1/* 2 * 3 * Copyright (c) 2013, The Linux Foundation. All rights reserved. 4 * Not a Contribution. 5 * 6 * Copyright 2012 The Android Open Source Project 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you 9 * may not use this file except in compliance with the License. You may 10 * obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * permissions and limitations under the License. 19 * 20 */ 21 22/****************************************************************************** 23 * 24 * Filename: hw_rome.c 25 * 26 * Description: Contains controller-specific functions, like 27 * firmware patch download 28 * low power mode operations 29 * 30 ******************************************************************************/ 31#ifdef __cplusplus 32extern "C" { 33#endif 34 35#define LOG_TAG "bt_vendor" 36 37#include <sys/socket.h> 38#include <utils/Log.h> 39#include <sys/types.h> 40#include <sys/stat.h> 41#include <signal.h> 42#include <time.h> 43#include <errno.h> 44#include <fcntl.h> 45#include <dirent.h> 46#include <ctype.h> 47#include <cutils/properties.h> 48#include <stdlib.h> 49#include <termios.h> 50#include <string.h> 51#include <stdbool.h> 52#include "bt_hci_bdroid.h" 53#include "bt_vendor_qcom.h" 54#include "hci_uart.h" 55#include "hw_rome.h" 56 57#ifdef __cplusplus 58} 59#endif 60 61#define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__); 62 63int read_vs_hci_event(int fd, unsigned char* buf, int size); 64 65/****************************************************************************** 66** Variables 67******************************************************************************/ 68FILE *file; 69unsigned char *phdr_buffer; 70unsigned char *pdata_buffer = NULL; 71patch_info rampatch_patch_info; 72int chipset_ver = 0; 73unsigned char gTlv_type; 74unsigned char gTlv_dwndCfg; 75static unsigned int wipower_flag = 0; 76static unsigned int wipower_handoff_ready = 0; 77char *rampatch_file_path = NULL; 78char *nvm_file_path = NULL; 79char *fw_su_info = NULL; 80unsigned short fw_su_offset =0; 81extern char enable_extldo; 82unsigned char wait_vsc_evt = TRUE; 83bool patch_dnld_pending = FALSE; 84int dnld_fd = -1; 85 86/****************************************************************************** 87** Extern variables 88******************************************************************************/ 89 90/***************************************************************************** 91** Functions 92*****************************************************************************/ 93int do_write(int fd, unsigned char *buf,int len) 94{ 95 int ret = 0; 96 int write_offset = 0; 97 int write_len = len; 98 do { 99 ret = write(fd,buf+write_offset,write_len); 100 if (ret < 0) 101 { 102 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno)); 103 return -1; 104 } else if (ret == 0) { 105 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno)); 106 return 0; 107 } else { 108 if (ret < write_len) { 109 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret, 110 strerror(errno)); 111 write_len = write_len - ret; 112 write_offset = ret; 113 } else { 114 ALOGV("Write successful"); 115 break; 116 } 117 } 118 } while(1); 119 return len; 120} 121 122int get_vs_hci_event(unsigned char *rsp) 123{ 124 int err = 0; 125 unsigned char paramlen = 0; 126 unsigned char EMBEDDED_MODE_CHECK = 0x02; 127 FILE *btversionfile = 0; 128 unsigned int soc_id = 0; 129 unsigned int productid = 0; 130 unsigned short patchversion = 0; 131 char build_label[255]; 132 int build_lbl_len; 133 unsigned short buildversion = 0; 134 135 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE)) 136 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__); 137 else { 138 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__); 139 err = -EIO; 140 goto failed; 141 } 142 143 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]); 144 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]); 145 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]); 146 147 /* Check the status of the operation */ 148 switch ( rsp[CMD_RSP_OFFSET] ) 149 { 150 case EDL_CMD_REQ_RES_EVT: 151 ALOGI("%s: Command Request Response", __FUNCTION__); 152 switch(rsp[RSP_TYPE_OFFSET]) 153 { 154 case EDL_PATCH_VER_RES_EVT: 155 case EDL_APP_VER_RES_EVT: 156 ALOGI("\t Current Product ID\t\t: 0x%08x", 157 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 | 158 rsp[PATCH_PROD_ID_OFFSET+2] << 16 | 159 rsp[PATCH_PROD_ID_OFFSET+1] << 8 | 160 rsp[PATCH_PROD_ID_OFFSET] )); 161 162 /* Patch Version indicates FW patch version */ 163 ALOGI("\t Current Patch Version\t\t: 0x%04x", 164 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 | 165 rsp[PATCH_PATCH_VER_OFFSET] ))); 166 167 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */ 168 ALOGI("\t Current ROM Build Version\t: 0x%04x", buildversion = 169 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 | 170 rsp[PATCH_ROM_BUILD_VER_OFFSET] )); 171 172 /* In case rome 1.0/1.1, there is no SOC ID version available */ 173 if (paramlen - 10) 174 { 175 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id = 176 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 | 177 rsp[PATCH_SOC_VER_OFFSET+2] << 16 | 178 rsp[PATCH_SOC_VER_OFFSET+1] << 8 | 179 rsp[PATCH_SOC_VER_OFFSET] )); 180 } 181 182 /* Rome Chipset Version can be decided by Patch version and SOC version, 183 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be 184 used for SOC as combination for BT host driver */ 185 chipset_ver = (buildversion << 16) |(soc_id & 0x0000ffff); 186 187 break; 188 case EDL_TVL_DNLD_RES_EVT: 189 case EDL_CMD_EXE_STATUS_EVT: 190 switch (err = rsp[CMD_STATUS_OFFSET]) 191 { 192 case HCI_CMD_SUCCESS: 193 ALOGI("%s: Download Packet successfully!", __FUNCTION__); 194 break; 195 case PATCH_LEN_ERROR: 196 ALOGI("%s: Invalid patch length argument passed for EDL PATCH " 197 "SET REQ cmd", __FUNCTION__); 198 break; 199 case PATCH_VER_ERROR: 200 ALOGI("%s: Invalid patch version argument passed for EDL PATCH " 201 "SET REQ cmd", __FUNCTION__); 202 break; 203 case PATCH_CRC_ERROR: 204 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__); 205 break; 206 case PATCH_NOT_FOUND: 207 ALOGI("%s: Invalid patch data!!!", __FUNCTION__); 208 break; 209 case TLV_TYPE_ERROR: 210 ALOGI("%s: TLV Type Error !!!", __FUNCTION__); 211 break; 212 default: 213 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err); 214 break; 215 } 216 break; 217 case HCI_VS_GET_BUILD_VER_EVT: 218 build_lbl_len = rsp[5]; 219 memcpy (build_label, &rsp[6], build_lbl_len); 220 *(build_label+build_lbl_len) = '\0'; 221 222 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len); 223 break; 224 } 225 break; 226 227 case NVM_ACCESS_CODE: 228 ALOGI("%s: NVM Access Code!!!", __FUNCTION__); 229 err = HCI_CMD_SUCCESS; 230 break; 231 case EDL_SET_BAUDRATE_RSP_EVT: 232 /* Rome 1.1 has bug with the response, so it should ignore it. */ 233 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS) 234 { 235 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__, 236 rsp[CMD_STATUS_OFFSET]); 237 err = -1; 238 } 239 break; 240 case EDL_WIP_QUERY_CHARGING_STATUS_EVT: 241 /* Query charging command has below return values 242 0 - in embedded mode not charging 243 1 - in embedded mode and charging 244 2 - hadofff completed and in normal mode 245 3 - no wipower supported on mtp. so irrepective of charging 246 handoff command has to be sent if return values are 0 or 1. 247 These change include logic to enable generic BT turn on sequence.*/ 248 if (rsp[4] < EMBEDDED_MODE_CHECK) 249 { 250 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__); 251 wipower_handoff_ready = rsp[4]; 252 wipower_flag = 1; 253 } 254 break; 255 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT: 256 /*TODO: rsp code 00 mean no charging 257 this is going to change in FW soon*/ 258 if (rsp[4] == NON_WIPOWER_MODE) 259 { 260 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__); 261 } 262 break; 263 case HCI_VS_GET_ADDON_FEATURES_EVENT: 264 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK)) 265 { 266 ALOGD("%s: WiPower feature supported!!", __FUNCTION__); 267 property_set("persist.bluetooth.a4wp", "true"); 268 } 269 break; 270 case HCI_VS_STRAY_EVT: 271 /* WAR to handle stray Power Apply EVT during patch download */ 272 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__); 273 if (patch_dnld_pending && dnld_fd != -1) 274 { 275 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 276 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE); 277 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE); 278 } 279 else 280 { 281 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 282 err = -1; 283 } 284 break; 285 default: 286 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 287 err = -1; 288 break; 289 } 290 291failed: 292 return err; 293} 294 295 296/* 297 * Read an VS HCI event from the given file descriptor. 298 */ 299int read_vs_hci_event(int fd, unsigned char* buf, int size) 300{ 301 int remain, r; 302 int count = 0, i; 303 304 if (size <= 0) { 305 ALOGE("Invalid size arguement!"); 306 return -1; 307 } 308 309 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__); 310 311 /* The first byte identifies the packet type. For HCI event packets, it 312 * should be 0x04, so we read until we get to the 0x04. */ 313 /* It will keep reading until find 0x04 byte */ 314 while (1) { 315 r = read(fd, buf, 1); 316 if (r <= 0) 317 return -1; 318 if (buf[0] == 0x04) 319 break; 320 } 321 count++; 322 323 /* The next two bytes are the event code and parameter total length. */ 324 while (count < 3) { 325 r = read(fd, buf + count, 3 - count); 326 if ((r <= 0) || (buf[1] != 0xFF )) { 327 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]); 328 return -1; 329 } 330 count += r; 331 } 332 333 /* Now we read the parameters. */ 334 if (buf[2] < (size - 3)) 335 remain = buf[2]; 336 else 337 remain = size - 3; 338 339 while ((count - 3) < remain) { 340 r = read(fd, buf + count, remain - (count - 3)); 341 if (r <= 0) 342 return -1; 343 count += r; 344 } 345 346 /* Check if the set patch command is successful or not */ 347 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS) 348 return -1; 349 350 return count; 351} 352 353/* 354 * For Hand-Off related Wipower commands, Command complete arrives first and 355 * the followd with VS event 356 * 357 */ 358int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 359{ 360 int ret = 0; 361 int err = 0; 362 363 /* Send the HCI command packet to UART for transmission */ 364 ret = do_write(fd, cmd, size); 365 if (ret != size) { 366 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret); 367 goto failed; 368 } 369 370 /* Wait for command complete event */ 371 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 372 if ( err < 0) { 373 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__); 374 goto failed; 375 } 376 377 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__); 378failed: 379 return ret; 380} 381 382 383int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 384{ 385 int ret = 0; 386 387 /* Send the HCI command packet to UART for transmission */ 388 ret = do_write(fd, cmd, size); 389 if (ret != size) { 390 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 391 goto failed; 392 } 393 394 if (wait_vsc_evt) { 395 /* Check for response from the Controller */ 396 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 397 ret = -ETIMEDOUT; 398 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 399 goto failed; 400 } 401 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 402 } 403 404failed: 405 return ret; 406} 407 408void frame_hci_cmd_pkt( 409 unsigned char *cmd, 410 int edl_cmd, unsigned int p_base_addr, 411 int segtNo, int size 412 ) 413{ 414 int offset = 0; 415 hci_command_hdr *cmd_hdr; 416 417 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 418 419 cmd_hdr = (void *) (cmd + 1); 420 421 cmd[0] = HCI_COMMAND_PKT; 422 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF); 423 cmd_hdr->plen = size; 424 cmd[4] = edl_cmd; 425 426 switch (edl_cmd) 427 { 428 case EDL_PATCH_SET_REQ_CMD: 429 /* Copy the patch header info as CMD params */ 430 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN); 431 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__); 432 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 433 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 434 break; 435 case EDL_PATCH_DLD_REQ_CMD: 436 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT); 437 p_base_addr += offset; 438 cmd_hdr->plen = (size + 6); 439 cmd[5] = (size + 4); 440 cmd[6] = EXTRACT_BYTE(p_base_addr, 0); 441 cmd[7] = EXTRACT_BYTE(p_base_addr, 1); 442 cmd[8] = EXTRACT_BYTE(p_base_addr, 2); 443 cmd[9] = EXTRACT_BYTE(p_base_addr, 3); 444 memcpy(&cmd[10], (pdata_buffer + offset), size); 445 446 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes", 447 __FUNCTION__, size); 448 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t" 449 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2], 450 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]); 451 break; 452 case EDL_PATCH_ATCH_REQ_CMD: 453 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__); 454 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 455 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 456 break; 457 case EDL_PATCH_RST_REQ_CMD: 458 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__); 459 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 460 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 461 break; 462 case EDL_PATCH_VER_REQ_CMD: 463 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__); 464 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 465 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 466 break; 467 case EDL_PATCH_TLV_REQ_CMD: 468 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__); 469 /* Parameter Total Length */ 470 cmd[3] = size +2; 471 472 /* TLV Segment Length */ 473 cmd[5] = size; 474 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 475 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]); 476 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT); 477 memcpy(&cmd[6], (pdata_buffer + offset), size); 478 break; 479 case EDL_GET_BUILD_INFO: 480 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__); 481 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 482 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 483 break; 484 default: 485 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__); 486 } 487} 488 489void rome_extract_patch_header_info(unsigned char *buf) 490{ 491 int index; 492 493 /* Extract patch id */ 494 for (index = 0; index < 4; index++) 495 rampatch_patch_info.patch_id |= 496 (LSH(buf[index + P_ID_OFFSET], (index * 8))); 497 498 /* Extract (ROM and BUILD) version information */ 499 for (index = 0; index < 2; index++) 500 rampatch_patch_info.patch_ver.rom_version |= 501 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8))); 502 503 for (index = 0; index < 2; index++) 504 rampatch_patch_info.patch_ver.build_version |= 505 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8))); 506 507 /* Extract patch base and entry addresses */ 508 for (index = 0; index < 4; index++) 509 rampatch_patch_info.patch_base_addr |= 510 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8))); 511 512 /* Patch BASE & ENTRY addresses are same */ 513 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr; 514 515 /* Extract total length of the patch payload */ 516 for (index = 0; index < 4; index++) 517 rampatch_patch_info.patch_length |= 518 (LSH(buf[index + P_LEN_OFFSET], (index * 8))); 519 520 /* Extract the CRC checksum of the patch payload */ 521 for (index = 0; index < 4; index++) 522 rampatch_patch_info.patch_crc |= 523 (LSH(buf[index + P_CRC_OFFSET], (index * 8))); 524 525 /* Extract patch control value */ 526 for (index = 0; index < 4; index++) 527 rampatch_patch_info.patch_ctrl |= 528 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8))); 529 530 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id); 531 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version); 532 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version); 533 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length); 534 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc); 535 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl); 536 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr); 537 538} 539 540int rome_edl_set_patch_request(int fd) 541{ 542 int size, err; 543 unsigned char cmd[HCI_MAX_CMD_SIZE]; 544 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 545 546 /* Frame the HCI CMD to be sent to the Controller */ 547 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0, 548 -1, PATCH_HDR_LEN + 1); 549 550 /* Total length of the packet to be sent to the Controller */ 551 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 552 553 /* Send HCI Command packet to Controller */ 554 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 555 if ( err != size) { 556 ALOGE("Failed to set the patch info to the Controller!"); 557 goto error; 558 } 559 560 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 561 if ( err < 0) { 562 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 563 goto error; 564 } 565 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__); 566error: 567 return err; 568} 569 570int rome_edl_patch_download_request(int fd) 571{ 572 int no_of_patch_segment; 573 int index = 1, err = 0, size = 0; 574 unsigned int p_base_addr; 575 unsigned char cmd[HCI_MAX_CMD_SIZE]; 576 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 577 578 no_of_patch_segment = (rampatch_patch_info.patch_length / 579 MAX_DATA_PER_SEGMENT); 580 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x", 581 __FUNCTION__, no_of_patch_segment, 582 rampatch_patch_info.patch_base_addr); 583 584 /* Initialize the patch base address from the one read from bin file */ 585 p_base_addr = rampatch_patch_info.patch_base_addr; 586 587 /* 588 * Depending upon size of the patch payload, download the patches in 589 * segments with a max. size of 239 bytes 590 */ 591 for (index = 1; index <= no_of_patch_segment; index++) { 592 593 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index); 594 595 /* Frame the HCI CMD PKT to be sent to Controller*/ 596 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, 597 index, MAX_DATA_PER_SEGMENT); 598 599 /* Total length of the packet to be sent to the Controller */ 600 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 601 602 /* Initialize the RSP packet everytime to 0 */ 603 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 604 605 /* Send HCI Command packet to Controller */ 606 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 607 if ( err != size) { 608 ALOGE("Failed to send the patch payload to the Controller!"); 609 goto error; 610 } 611 612 /* Read Command Complete Event */ 613 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 614 if ( err < 0) { 615 ALOGE("%s: Failed to downlaod patch segment: %d!", 616 __FUNCTION__, index); 617 goto error; 618 } 619 ALOGI("%s: Successfully downloaded patch segment: %d", 620 __FUNCTION__, index); 621 } 622 623 /* Check if any pending patch data to be sent */ 624 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ? 625 rampatch_patch_info.patch_length : 626 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT); 627 628 if (size) 629 { 630 /* Frame the HCI CMD PKT to be sent to Controller*/ 631 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size); 632 633 /* Initialize the RSP packet everytime to 0 */ 634 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 635 636 /* Total length of the packet to be sent to the Controller */ 637 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 638 639 /* Send HCI Command packet to Controller */ 640 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 641 if ( err != size) { 642 ALOGE("Failed to send the patch payload to the Controller!"); 643 goto error; 644 } 645 646 /* Read Command Complete Event */ 647 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 648 if ( err < 0) { 649 ALOGE("%s: Failed to downlaod patch segment: %d!", 650 __FUNCTION__, index); 651 goto error; 652 } 653 654 ALOGI("%s: Successfully downloaded patch segment: %d", 655 __FUNCTION__, index); 656 } 657 658error: 659 return err; 660} 661 662static int rome_download_rampatch(int fd) 663{ 664 int c, tmp, size, index, ret = -1; 665 666 ALOGI("%s: ", __FUNCTION__); 667 668 /* Get handle to the RAMPATCH binary file */ 669 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH); 670 file = fopen(ROME_FW_PATH, "r"); 671 if (file == NULL) { 672 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!", 673 __FUNCTION__); 674 return -ENFILE; 675 } 676 677 /* Allocate memory for the patch headder info */ 678 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__); 679 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1); 680 if (phdr_buffer == NULL) { 681 ALOGE("%s: Failed to allocate memory for patch header", 682 __FUNCTION__); 683 goto phdr_alloc_failed; 684 } 685 for (index = 0; index < PATCH_HDR_LEN + 1; index++) 686 phdr_buffer[index] = 0x0; 687 688 /* Read 28 bytes of patch header information */ 689 ALOGI("%s: Reading patch header info", __FUNCTION__); 690 index = 0; 691 do { 692 c = fgetc (file); 693 phdr_buffer[index++] = (unsigned char)c; 694 } while (index != PATCH_HDR_LEN); 695 696 /* Save the patch header info into local structure */ 697 ALOGI("%s: Saving patch hdr. info", __FUNCTION__); 698 rome_extract_patch_header_info((unsigned char *)phdr_buffer); 699 700 /* Set the patch header info onto the Controller */ 701 ret = rome_edl_set_patch_request(fd); 702 if (ret < 0) { 703 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__); 704 goto pdata_alloc_failed; 705 } 706 707 /* Allocate memory for the patch payload */ 708 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__); 709 size = rampatch_patch_info.patch_length; 710 pdata_buffer = (unsigned char *) malloc(size+1); 711 if (pdata_buffer == NULL) { 712 ALOGE("%s: Failed to allocate memory for patch payload", 713 __FUNCTION__); 714 goto pdata_alloc_failed; 715 } 716 for (index = 0; index < size+1; index++) 717 pdata_buffer[index] = 0x0; 718 719 /* Read the patch data from Rampatch binary image */ 720 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__); 721 index = 0; 722 do { 723 c = fgetc (file); 724 pdata_buffer[index++] = (unsigned char)c; 725 } while (c != EOF); 726 727 /* Downloading patches in segments to controller */ 728 ret = rome_edl_patch_download_request(fd); 729 if (ret < 0) { 730 ALOGE("%s: Error downloading patch segments!", __FUNCTION__); 731 goto cleanup; 732 } 733cleanup: 734 free(pdata_buffer); 735pdata_alloc_failed: 736 free(phdr_buffer); 737phdr_alloc_failed: 738 fclose(file); 739error: 740 return ret; 741} 742 743int rome_attach_rampatch(int fd) 744{ 745 int size, err; 746 unsigned char cmd[HCI_MAX_CMD_SIZE]; 747 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 748 749 /* Frame the HCI CMD to be sent to the Controller */ 750 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0, 751 -1, EDL_PATCH_CMD_LEN); 752 753 /* Total length of the packet to be sent to the Controller */ 754 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 755 756 /* Send HCI Command packet to Controller */ 757 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 758 if ( err != size) { 759 ALOGE("Failed to attach the patch payload to the Controller!"); 760 goto error; 761 } 762 763 /* Read Command Complete Event */ 764 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 765 if ( err < 0) { 766 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__); 767 goto error; 768 } 769error: 770 return err; 771} 772 773int rome_rampatch_reset(int fd) 774{ 775 int size, err = 0, flags; 776 unsigned char cmd[HCI_MAX_CMD_SIZE]; 777 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */ 778 779 /* Frame the HCI CMD to be sent to the Controller */ 780 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0, 781 -1, EDL_PATCH_CMD_LEN); 782 783 /* Total length of the packet to be sent to the Controller */ 784 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 785 786 /* Send HCI Command packet to Controller */ 787 err = do_write(fd, cmd, size); 788 if (err != size) { 789 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 790 goto error; 791 } 792 793 /* 794 * Controller doesn't sends any response for the patch reset 795 * command. HOST has to wait for 100ms before proceeding. 796 */ 797 nanosleep(&tm, NULL); 798 799error: 800 return err; 801} 802 803/* This function is called with q_lock held and q is non-NULL */ 804int rome_get_tlv_file(char *file_path) 805{ 806 FILE * pFile; 807 long fileSize; 808 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i; 809 unsigned short nvm_tag_len; 810 tlv_patch_info *ptlv_header; 811 tlv_nvm_hdr *nvm_ptr; 812 unsigned char data_buf[PRINT_BUF_SIZE]={0,}; 813 unsigned char *nvm_byte_ptr; 814 815 ALOGI("File Open (%s)", file_path); 816 pFile = fopen ( file_path , "r" ); 817 if (pFile==NULL) {; 818 ALOGE("%s File Open Fail", file_path); 819 return -1; 820 } 821 822 /* Get File Size */ 823 fseek (pFile , 0 , SEEK_END); 824 fileSize = ftell (pFile); 825 rewind (pFile); 826 827 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize); 828 if (pdata_buffer == NULL) { 829 ALOGE("Allocated Memory failed"); 830 fclose (pFile); 831 return -1; 832 } 833 834 /* Copy file into allocated buffer */ 835 readSize = fread (pdata_buffer,1,fileSize,pFile); 836 837 /* File Close */ 838 fclose (pFile); 839 840 if (readSize != fileSize) { 841 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize); 842 return -1; 843 } 844 845 ptlv_header = (tlv_patch_info *) pdata_buffer; 846 847 /* To handle different event between rampatch and NVM */ 848 gTlv_type = ptlv_header->tlv_type; 849 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg; 850 851 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){ 852 ALOGI("===================================================="); 853 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 854 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) | 855 (ptlv_header->tlv_length2 << 8) | 856 (ptlv_header->tlv_length3 << 16)); 857 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len); 858 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len); 859 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver); 860 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm); 861 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg); 862 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1); 863 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id); 864 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver); 865 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver); 866 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2); 867 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr)); 868 ALOGI("===================================================="); 869 870 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) { 871 ALOGI("===================================================="); 872 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 873 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) | 874 (ptlv_header->tlv_length2 << 8) | 875 (ptlv_header->tlv_length3 << 16)); 876 877 if(nvm_length <= 0) 878 return readSize; 879 880 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0; 881 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr) 882 { 883 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id); 884 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len); 885 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr); 886 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag); 887 888 /* Increase nvm_index to NVM data */ 889 nvm_index+=sizeof(tlv_nvm_hdr); 890 nvm_byte_ptr+=sizeof(tlv_nvm_hdr); 891 892 /* Write BD Address */ 893 if(nvm_ptr->tag_id == TAG_NUM_2){ 894 memcpy(nvm_byte_ptr, q->bdaddr, 6); 895 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x", 896 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2), 897 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5)); 898 } 899 900 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++) 901 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i)); 902 903 ALOGI("TAG Data\t\t\t : %s", data_buf); 904 905 /* Clear buffer */ 906 memset(data_buf, 0x0, PRINT_BUF_SIZE); 907 908 /* increased by tag_len */ 909 nvm_index+=nvm_ptr->tag_len; 910 nvm_byte_ptr +=nvm_ptr->tag_len; 911 } 912 913 ALOGI("===================================================="); 914 915 } else { 916 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type); 917 } 918 919 return readSize; 920} 921 922int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt) 923{ 924 int size=0, err = -1; 925 unsigned char cmd[HCI_MAX_CMD_SIZE]; 926 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 927 928 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size); 929 930 /* Frame the HCI CMD PKT to be sent to Controller*/ 931 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size); 932 933 /* Total length of the packet to be sent to the Controller */ 934 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 935 936 /* Initialize the RSP packet everytime to 0 */ 937 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 938 939 /* Send HCI Command packet to Controller */ 940 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 941 if ( err != size) { 942 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err); 943 return err; 944 } 945 946 if(wait_cc_evt) { 947 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 948 if ( err < 0) { 949 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index); 950 return err; 951 } 952 } 953 954 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index); 955 return err; 956} 957 958int rome_tlv_dnld_req(int fd, int tlv_size) 959{ 960 int total_segment, remain_size, i, err = -1; 961 unsigned char wait_cc_evt = TRUE; 962 963 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT; 964 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\ 965 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT); 966 967 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d", 968 __FUNCTION__,tlv_size, total_segment, remain_size); 969 970 if (gTlv_type == TLV_TYPE_PATCH) { 971 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event 972 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the 973 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now 974 */ 975 switch(gTlv_dwndCfg) 976 { 977 case ROME_SKIP_EVT_NONE: 978 wait_vsc_evt = TRUE; 979 wait_cc_evt = TRUE; 980 ALOGI("Event handling type: ROME_SKIP_EVT_NONE"); 981 break; 982 case ROME_SKIP_EVT_VSE_CC: 983 wait_vsc_evt = FALSE; 984 wait_cc_evt = FALSE; 985 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC"); 986 break; 987 /* Not handled for now */ 988 case ROME_SKIP_EVT_VSE: 989 case ROME_SKIP_EVT_CC: 990 default: 991 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg); 992 break; 993 } 994 } else { 995 wait_vsc_evt = TRUE; 996 wait_cc_evt = TRUE; 997 } 998 999 for(i=0;i<total_segment ;i++){ 1000 if ((i+1) == total_segment) { 1001 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1002 /* If the Rome version is from 1.1 to 3.1 1003 * 1. No CCE for the last command segment but all other segment 1004 * 2. All the command segments get VSE including the last one 1005 */ 1006 wait_cc_evt = !remain_size ? FALSE: TRUE; 1007 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1008 /* If the Rome version is 3.2 1009 * 1. None of the command segments receive CCE 1010 * 2. No command segments receive VSE except the last one 1011 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1012 * same as Rome 2.1, 2.2, 3.0 1013 */ 1014 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1015 wait_cc_evt = !remain_size ? FALSE: TRUE; 1016 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1017 wait_vsc_evt = !remain_size ? TRUE: FALSE; 1018 } 1019 } 1020 } 1021 1022 patch_dnld_pending = TRUE; 1023 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0) 1024 goto error; 1025 patch_dnld_pending = FALSE; 1026 } 1027 1028 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1029 /* If the Rome version is from 1.1 to 3.1 1030 * 1. No CCE for the last command segment but all other segment 1031 * 2. All the command segments get VSE including the last one 1032 */ 1033 wait_cc_evt = remain_size ? FALSE: TRUE; 1034 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1035 /* If the Rome version is 3.2 1036 * 1. None of the command segments receive CCE 1037 * 2. No command segments receive VSE except the last one 1038 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1039 * same as Rome 2.1, 2.2, 3.0 1040 */ 1041 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1042 wait_cc_evt = remain_size ? FALSE: TRUE; 1043 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1044 wait_vsc_evt = remain_size ? TRUE: FALSE; 1045 } 1046 } 1047 patch_dnld_pending = TRUE; 1048 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt); 1049 patch_dnld_pending = FALSE; 1050error: 1051 if(patch_dnld_pending) patch_dnld_pending = FALSE; 1052 return err; 1053} 1054 1055int rome_download_tlv_file(int fd) 1056{ 1057 int tlv_size, err = -1; 1058 1059 /* Rampatch TLV file Downloading */ 1060 pdata_buffer = NULL; 1061 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0) 1062 goto error; 1063 1064 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1065 goto error; 1066 1067 if (pdata_buffer != NULL){ 1068 free (pdata_buffer); 1069 pdata_buffer = NULL; 1070 } 1071nvm_download: 1072 if(!nvm_file_path) { 1073 ALOGI("%s: nvm file is not available", __FUNCTION__); 1074 err = 0; // in case of nvm/rampatch is not available 1075 goto error; 1076 } 1077 1078 /* NVM TLV file Downloading */ 1079 if((tlv_size = rome_get_tlv_file(nvm_file_path)) <= 0) 1080 goto error; 1081 1082 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1083 goto error; 1084 1085error: 1086 if (pdata_buffer != NULL) 1087 free (pdata_buffer); 1088 1089 return err; 1090} 1091 1092int rome_1_0_nvm_tag_dnld(int fd) 1093{ 1094 int i, size, err = 0; 1095 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1096 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1097 1098#if (NVM_VERSION >= ROME_1_0_100019) 1099 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1100 { 1101 /* Tag 2 */ /* BD Address */ 1102 { /* Packet Type */HCI_COMMAND_PKT, 1103 /* Opcode */ 0x0b,0xfc, 1104 /* Total Len */ 9, 1105 /* NVM CMD */ NVM_ACCESS_SET, 1106 /* Tag Num */ 2, 1107 /* Tag Len */ 6, 1108 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 1109 }, 1110 /* Tag 6 */ /* Bluetooth Support Features */ 1111 { /* Packet Type */HCI_COMMAND_PKT, 1112 /* Opcode */ 0x0b,0xfc, 1113 /* Total Len */ 11, 1114 /* NVM CMD */ NVM_ACCESS_SET, 1115 /* Tag Num */ 6, 1116 /* Tag Len */ 8, 1117 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1118 }, 1119 /* Tag 17 */ /* HCI Transport Layer Setting */ 1120 { /* Packet Type */HCI_COMMAND_PKT, 1121 /* Opcode */ 0x0b,0xfc, 1122 /* Total Len */ 11, 1123 /* NVM CMD */ NVM_ACCESS_SET, 1124 /* Tag Num */ 17, 1125 /* Tag Len */ 8, 1126 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1127 }, 1128 /* Tag 35 */ 1129 { /* Packet Type */HCI_COMMAND_PKT, 1130 /* Opcode */ 0x0b,0xfc, 1131 /* Total Len */ 58, 1132 /* NVM CMD */ NVM_ACCESS_SET, 1133 /* Tag Num */ 35, 1134 /* Tag Len */ 55, 1135 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59, 1136 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1137 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1138 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1139 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1140 0x1B, 0x14, 0x01, 0x04, 0x48 1141 }, 1142 /* Tag 36 */ 1143 { /* Packet Type */HCI_COMMAND_PKT, 1144 /* Opcode */ 0x0b,0xfc, 1145 /* Total Len */ 15, 1146 /* NVM CMD */ NVM_ACCESS_SET, 1147 /* Tag Num */ 36, 1148 /* Tag Len */ 12, 1149 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1150 }, 1151 /* Tag 39 */ 1152 { /* Packet Type */HCI_COMMAND_PKT, 1153 /* Opcode */ 0x0b,0xfc, 1154 /* Total Len */ 7, 1155 /* NVM CMD */ NVM_ACCESS_SET, 1156 /* Tag Num */ 39, 1157 /* Tag Len */ 4, 1158 /* Tag Value */ 0x12,0x00,0x00,0x00 1159 }, 1160 /* Tag 41 */ 1161 { /* Packet Type */HCI_COMMAND_PKT, 1162 /* Opcode */ 0x0b,0xfc, 1163 /* Total Len */ 91, 1164 /* NVM CMD */ NVM_ACCESS_SET, 1165 /* Tag Num */ 41, 1166 /* Tag Len */ 88, 1167 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00, 1168 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00, 1169 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00, 1170 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00, 1171 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01, 1172 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00, 1173 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01, 1174 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00, 1175 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00 1176 }, 1177 /* Tag 42 */ 1178 { /* Packet Type */HCI_COMMAND_PKT, 1179 /* Opcode */ 0x0b,0xfc, 1180 /* Total Len */ 63, 1181 /* NVM CMD */ NVM_ACCESS_SET, 1182 /* Tag Num */ 42, 1183 /* Tag Len */ 60, 1184 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47, 1185 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01, 1186 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01, 1187 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A, 1188 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00, 1189 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01 1190 }, 1191 /* Tag 84 */ 1192 { /* Packet Type */HCI_COMMAND_PKT, 1193 /* Opcode */ 0x0b,0xfc, 1194 /* Total Len */ 153, 1195 /* NVM CMD */ NVM_ACCESS_SET, 1196 /* Tag Num */ 84, 1197 /* Tag Len */ 150, 1198 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28, 1199 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28, 1200 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28, 1201 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18, 1202 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 1203 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13, 1204 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12, 1205 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01, 1206 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D, 1207 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D, 1208 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00, 1209 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40, 1210 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00, 1211 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00, 1212 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D 1213 }, 1214 /* Tag 85 */ 1215 { /* Packet Type */HCI_COMMAND_PKT, 1216 /* Opcode */ 0x0b,0xfc, 1217 /* Total Len */ 119, 1218 /* NVM CMD */ NVM_ACCESS_SET, 1219 /* Tag Num */ 85, 1220 /* Tag Len */ 116, 1221 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59, 1222 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E, 1223 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02, 1224 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02, 1225 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00, 1226 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F, 1227 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C, 1228 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 1229 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00, 1230 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00, 1231 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00, 1232 0x12, 0x04, 0x04, 0x01, 0x04, 0x03 1233 }, 1234 {TAG_END} 1235 }; 1236#elif (NVM_VERSION == ROME_1_0_6002) 1237 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1238 { 1239 /* Tag 2 */ 1240 { /* Packet Type */HCI_COMMAND_PKT, 1241 /* Opcode */ 0x0b,0xfc, 1242 /* Total Len */ 9, 1243 /* NVM CMD */ NVM_ACCESS_SET, 1244 /* Tag Num */ 2, 1245 /* Tag Len */ 6, 1246 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */ 1247 }, 1248 /* Tag 6 */ 1249 { /* Packet Type */HCI_COMMAND_PKT, 1250 /* Opcode */ 0x0b,0xfc, 1251 /* Total Len */ 11, 1252 /* NVM CMD */ NVM_ACCESS_SET, 1253 /* Tag Num */ 6, 1254 /* Tag Len */ 8, 1255 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1256 }, 1257 /* Tag 17 */ 1258 { /* Packet Type */HCI_COMMAND_PKT, 1259 /* Opcode */ 0x0b,0xfc, 1260 /* Total Len */ 11, 1261 /* NVM CMD */ NVM_ACCESS_SET, 1262 /* Tag Num */ 17, 1263 /* Tag Len */ 8, 1264 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1265 }, 1266 /* Tag 36 */ 1267 { /* Packet Type */HCI_COMMAND_PKT, 1268 /* Opcode */ 0x0b,0xfc, 1269 /* Total Len */ 15, 1270 /* NVM CMD */ NVM_ACCESS_SET, 1271 /* Tag Num */ 36, 1272 /* Tag Len */ 12, 1273 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1274 }, 1275 1276 /* Tag 39 */ 1277 { /* Packet Type */HCI_COMMAND_PKT, 1278 /* Opcode */ 0x0b,0xfc, 1279 /* Total Len */ 7, 1280 /* NVM CMD */ NVM_ACCESS_SET, 1281 /* Tag Num */ 39, 1282 /* Tag Len */ 4, 1283 /* Tag Value */ 0x12,0x00,0x00,0x00 1284 }, 1285 1286 /* Tag 41 */ 1287 { /* Packet Type */HCI_COMMAND_PKT, 1288 /* Opcode */ 0x0b,0xfc, 1289 /* Total Len */ 199, 1290 /* NVM CMD */ NVM_ACCESS_SET, 1291 /* Tag Num */ 41, 1292 /* Tag Len */ 196, 1293 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00, 1294 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00, 1295 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00, 1296 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00, 1297 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00, 1298 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00, 1299 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00, 1300 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00, 1301 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00, 1302 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00, 1303 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00, 1304 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00, 1305 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00, 1306 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00, 1307 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00, 1308 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00, 1309 0x0B,0x01,0x03,0x00 1310 }, 1311 1312 /* Tag 44 */ 1313 { /* Packet Type */HCI_COMMAND_PKT, 1314 /* Opcode */ 0x0b,0xfc, 1315 /* Total Len */ 44, 1316 /* NVM CMD */ NVM_ACCESS_SET, 1317 /* Tag Num */ 44, 1318 /* Tag Len */ 41, 1319 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02, 1320 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01, 1321 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01, 1322 0x00,0x14,0x01,0x02,0x03 1323 }, 1324 {TAG_END} 1325 }; 1326#endif 1327 1328 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION); 1329 1330 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++) 1331 { 1332 /* Write BD Address */ 1333 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){ 1334 memcpy(&cmds[i][TAG_BDADDR_OFFSET], q->bdaddr, 6); 1335 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", 1336 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1], 1337 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3], 1338 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]); 1339 } 1340 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1; 1341 /* Send HCI Command packet to Controller */ 1342 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size); 1343 if ( err != size) { 1344 ALOGE("Failed to attach the patch payload to the Controller!"); 1345 goto error; 1346 } 1347 1348 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1349 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1350 if ( err < 0) { 1351 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1352 goto error; 1353 } 1354 } 1355 1356error: 1357 return err; 1358} 1359 1360 1361 1362int rome_patch_ver_req(int fd) 1363{ 1364 int size, err = 0; 1365 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1366 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1367 1368 /* Frame the HCI CMD to be sent to the Controller */ 1369 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0, 1370 -1, EDL_PATCH_CMD_LEN); 1371 1372 /* Total length of the packet to be sent to the Controller */ 1373 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1374 1375 /* Send HCI Command packet to Controller */ 1376 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1377 if ( err != size) { 1378 ALOGE("Failed to attach the patch payload to the Controller!"); 1379 goto error; 1380 } 1381 1382 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1383 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1384 if ( err < 0) { 1385 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1386 goto error; 1387 } 1388error: 1389 return err; 1390 1391} 1392 1393int rome_get_build_info_req(int fd) 1394{ 1395 int size, err = 0; 1396 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1397 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1398 1399 /* Frame the HCI CMD to be sent to the Controller */ 1400 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0, 1401 -1, EDL_PATCH_CMD_LEN); 1402 1403 /* Total length of the packet to be sent to the Controller */ 1404 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1405 1406 /* Send HCI Command packet to Controller */ 1407 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1408 if ( err != size) { 1409 ALOGE("Failed to send get build info cmd to the SoC!"); 1410 goto error; 1411 } 1412 1413 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1414 if ( err < 0) { 1415 ALOGE("%s: Failed to get build info", __FUNCTION__); 1416 goto error; 1417 } 1418error: 1419 return err; 1420 1421} 1422 1423 1424int rome_set_baudrate_req(int fd) 1425{ 1426 int size, err = 0; 1427 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1428 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1429 hci_command_hdr *cmd_hdr; 1430 int flags; 1431 1432 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1433 1434 cmd_hdr = (void *) (cmd + 1); 1435 cmd[0] = HCI_COMMAND_PKT; 1436 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF); 1437 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN; 1438 cmd[4] = BAUDRATE_3000000; 1439 1440 /* Total length of the packet to be sent to the Controller */ 1441 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN); 1442 1443 /* Flow off during baudrate change */ 1444 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1445 { 1446 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1447 goto error; 1448 } 1449 1450 /* Send the HCI command packet to UART for transmission */ 1451 err = do_write(fd, cmd, size); 1452 if (err != size) { 1453 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1454 goto error; 1455 } 1456 1457 /* Change Local UART baudrate to high speed UART */ 1458 userial_vendor_set_baud(USERIAL_BAUD_3M); 1459 1460 /* Flow on after changing local uart baudrate */ 1461 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1462 { 1463 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1464 return err; 1465 } 1466 1467 /* Check for response from the Controller */ 1468 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) { 1469 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 1470 goto error; 1471 } 1472 1473 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 1474 1475 /* Wait for command complete event */ 1476 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1477 if ( err < 0) { 1478 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1479 goto error; 1480 } 1481 1482error: 1483 return err; 1484 1485} 1486 1487 1488int rome_hci_reset_req(int fd) 1489{ 1490 int size, err = 0; 1491 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1492 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1493 hci_command_hdr *cmd_hdr; 1494 int flags; 1495 1496 ALOGI("%s: HCI RESET ", __FUNCTION__); 1497 1498 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1499 1500 cmd_hdr = (void *) (cmd + 1); 1501 cmd[0] = HCI_COMMAND_PKT; 1502 cmd_hdr->opcode = HCI_RESET; 1503 cmd_hdr->plen = 0; 1504 1505 /* Total length of the packet to be sent to the Controller */ 1506 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1507 1508 /* Flow off during baudrate change */ 1509 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1510 { 1511 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1512 goto error; 1513 } 1514 1515 /* Send the HCI command packet to UART for transmission */ 1516 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]); 1517 err = do_write(fd, cmd, size); 1518 if (err != size) { 1519 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1520 goto error; 1521 } 1522 1523 /* Change Local UART baudrate to high speed UART */ 1524 userial_vendor_set_baud(USERIAL_BAUD_3M); 1525 1526 /* Flow on after changing local uart baudrate */ 1527 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1528 { 1529 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1530 return err; 1531 } 1532 1533 /* Wait for command complete event */ 1534 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1535 if ( err < 0) { 1536 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1537 goto error; 1538 } 1539 1540error: 1541 return err; 1542 1543} 1544 1545 1546int rome_hci_reset(int fd) 1547{ 1548 int size, err = 0; 1549 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1550 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1551 hci_command_hdr *cmd_hdr; 1552 int flags; 1553 1554 ALOGI("%s: HCI RESET ", __FUNCTION__); 1555 1556 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1557 1558 cmd_hdr = (void *) (cmd + 1); 1559 cmd[0] = HCI_COMMAND_PKT; 1560 cmd_hdr->opcode = HCI_RESET; 1561 cmd_hdr->plen = 0; 1562 1563 /* Total length of the packet to be sent to the Controller */ 1564 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1565 err = do_write(fd, cmd, size); 1566 if (err != size) { 1567 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1568 err = -1; 1569 goto error; 1570 } 1571 1572 /* Wait for command complete event */ 1573 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1574 if ( err < 0) { 1575 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1576 goto error; 1577 } 1578 1579error: 1580 return err; 1581 1582} 1583 1584int rome_wipower_current_charging_status_req(int fd) 1585{ 1586 int size, err = 0; 1587 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1588 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1589 hci_command_hdr *cmd_hdr; 1590 int flags; 1591 1592 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1593 1594 cmd_hdr = (void *) (cmd + 1); 1595 cmd[0] = HCI_COMMAND_PKT; 1596 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1597 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN; 1598 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD; 1599 1600 /* Total length of the packet to be sent to the Controller */ 1601 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN); 1602 1603 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__); 1604 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1605 1606 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1607 if ( err != size) { 1608 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!"); 1609 goto error; 1610 } 1611 1612 /* Check for response from the Controller */ 1613 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1614 err = -ETIMEDOUT; 1615 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1616 goto error; 1617 } 1618 1619 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1620 if (rsp[4] >= NON_WIPOWER_MODE) { 1621 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1622 if (err < 0) { 1623 ALOGE("%s: Failed to get charging status", __FUNCTION__); 1624 goto error; 1625 } 1626 } 1627 1628error: 1629 return err; 1630} 1631 1632int addon_feature_req(int fd) 1633{ 1634 int size, err = 0; 1635 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1636 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1637 hci_command_hdr *cmd_hdr; 1638 int flags; 1639 1640 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1641 1642 cmd_hdr = (void *) (cmd + 1); 1643 cmd[0] = HCI_COMMAND_PKT; 1644 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT); 1645 cmd_hdr->plen = 0x00; 1646 1647 /* Total length of the packet to be sent to the Controller */ 1648 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1649 1650 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__); 1651 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]); 1652 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1653 if ( err != size) { 1654 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!"); 1655 goto error; 1656 } 1657 1658 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1659 if (err < 0) { 1660 ALOGE("%s: Failed to get feature request", __FUNCTION__); 1661 goto error; 1662 } 1663error: 1664 return err; 1665} 1666 1667 1668int check_embedded_mode(int fd) { 1669 int err = 0; 1670 1671 wipower_flag = 0; 1672 /* Get current wipower charging status */ 1673 if ((err = rome_wipower_current_charging_status_req(fd)) < 0) 1674 { 1675 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err); 1676 } 1677 usleep(500); 1678 1679 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag); 1680 1681 return wipower_flag; 1682} 1683 1684int rome_get_addon_feature_list(int fd) { 1685 int err = 0; 1686 1687 /* Get addon features that are supported by FW */ 1688 if ((err = addon_feature_req(fd)) < 0) 1689 { 1690 ALOGE("%s: failed (0x%x)", __FUNCTION__, err); 1691 } 1692 return err; 1693} 1694 1695int rome_wipower_forward_handoff_req(int fd) 1696{ 1697 int size, err = 0; 1698 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1699 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1700 hci_command_hdr *cmd_hdr; 1701 int flags; 1702 1703 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1704 1705 cmd_hdr = (void *) (cmd + 1); 1706 cmd[0] = HCI_COMMAND_PKT; 1707 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1708 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN; 1709 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD; 1710 1711 /* Total length of the packet to be sent to the Controller */ 1712 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN); 1713 1714 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__); 1715 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1716 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1717 if ( err != size) { 1718 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!"); 1719 goto error; 1720 } 1721 1722 /* Check for response from the Controller */ 1723 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1724 err = -ETIMEDOUT; 1725 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1726 goto error; 1727 } 1728 1729error: 1730 return err; 1731} 1732 1733 1734void enable_controller_log (int fd, unsigned char wait_for_evt) 1735{ 1736 int ret = 0; 1737 /* VS command to enable controller logging to the HOST. By default it is disabled */ 1738 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00}; 1739 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1740 char value[PROPERTY_VALUE_MAX] = {'\0'}; 1741 1742 property_get("persist.service.bdroid.soclog", value, "false"); 1743 1744 // value at cmd[5]: 1 - to enable, 0 - to disable 1745 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0; 1746 ALOGI("%s: %d", __func__, ret); 1747 /* Ignore vsc evt if wait_for_evt is true */ 1748 if (wait_for_evt) wait_vsc_evt = FALSE; 1749 1750 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6); 1751 if (ret != 6) { 1752 ALOGE("%s: command failed", __func__); 1753 } 1754 /*Ignore hci_event if wait_for_evt is true*/ 1755 if (wait_for_evt) 1756 goto end; 1757 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1758 if (ret < 0) { 1759 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__); 1760 } 1761end: 1762 wait_vsc_evt = TRUE; 1763 return; 1764} 1765 1766 1767/* This function is called with q_lock held and q is non-NULL */ 1768static int disable_internal_ldo(int fd) 1769{ 1770 int ret = 0; 1771 if (q->enable_extldo) { 1772 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32}; 1773 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1774 1775 ALOGI(" %s ", __FUNCTION__); 1776 ret = do_write(fd, cmd, 5); 1777 if (ret != 5) { 1778 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 1779 ret = -1; 1780 } else { 1781 /* Wait for command complete event */ 1782 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1783 if ( ret < 0) { 1784 ALOGE("%s: Failed to get response from controller", __FUNCTION__); 1785 } 1786 } 1787 } 1788 return ret; 1789} 1790 1791int rome_soc_init(int fd, char *bdaddr) 1792{ 1793 int err = -1, size = 0; 1794 dnld_fd = fd; 1795 ALOGI(" %s ", __FUNCTION__); 1796 RESERVED(bdaddr); 1797 1798 /* If wipower charging is going on in embedded mode then start hand off req */ 1799 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE) 1800 { 1801 wipower_flag = 0; 1802 wipower_handoff_ready = 0; 1803 if ((err = rome_wipower_forward_handoff_req(fd)) < 0) 1804 { 1805 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err); 1806 } 1807 } 1808 1809 /* Get Rome version information */ 1810 if((err = rome_patch_ver_req(fd)) <0){ 1811 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err); 1812 goto error; 1813 } 1814 1815 ALOGI("%s: Chipset Version (0x%08x)", __FUNCTION__, chipset_ver); 1816 1817 switch (chipset_ver){ 1818 case ROME_VER_1_0: 1819 { 1820 /* Set and Download the RAMPATCH */ 1821 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__); 1822 err = rome_download_rampatch(fd); 1823 if (err < 0) { 1824 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__); 1825 goto error; 1826 } 1827 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__); 1828 1829 /* Attach the RAMPATCH */ 1830 ALOGI("%s: Attaching the patches", __FUNCTION__); 1831 err = rome_attach_rampatch(fd); 1832 if (err < 0) { 1833 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__); 1834 goto error; 1835 } 1836 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__); 1837 1838 /* Send Reset */ 1839 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1840 err = rome_rampatch_reset(fd); 1841 if ( err < 0 ) { 1842 ALOGE("Failed to RESET after RAMPATCH upgrade!"); 1843 goto error; 1844 } 1845 1846 /* NVM download */ 1847 ALOGI("%s: Downloading NVM", __FUNCTION__); 1848 err = rome_1_0_nvm_tag_dnld(fd); 1849 if ( err <0 ) { 1850 ALOGE("Downloading NVM Failed !!"); 1851 goto error; 1852 } 1853 1854 /* Change baud rate 115.2 kbps to 3Mbps*/ 1855 err = rome_hci_reset_req(fd); 1856 if (err < 0) { 1857 ALOGE("HCI Reset Failed !!"); 1858 goto error; 1859 } 1860 1861 ALOGI("HCI Reset is done\n"); 1862 } 1863 break; 1864 case ROME_VER_1_1: 1865 rampatch_file_path = ROME_RAMPATCH_TLV_PATH; 1866 nvm_file_path = ROME_NVM_TLV_PATH; 1867 goto download; 1868 case ROME_VER_1_3: 1869 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH; 1870 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH; 1871 goto download; 1872 case ROME_VER_2_1: 1873 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH; 1874 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH; 1875 goto download; 1876 case ROME_VER_3_0: 1877 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH; 1878 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH; 1879 fw_su_info = ROME_3_1_FW_SU; 1880 fw_su_offset = ROME_3_1_FW_SW_OFFSET; 1881 goto download; 1882 case ROME_VER_3_2: 1883 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH; 1884 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH; 1885 fw_su_info = ROME_3_2_FW_SU; 1886 fw_su_offset = ROME_3_2_FW_SW_OFFSET; 1887 1888download: 1889 /* Change baud rate 115.2 kbps to 3Mbps*/ 1890 err = rome_set_baudrate_req(fd); 1891 if (err < 0) { 1892 ALOGE("%s: Baud rate change failed!", __FUNCTION__); 1893 goto error; 1894 } 1895 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__); 1896 /* Donwload TLV files (rampatch, NVM) */ 1897 err = rome_download_tlv_file(fd); 1898 if (err < 0) { 1899 ALOGE("%s: Download TLV file failed!", __FUNCTION__); 1900 goto error; 1901 } 1902 ALOGI("%s: Download TLV file successfully ", __FUNCTION__); 1903 1904 /* Get SU FM label information */ 1905 if((err = rome_get_build_info_req(fd)) <0){ 1906 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err); 1907 //Ignore the failure of ROME FW SU label information 1908 err = 0; 1909 } 1910 1911 /* Disable internal LDO to use external LDO instead*/ 1912 err = disable_internal_ldo(fd); 1913 1914 /* Send HCI Reset */ 1915 err = rome_hci_reset(fd); 1916 if ( err <0 ) { 1917 ALOGE("HCI Reset Failed !!"); 1918 goto error; 1919 } 1920 1921 ALOGI("HCI Reset is done\n"); 1922 1923 break; 1924 default: 1925 ALOGI("%s: Detected unknown SoC version: 0x%08x", __FUNCTION__, chipset_ver); 1926 err = -1; 1927 break; 1928 } 1929 1930error: 1931 dnld_fd = -1; 1932 return err; 1933} 1934