } else { 972 wait_vsc_evt = TRUE; 973 wait_cc_evt = TRUE; 974 } 975 976 for(i=0;i<total_segment ;i++){ 977 if ((i+1) == total_segment) { 978 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 979 /* If the Rome version is from 1.1 to 3.1 980 * 1. No CCE for the last command segment but all other segment 981 * 2. All the command segments get VSE including the last one 982 */ 983 wait_cc_evt = !remain_size ? FALSE: TRUE; 984 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 985 /* If the Rome version is 3.2 986 * 1. None of the command segments receive CCE 987 * 2. No command segments receive VSE except the last one 988 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 989 * same as Rome 2.1, 2.2, 3.0 990 */ 991 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 992 wait_cc_evt = !remain_size ? FALSE: TRUE; 993 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 994 wait_vsc_evt = !remain_size ? TRUE: FALSE; 995 } 996 } 997 } 998 999 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0) 1000 goto error; 1001 } 1002 1003 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1004 /* If the Rome version is from 1.1 to 3.1 1005 * 1. No CCE for the last command segment but all other segment 1006 * 2. All the command segments get VSE including the last one 1007 */ 1008 wait_cc_evt = remain_size ? FALSE: TRUE; 1009 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1010 /* If the Rome version is 3.2 1011 * 1. None of the command segments receive CCE 1012 * 2. No command segments receive VSE except the last one 1013 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1014 * same as Rome 2.1, 2.2, 3.0 1015 */ 1016 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1017 wait_cc_evt = remain_size ? FALSE: TRUE; 1018 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1019 wait_vsc_evt = remain_size ? TRUE: FALSE; 1020 } 1021 } 1022 1023 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt); 1024 1025error: 1026 return err; 1027} 1028 1029int rome_download_tlv_file(int fd) 1030{ 1031 int tlv_size, err = -1; 1032 1033 /* Rampatch TLV file Downloading */ 1034 pdata_buffer = NULL; 1035 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0) 1036 goto error; 1037 1038 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1039 goto error; 1040 1041 if (pdata_buffer != NULL){ 1042 free (pdata_buffer); 1043 pdata_buffer = NULL; 1044 } 1045 /* NVM TLV file Downloading */ 1046 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0) 1047 goto error; 1048 1049 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1050 goto error; 1051 1052error: 1053 if (pdata_buffer != NULL) 1054 free (pdata_buffer); 1055 1056 return err; 1057} 1058 1059int rome_1_0_nvm_tag_dnld(int fd) 1060{ 1061 int i, size, err = 0; 1062 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1063 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1064 1065#if (NVM_VERSION >= ROME_1_0_100019) 1066 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1067 { 1068 /* Tag 2 */ /* BD Address */ 1069 { /* Packet Type */HCI_COMMAND_PKT, 1070 /* Opcode */ 0x0b,0xfc, 1071 /* Total Len */ 9, 1072 /* NVM CMD */ NVM_ACCESS_SET, 1073 /* Tag Num */ 2, 1074 /* Tag Len */ 6, 1075 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 1076 }, 1077 /* Tag 6 */ /* Bluetooth Support Features */ 1078 { /* Packet Type */HCI_COMMAND_PKT, 1079 /* Opcode */ 0x0b,0xfc, 1080 /* Total Len */ 11, 1081 /* NVM CMD */ NVM_ACCESS_SET, 1082 /* Tag Num */ 6, 1083 /* Tag Len */ 8, 1084 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1085 }, 1086 /* Tag 17 */ /* HCI Transport Layer Setting */ 1087 { /* Packet Type */HCI_COMMAND_PKT, 1088 /* Opcode */ 0x0b,0xfc, 1089 /* Total Len */ 11, 1090 /* NVM CMD */ NVM_ACCESS_SET, 1091 /* Tag Num */ 17, 1092 /* Tag Len */ 8, 1093 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1094 }, 1095 /* Tag 35 */ 1096 { /* Packet Type */HCI_COMMAND_PKT, 1097 /* Opcode */ 0x0b,0xfc, 1098 /* Total Len */ 58, 1099 /* NVM CMD */ NVM_ACCESS_SET, 1100 /* Tag Num */ 35, 1101 /* Tag Len */ 55, 1102 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59, 1103 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1104 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1105 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1106 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1107 0x1B, 0x14, 0x01, 0x04, 0x48 1108 }, 1109 /* Tag 36 */ 1110 { /* Packet Type */HCI_COMMAND_PKT, 1111 /* Opcode */ 0x0b,0xfc, 1112 /* Total Len */ 15, 1113 /* NVM CMD */ NVM_ACCESS_SET, 1114 /* Tag Num */ 36, 1115 /* Tag Len */ 12, 1116 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1117 }, 1118 /* Tag 39 */ 1119 { /* Packet Type */HCI_COMMAND_PKT, 1120 /* Opcode */ 0x0b,0xfc, 1121 /* Total Len */ 7, 1122 /* NVM CMD */ NVM_ACCESS_SET, 1123 /* Tag Num */ 39, 1124 /* Tag Len */ 4, 1125 /* Tag Value */ 0x12,0x00,0x00,0x00 1126 }, 1127 /* Tag 41 */ 1128 { /* Packet Type */HCI_COMMAND_PKT, 1129 /* Opcode */ 0x0b,0xfc, 1130 /* Total Len */ 91, 1131 /* NVM CMD */ NVM_ACCESS_SET, 1132 /* Tag Num */ 41, 1133 /* Tag Len */ 88, 1134 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00, 1135 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00, 1136 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00, 1137 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00, 1138 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01, 1139 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00, 1140 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01, 1141 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00, 1142 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00 1143 }, 1144 /* Tag 42 */ 1145 { /* Packet Type */HCI_COMMAND_PKT, 1146 /* Opcode */ 0x0b,0xfc, 1147 /* Total Len */ 63, 1148 /* NVM CMD */ NVM_ACCESS_SET, 1149 /* Tag Num */ 42, 1150 /* Tag Len */ 60, 1151 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47, 1152 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01, 1153 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01, 1154 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A, 1155 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00, 1156 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01 1157 }, 1158 /* Tag 84 */ 1159 { /* Packet Type */HCI_COMMAND_PKT, 1160 /* Opcode */ 0x0b,0xfc, 1161 /* Total Len */ 153, 1162 /* NVM CMD */ NVM_ACCESS_SET, 1163 /* Tag Num */ 84, 1164 /* Tag Len */ 150, 1165 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28, 1166 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28, 1167 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28, 1168 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18, 1169 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 1170 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13, 1171 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12, 1172 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01, 1173 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D, 1174 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D, 1175 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00, 1176 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40, 1177 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00, 1178 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00, 1179 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D 1180 }, 1181 /* Tag 85 */ 1182 { /* Packet Type */HCI_COMMAND_PKT, 1183 /* Opcode */ 0x0b,0xfc, 1184 /* Total Len */ 119, 1185 /* NVM CMD */ NVM_ACCESS_SET, 1186 /* Tag Num */ 85, 1187 /* Tag Len */ 116, 1188 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59, 1189 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E, 1190 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02, 1191 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02, 1192 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00, 1193 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F, 1194 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C, 1195 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 1196 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00, 1197 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00, 1198 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00, 1199 0x12, 0x04, 0x04, 0x01, 0x04, 0x03 1200 }, 1201 {TAG_END} 1202 }; 1203#elif (NVM_VERSION == ROME_1_0_6002) 1204 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1205 { 1206 /* Tag 2 */ 1207 { /* Packet Type */HCI_COMMAND_PKT, 1208 /* Opcode */ 0x0b,0xfc, 1209 /* Total Len */ 9, 1210 /* NVM CMD */ NVM_ACCESS_SET, 1211 /* Tag Num */ 2, 1212 /* Tag Len */ 6, 1213 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */ 1214 }, 1215 /* Tag 6 */ 1216 { /* Packet Type */HCI_COMMAND_PKT, 1217 /* Opcode */ 0x0b,0xfc, 1218 /* Total Len */ 11, 1219 /* NVM CMD */ NVM_ACCESS_SET, 1220 /* Tag Num */ 6, 1221 /* Tag Len */ 8, 1222 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1223 }, 1224 /* Tag 17 */ 1225 { /* Packet Type */HCI_COMMAND_PKT, 1226 /* Opcode */ 0x0b,0xfc, 1227 /* Total Len */ 11, 1228 /* NVM CMD */ NVM_ACCESS_SET, 1229 /* Tag Num */ 17, 1230 /* Tag Len */ 8, 1231 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1232 }, 1233 /* Tag 36 */ 1234 { /* Packet Type */HCI_COMMAND_PKT, 1235 /* Opcode */ 0x0b,0xfc, 1236 /* Total Len */ 15, 1237 /* NVM CMD */ NVM_ACCESS_SET, 1238 /* Tag Num */ 36, 1239 /* Tag Len */ 12, 1240 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1241 }, 1242 1243 /* Tag 39 */ 1244 { /* Packet Type */HCI_COMMAND_PKT, 1245 /* Opcode */ 0x0b,0xfc, 1246 /* Total Len */ 7, 1247 /* NVM CMD */ NVM_ACCESS_SET, 1248 /* Tag Num */ 39, 1249 /* Tag Len */ 4, 1250 /* Tag Value */ 0x12,0x00,0x00,0x00 1251 }, 1252 1253 /* Tag 41 */ 1254 { /* Packet Type */HCI_COMMAND_PKT, 1255 /* Opcode */ 0x0b,0xfc, 1256 /* Total Len */ 199, 1257 /* NVM CMD */ NVM_ACCESS_SET, 1258 /* Tag Num */ 41, 1259 /* Tag Len */ 196, 1260 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00, 1261 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00, 1262 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00, 1263 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00, 1264 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00, 1265 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00, 1266 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00, 1267 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00, 1268 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00, 1269 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00, 1270 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00, 1271 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00, 1272 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00, 1273 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00, 1274 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00, 1275 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00, 1276 0x0B,0x01,0x03,0x00 1277 }, 1278 1279 /* Tag 44 */ 1280 { /* Packet Type */HCI_COMMAND_PKT, 1281 /* Opcode */ 0x0b,0xfc, 1282 /* Total Len */ 44, 1283 /* NVM CMD */ NVM_ACCESS_SET, 1284 /* Tag Num */ 44, 1285 /* Tag Len */ 41, 1286 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02, 1287 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01, 1288 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01, 1289 0x00,0x14,0x01,0x02,0x03 1290 }, 1291 {TAG_END} 1292 }; 1293#endif 1294 1295 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION); 1296 1297 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++) 1298 { 1299 /* Write BD Address */ 1300 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){ 1301 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6); 1302 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", 1303 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1], 1304 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3], 1305 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]); 1306 } 1307 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1; 1308 /* Send HCI Command packet to Controller */ 1309 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size); 1310 if ( err != size) { 1311 ALOGE("Failed to attach the patch payload to the Controller!"); 1312 goto error; 1313 } 1314 1315 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1316 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1317 if ( err < 0) { 1318 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1319 goto error; 1320 } 1321 } 1322 1323error: 1324 return err; 1325} 1326 1327 1328 1329int rome_patch_ver_req(int fd) 1330{ 1331 int size, err = 0; 1332 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1333 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1334 1335 /* Frame the HCI CMD to be sent to the Controller */ 1336 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0, 1337 -1, EDL_PATCH_CMD_LEN); 1338 1339 /* Total length of the packet to be sent to the Controller */ 1340 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1341 1342 /* Send HCI Command packet to Controller */ 1343 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1344 if ( err != size) { 1345 ALOGE("Failed to attach the patch payload to the Controller!"); 1346 goto error; 1347 } 1348 1349 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1350 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1351 if ( err < 0) { 1352 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1353 goto error; 1354 } 1355error: 1356 return err; 1357 1358} 1359 1360int rome_get_build_info_req(int fd) 1361{ 1362 int size, err = 0; 1363 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1364 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1365 1366 /* Frame the HCI CMD to be sent to the Controller */ 1367 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0, 1368 -1, EDL_PATCH_CMD_LEN); 1369 1370 /* Total length of the packet to be sent to the Controller */ 1371 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1372 1373 /* Send HCI Command packet to Controller */ 1374 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1375 if ( err != size) { 1376 ALOGE("Failed to send get build info cmd to the SoC!"); 1377 goto error; 1378 } 1379 1380 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1381 if ( err < 0) { 1382 ALOGE("%s: Failed to get build info", __FUNCTION__); 1383 goto error; 1384 } 1385error: 1386 return err; 1387 1388} 1389 1390 1391int rome_set_baudrate_req(int fd) 1392{ 1393 int size, err = 0; 1394 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1395 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1396 hci_command_hdr *cmd_hdr; 1397 int flags; 1398 1399 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1400 1401 cmd_hdr = (void *) (cmd + 1); 1402 cmd[0] = HCI_COMMAND_PKT; 1403 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF); 1404 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN; 1405 cmd[4] = BAUDRATE_3000000; 1406 1407 /* Total length of the packet to be sent to the Controller */ 1408 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN); 1409 tcflush(fd,TCIOFLUSH); 1410 /* Flow off during baudrate change */ 1411 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1412 { 1413 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1414 goto error; 1415 } 1416 1417 /* Send the HCI command packet to UART for transmission */ 1418 err = do_write(fd, cmd, size); 1419 if (err != size) { 1420 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1421 goto error; 1422 } 1423 1424 /* Change Local UART baudrate to high speed UART */ 1425 userial_vendor_set_baud(USERIAL_BAUD_3M); 1426 1427 /* Flow on after changing local uart baudrate */ 1428 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1429 { 1430 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1431 return err; 1432 } 1433 1434 /* Check for response from the Controller */ 1435 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) { 1436 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 1437 goto error; 1438 } 1439 1440 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 1441 1442 /* Wait for command complete event */ 1443 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1444 if ( err < 0) { 1445 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1446 goto error; 1447 } 1448 1449error: 1450 return err; 1451 1452} 1453 1454 1455int rome_hci_reset_req(int fd) 1456{ 1457 int size, err = 0; 1458 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1459 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1460 hci_command_hdr *cmd_hdr; 1461 int flags; 1462 1463 ALOGI("%s: HCI RESET ", __FUNCTION__); 1464 1465 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1466 1467 cmd_hdr = (void *) (cmd + 1); 1468 cmd[0] = HCI_COMMAND_PKT; 1469 cmd_hdr->opcode = HCI_RESET; 1470 cmd_hdr->plen = 0; 1471 1472 /* Total length of the packet to be sent to the Controller */ 1473 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1474 1475 /* Flow off during baudrate change */ 1476 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1477 { 1478 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1479 goto error; 1480 } 1481 1482 /* Send the HCI command packet to UART for transmission */ 1483 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]); 1484 err = do_write(fd, cmd, size); 1485 if (err != size) { 1486 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1487 goto error; 1488 } 1489 1490 /* Change Local UART baudrate to high speed UART */ 1491 userial_vendor_set_baud(USERIAL_BAUD_3M); 1492 1493 /* Flow on after changing local uart baudrate */ 1494 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1495 { 1496 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1497 return err; 1498 } 1499 1500 /* Wait for command complete event */ 1501 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1502 if ( err < 0) { 1503 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1504 goto error; 1505 } 1506 1507error: 1508 return err; 1509 1510} 1511 1512 1513int rome_hci_reset(int fd) 1514{ 1515 int size, err = 0; 1516 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1517 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1518 hci_command_hdr *cmd_hdr; 1519 int flags; 1520 1521 ALOGI("%s: HCI RESET ", __FUNCTION__); 1522 1523 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1524 1525 cmd_hdr = (void *) (cmd + 1); 1526 cmd[0] = HCI_COMMAND_PKT; 1527 cmd_hdr->opcode = HCI_RESET; 1528 cmd_hdr->plen = 0; 1529 1530 /* Total length of the packet to be sent to the Controller */ 1531 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1532 err = do_write(fd, cmd, size); 1533 if (err != size) { 1534 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1535 err = -1; 1536 goto error; 1537 } 1538 1539 /* Wait for command complete event */ 1540 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1541 if ( err < 0) { 1542 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1543 goto error; 1544 } 1545 1546error: 1547 return err; 1548 1549} 1550 1551int rome_wipower_current_charging_status_req(int fd) 1552{ 1553 int size, err = 0; 1554 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1555 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1556 hci_command_hdr *cmd_hdr; 1557 int flags; 1558 1559 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1560 1561 cmd_hdr = (void *) (cmd + 1); 1562 cmd[0] = HCI_COMMAND_PKT; 1563 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1564 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN; 1565 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD; 1566 1567 /* Total length of the packet to be sent to the Controller */ 1568 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN); 1569 1570 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__); 1571 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1572 1573 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1574 if ( err != size) { 1575 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!"); 1576 goto error; 1577 } 1578 1579 /* Check for response from the Controller */ 1580 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1581 err = -ETIMEDOUT; 1582 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1583 goto error; 1584 } 1585 1586 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1587 if (rsp[4] >= NON_WIPOWER_MODE) { 1588 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1589 if (err < 0) { 1590 ALOGE("%s: Failed to get charging status", __FUNCTION__); 1591 goto error; 1592 } 1593 } 1594 1595error: 1596 return err; 1597} 1598 1599int addon_feature_req(int fd) 1600{ 1601 int size, err = 0; 1602 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1603 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1604 hci_command_hdr *cmd_hdr; 1605 int flags; 1606 1607 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1608 1609 cmd_hdr = (void *) (cmd + 1); 1610 cmd[0] = HCI_COMMAND_PKT; 1611 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT); 1612 cmd_hdr->plen = 0x00; 1613 1614 /* Total length of the packet to be sent to the Controller */ 1615 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1616 1617 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__); 1618 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]); 1619 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1620 if ( err != size) { 1621 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!"); 1622 goto error; 1623 } 1624 1625 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1626 if (err < 0) { 1627 ALOGE("%s: Failed to get feature request", __FUNCTION__); 1628 goto error; 1629 } 1630error: 1631 return err; 1632} 1633 1634 1635int check_embedded_mode(int fd) { 1636 int err = 0; 1637 1638 wipower_flag = 0; 1639 /* Get current wipower charging status */ 1640 if ((err = rome_wipower_current_charging_status_req(fd)) < 0) 1641 { 1642 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err); 1643 } 1644 usleep(500); 1645 1646 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag); 1647 1648 return wipower_flag; 1649} 1650 1651int rome_get_addon_feature_list(int fd) { 1652 int err = 0; 1653 1654 /* Get addon features that are supported by FW */ 1655 if ((err = addon_feature_req(fd)) < 0) 1656 { 1657 ALOGE("%s: failed (0x%x)", __FUNCTION__, err); 1658 } 1659 return err; 1660} 1661 1662int rome_wipower_forward_handoff_req(int fd) 1663{ 1664 int size, err = 0; 1665 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1666 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1667 hci_command_hdr *cmd_hdr; 1668 int flags; 1669 1670 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1671 1672 cmd_hdr = (void *) (cmd + 1); 1673 cmd[0] = HCI_COMMAND_PKT; 1674 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1675 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN; 1676 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD; 1677 1678 /* Total length of the packet to be sent to the Controller */ 1679 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN); 1680 1681 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__); 1682 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1683 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1684 if ( err != size) { 1685 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!"); 1686 goto error; 1687 } 1688 1689 /* Check for response from the Controller */ 1690 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1691 err = -ETIMEDOUT; 1692 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1693 goto error; 1694 } 1695 1696error: 1697 return err; 1698} 1699 1700 1701void enable_controller_log (int fd) 1702{ 1703 int ret = 0; 1704 /* VS command to enable controller logging to the HOST. By default it is disabled */ 1705 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00}; 1706 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1707 char value[PROPERTY_VALUE_MAX] = {'\0'}; 1708 1709 property_get("persist.service.bdroid.soclog", value, "false"); 1710 1711 // value at cmd[5]: 1 - to enable, 0 - to disable 1712 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0; 1713 ALOGI("%s: %d", __func__, ret); 1714 1715 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6); 1716 if (ret != 6) { 1717 ALOGE("%s: command failed", __func__); 1718 } 1719 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1720 if (ret < 0) { 1721 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__); 1722 } 1723} 1724 1725 1726static int disable_internal_ldo(int fd) 1727{ 1728 int ret = 0; 1729 if (enable_extldo) { 1730 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32}; 1731 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1732 1733 ALOGI(" %s ", __FUNCTION__); 1734 ret = do_write(fd, cmd, 5); 1735 if (ret != 5) { 1736 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 1737 ret = -1; 1738 } else { 1739 /* Wait for command complete event */ 1740 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1741 if ( ret < 0) { 1742 ALOGE("%s: Failed to get response from controller", __FUNCTION__); 1743 } 1744 } 1745 } 1746 return ret; 1747} 1748 1749int rome_soc_init(int fd, char *bdaddr) 1750{ 1751 int err = -1, size = 0; 1752 1753 ALOGI(" %s ", __FUNCTION__); 1754 1755 /* If wipower charging is going on in embedded mode then start hand off req */ 1756 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE) 1757 { 1758 wipower_flag = 0; 1759 wipower_handoff_ready = 0; 1760 if ((err = rome_wipower_forward_handoff_req(fd)) < 0) 1761 { 1762 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err); 1763 } 1764 } 1765 1766 /* Get Rome version information */ 1767 if((err = rome_patch_ver_req(fd)) <0){ 1768 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err); 1769 goto error; 1770 } 1771 1772 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver); 1773 1774 switch (rome_ver){ 1775 case ROME_VER_1_0: 1776 { 1777 /* Set and Download the RAMPATCH */ 1778 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__); 1779 err = rome_download_rampatch(fd); 1780 if (err < 0) { 1781 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__); 1782 goto error; 1783 } 1784 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__); 1785 1786 /* Attach the RAMPATCH */ 1787 ALOGI("%s: Attaching the patches", __FUNCTION__); 1788 err = rome_attach_rampatch(fd); 1789 if (err < 0) { 1790 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__); 1791 goto error; 1792 } 1793 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__); 1794 1795 /* Send Reset */ 1796 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1797 err = rome_rampatch_reset(fd); 1798 if ( err < 0 ) { 1799 ALOGE("Failed to RESET after RAMPATCH upgrade!"); 1800 goto error; 1801 } 1802 1803 /* NVM download */ 1804 ALOGI("%s: Downloading NVM", __FUNCTION__); 1805 err = rome_1_0_nvm_tag_dnld(fd); 1806 if ( err <0 ) { 1807 ALOGE("Downloading NVM Failed !!"); 1808 goto error; 1809 } 1810 1811 /* Change baud rate 115.2 kbps to 3Mbps*/ 1812 err = rome_hci_reset_req(fd); 1813 if (err < 0) { 1814 ALOGE("HCI Reset Failed !!"); 1815 goto error; 1816 } 1817 1818 ALOGI("HCI Reset is done\n"); 1819 } 1820 break; 1821 case ROME_VER_1_1: 1822 rampatch_file_path = ROME_RAMPATCH_TLV_PATH; 1823 nvm_file_path = ROME_NVM_TLV_PATH; 1824 goto download; 1825 case ROME_VER_1_3: 1826 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH; 1827 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH; 1828 goto download; 1829 case ROME_VER_2_1: 1830 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH; 1831 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH; 1832 goto download; 1833 case ROME_VER_3_0: 1834 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH; 1835 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH; 1836 fw_su_info = ROME_3_1_FW_SU; 1837 fw_su_offset = ROME_3_1_FW_SW_OFFSET; 1838 goto download; 1839 case ROME_VER_3_2: 1840 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH; 1841 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH; 1842 fw_su_info = ROME_3_2_FW_SU; 1843 fw_su_offset = ROME_3_2_FW_SW_OFFSET; 1844 1845download: 1846 /* Change baud rate 115.2 kbps to 3Mbps*/ 1847 err = rome_set_baudrate_req(fd); 1848 if (err < 0) { 1849 ALOGE("%s: Baud rate change failed!", __FUNCTION__); 1850 goto error; 1851 } 1852 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__); 1853 /* Donwload TLV files (rampatch, NVM) */ 1854 err = rome_download_tlv_file(fd); 1855 if (err < 0) { 1856 ALOGE("%s: Download TLV file failed!", __FUNCTION__); 1857 goto error; 1858 } 1859 ALOGI("%s: Download TLV file successfully ", __FUNCTION__); 1860 1861 /* Get SU FM label information */ 1862 if((err = rome_get_build_info_req(fd)) <0){ 1863 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err); 1864 //Ignore the failure of ROME FW SU label information 1865 err = 0; 1866 } 1867 1868 /* Disable internal LDO to use external LDO instead*/ 1869 err = disable_internal_ldo(fd); 1870 1871 /* Send HCI Reset */ 1872 err = rome_hci_reset(fd); 1873 if ( err <0 ) { 1874 ALOGE("HCI Reset Failed !!"); 1875 goto error; 1876 } 1877 1878 ALOGI("HCI Reset is done\n"); 1879 1880 break; 1881 case ROME_VER_UNKNOWN: 1882 default: 1883 ALOGI("%s: Detected unknown ROME version", __FUNCTION__); 1884 err = -1; 1885 break; 1886 } 1887 1888error: 1889 return err; 1890} 1891