1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <termios.h>
50 #include <string.h>
51 #include <stdbool.h>
52 #include "bt_hci_bdroid.h"
53 #include "bt_vendor_qcom.h"
54 #include "hci_uart.h"
55 #include "hw_rome.h"
56
57 #ifdef __cplusplus
58 }
59 #endif
60
61 int read_vs_hci_event(int fd, unsigned char* buf, int size);
62
63 /******************************************************************************
64 ** Variables
65 ******************************************************************************/
66 FILE *file;
67 unsigned char *phdr_buffer;
68 unsigned char *pdata_buffer = NULL;
69 patch_info rampatch_patch_info;
70 int rome_ver = ROME_VER_UNKNOWN;
71 unsigned char gTlv_type;
72 unsigned char gTlv_dwndCfg;
73 static unsigned int wipower_flag = 0;
74 static unsigned int wipower_handoff_ready = 0;
75 char *rampatch_file_path;
76 char *nvm_file_path;
77 char *fw_su_info = NULL;
78 unsigned short fw_su_offset =0;
79 extern char enable_extldo;
80 unsigned char wait_vsc_evt = TRUE;
81 bool patch_dnld_pending = FALSE;
82 int dnld_fd = -1;
83 /******************************************************************************
84 ** Extern variables
85 ******************************************************************************/
86 extern uint8_t vnd_local_bd_addr[6];
87
88 /*****************************************************************************
89 ** Functions
90 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)91 int do_write(int fd, unsigned char *buf,int len)
92 {
93 int ret = 0;
94 int write_offset = 0;
95 int write_len = len;
96 do {
97 ret = write(fd,buf+write_offset,write_len);
98 if (ret < 0)
99 {
100 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
101 return -1;
102 } else if (ret == 0) {
103 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
104 return 0;
105 } else {
106 if (ret < write_len) {
107 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
108 strerror(errno));
109 write_len = write_len - ret;
110 write_offset = ret;
111 } else {
112 ALOGV("Write successful");
113 break;
114 }
115 }
116 } while(1);
117 return len;
118 }
119
get_vs_hci_event(unsigned char * rsp)120 int get_vs_hci_event(unsigned char *rsp)
121 {
122 int err = 0;
123 unsigned char paramlen = 0;
124 unsigned char EMBEDDED_MODE_CHECK = 0x02;
125 FILE *btversionfile = 0;
126 unsigned int soc_id = 0;
127 unsigned int productid = 0;
128 unsigned short patchversion = 0;
129 char build_label[255];
130 int build_lbl_len;
131
132 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
133 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
134 else {
135 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
136 err = -EIO;
137 goto failed;
138 }
139
140 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
141 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
142 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
143
144 /* Check the status of the operation */
145 switch ( rsp[CMD_RSP_OFFSET] )
146 {
147 case EDL_CMD_REQ_RES_EVT:
148 ALOGI("%s: Command Request Response", __FUNCTION__);
149 switch(rsp[RSP_TYPE_OFFSET])
150 {
151 case EDL_PATCH_VER_RES_EVT:
152 case EDL_APP_VER_RES_EVT:
153 ALOGI("\t Current Product ID\t\t: 0x%08x",
154 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
155 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
156 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
157 rsp[PATCH_PROD_ID_OFFSET] ));
158
159 /* Patch Version indicates FW patch version */
160 ALOGI("\t Current Patch Version\t\t: 0x%04x",
161 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
162 rsp[PATCH_PATCH_VER_OFFSET] )));
163
164 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
165 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
166 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
167 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
168
169 /* In case rome 1.0/1.1, there is no SOC ID version available */
170 if (paramlen - 10)
171 {
172 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
173 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
174 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
175 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
176 rsp[PATCH_SOC_VER_OFFSET] ));
177 }
178
179 /* Rome Chipset Version can be decided by Patch version and SOC version,
180 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
181 used for SOC as combination for BT host driver */
182 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
183 break;
184 case EDL_TVL_DNLD_RES_EVT:
185 case EDL_CMD_EXE_STATUS_EVT:
186 switch (err = rsp[CMD_STATUS_OFFSET])
187 {
188 case HCI_CMD_SUCCESS:
189 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
190 break;
191 case PATCH_LEN_ERROR:
192 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
193 "SET REQ cmd", __FUNCTION__);
194 break;
195 case PATCH_VER_ERROR:
196 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
197 "SET REQ cmd", __FUNCTION__);
198 break;
199 case PATCH_CRC_ERROR:
200 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
201 break;
202 case PATCH_NOT_FOUND:
203 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
204 break;
205 case TLV_TYPE_ERROR:
206 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
207 break;
208 default:
209 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
210 break;
211 }
212 break;
213 case HCI_VS_GET_BUILD_VER_EVT:
214 build_lbl_len = rsp[5];
215 memcpy (build_label, &rsp[6], build_lbl_len);
216 *(build_label+build_lbl_len) = '\0';
217
218 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
219 break;
220 }
221 break;
222
223 case NVM_ACCESS_CODE:
224 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
225 err = HCI_CMD_SUCCESS;
226 break;
227 case EDL_SET_BAUDRATE_RSP_EVT:
228 /* Rome 1.1 has bug with the response, so it should ignore it. */
229 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
230 {
231 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
232 rsp[CMD_STATUS_OFFSET]);
233 err = -1;
234 }
235 break;
236 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
237 /* Query charging command has below return values
238 0 - in embedded mode not charging
239 1 - in embedded mode and charging
240 2 - hadofff completed and in normal mode
241 3 - no wipower supported on mtp. so irrepective of charging
242 handoff command has to be sent if return values are 0 or 1.
243 These change include logic to enable generic BT turn on sequence.*/
244 if (rsp[4] < EMBEDDED_MODE_CHECK)
245 {
246 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
247 wipower_handoff_ready = rsp[4];
248 wipower_flag = 1;
249 }
250 break;
251 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
252 /*TODO: rsp code 00 mean no charging
253 this is going to change in FW soon*/
254 if (rsp[4] == NON_WIPOWER_MODE)
255 {
256 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
257 }
258 break;
259 case HCI_VS_GET_ADDON_FEATURES_EVENT:
260 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
261 {
262 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
263 property_set("persist.bluetooth.a4wp", "true");
264 }
265 break;
266 case HCI_VS_STRAY_EVT:
267 /* WAR to handle stray Power Apply EVT during patch download */
268 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
269 if (patch_dnld_pending && dnld_fd != -1)
270 {
271 unsigned char rsp[HCI_MAX_EVENT_SIZE];
272 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
273 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
274 }
275 else
276 {
277 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
278 err = -1;
279 }
280 break;
281 default:
282 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
283 err = -1;
284 break;
285 }
286
287 failed:
288 return err;
289 }
290
291
292 /*
293 * Read an VS HCI event from the given file descriptor.
294 */
read_vs_hci_event(int fd,unsigned char * buf,int size)295 int read_vs_hci_event(int fd, unsigned char* buf, int size)
296 {
297 int remain, r;
298 int count = 0, i;
299
300 if (size <= 0) {
301 ALOGE("Invalid size arguement!");
302 return -1;
303 }
304
305 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
306
307 /* The first byte identifies the packet type. For HCI event packets, it
308 * should be 0x04, so we read until we get to the 0x04. */
309 /* It will keep reading until find 0x04 byte */
310 while (1) {
311 r = read(fd, buf, 1);
312 if (r <= 0)
313 return -1;
314 if (buf[0] == 0x04)
315 break;
316 }
317 count++;
318
319 /* The next two bytes are the event code and parameter total length. */
320 while (count < 3) {
321 r = read(fd, buf + count, 3 - count);
322 if ((r <= 0) || (buf[1] != 0xFF )) {
323 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
324 return -1;
325 }
326 count += r;
327 }
328
329 /* Now we read the parameters. */
330 if (buf[2] < (size - 3))
331 remain = buf[2];
332 else
333 remain = size - 3;
334
335 while ((count - 3) < remain) {
336 r = read(fd, buf + count, remain - (count - 3));
337 if (r <= 0)
338 return -1;
339 count += r;
340 }
341
342 /* Check if the set patch command is successful or not */
343 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
344 return -1;
345
346 return count;
347 }
348
349 /*
350 * For Hand-Off related Wipower commands, Command complete arrives first and
351 * the followd with VS event
352 *
353 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)354 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
355 {
356 int ret = 0;
357 int err = 0;
358
359 /* Send the HCI command packet to UART for transmission */
360 ret = do_write(fd, cmd, size);
361 if (ret != size) {
362 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
363 goto failed;
364 }
365
366 /* Wait for command complete event */
367 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
368 if ( err < 0) {
369 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
370 goto failed;
371 }
372
373 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
374 failed:
375 return ret;
376 }
377
378
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)379 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
380 {
381 int ret = 0;
382
383 /* Send the HCI command packet to UART for transmission */
384 ret = do_write(fd, cmd, size);
385 if (ret != size) {
386 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
387 goto failed;
388 }
389
390 if (wait_vsc_evt) {
391 /* Check for response from the Controller */
392 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
393 ret = -ETIMEDOUT;
394 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
395 goto failed;
396 }
397 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
398 }
399
400 failed:
401 return ret;
402 }
403
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)404 void frame_hci_cmd_pkt(
405 unsigned char *cmd,
406 int edl_cmd, unsigned int p_base_addr,
407 int segtNo, int size
408 )
409 {
410 int offset = 0;
411 hci_command_hdr *cmd_hdr;
412
413 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
414
415 cmd_hdr = (void *) (cmd + 1);
416
417 cmd[0] = HCI_COMMAND_PKT;
418 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
419 cmd_hdr->plen = size;
420 cmd[4] = edl_cmd;
421
422 switch (edl_cmd)
423 {
424 case EDL_PATCH_SET_REQ_CMD:
425 /* Copy the patch header info as CMD params */
426 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
427 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
428 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
429 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
430 break;
431 case EDL_PATCH_DLD_REQ_CMD:
432 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
433 p_base_addr += offset;
434 cmd_hdr->plen = (size + 6);
435 cmd[5] = (size + 4);
436 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
437 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
438 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
439 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
440 memcpy(&cmd[10], (pdata_buffer + offset), size);
441
442 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
443 __FUNCTION__, size);
444 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
445 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
446 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
447 break;
448 case EDL_PATCH_ATCH_REQ_CMD:
449 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
450 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
451 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
452 break;
453 case EDL_PATCH_RST_REQ_CMD:
454 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
455 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
456 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
457 break;
458 case EDL_PATCH_VER_REQ_CMD:
459 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
460 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
461 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
462 break;
463 case EDL_PATCH_TLV_REQ_CMD:
464 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
465 /* Parameter Total Length */
466 cmd[3] = size +2;
467
468 /* TLV Segment Length */
469 cmd[5] = size;
470 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
471 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
472 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
473 memcpy(&cmd[6], (pdata_buffer + offset), size);
474 break;
475 case EDL_GET_BUILD_INFO:
476 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
477 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
478 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
479 break;
480 default:
481 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
482 }
483 }
484
rome_extract_patch_header_info(unsigned char * buf)485 void rome_extract_patch_header_info(unsigned char *buf)
486 {
487 int index;
488
489 /* Extract patch id */
490 for (index = 0; index < 4; index++)
491 rampatch_patch_info.patch_id |=
492 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
493
494 /* Extract (ROM and BUILD) version information */
495 for (index = 0; index < 2; index++)
496 rampatch_patch_info.patch_ver.rom_version |=
497 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
498
499 for (index = 0; index < 2; index++)
500 rampatch_patch_info.patch_ver.build_version |=
501 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
502
503 /* Extract patch base and entry addresses */
504 for (index = 0; index < 4; index++)
505 rampatch_patch_info.patch_base_addr |=
506 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
507
508 /* Patch BASE & ENTRY addresses are same */
509 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
510
511 /* Extract total length of the patch payload */
512 for (index = 0; index < 4; index++)
513 rampatch_patch_info.patch_length |=
514 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
515
516 /* Extract the CRC checksum of the patch payload */
517 for (index = 0; index < 4; index++)
518 rampatch_patch_info.patch_crc |=
519 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
520
521 /* Extract patch control value */
522 for (index = 0; index < 4; index++)
523 rampatch_patch_info.patch_ctrl |=
524 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
525
526 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
527 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
528 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
529 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
530 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
531 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
532 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
533
534 }
535
rome_edl_set_patch_request(int fd)536 int rome_edl_set_patch_request(int fd)
537 {
538 int size, err;
539 unsigned char cmd[HCI_MAX_CMD_SIZE];
540 unsigned char rsp[HCI_MAX_EVENT_SIZE];
541
542 /* Frame the HCI CMD to be sent to the Controller */
543 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
544 -1, PATCH_HDR_LEN + 1);
545
546 /* Total length of the packet to be sent to the Controller */
547 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
548
549 /* Send HCI Command packet to Controller */
550 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
551 if ( err != size) {
552 ALOGE("Failed to set the patch info to the Controller!");
553 goto error;
554 }
555
556 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
557 if ( err < 0) {
558 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
559 goto error;
560 }
561 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
562 error:
563 return err;
564 }
565
rome_edl_patch_download_request(int fd)566 int rome_edl_patch_download_request(int fd)
567 {
568 int no_of_patch_segment;
569 int index = 1, err = 0, size = 0;
570 unsigned int p_base_addr;
571 unsigned char cmd[HCI_MAX_CMD_SIZE];
572 unsigned char rsp[HCI_MAX_EVENT_SIZE];
573
574 no_of_patch_segment = (rampatch_patch_info.patch_length /
575 MAX_DATA_PER_SEGMENT);
576 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
577 __FUNCTION__, no_of_patch_segment,
578 rampatch_patch_info.patch_base_addr);
579
580 /* Initialize the patch base address from the one read from bin file */
581 p_base_addr = rampatch_patch_info.patch_base_addr;
582
583 /*
584 * Depending upon size of the patch payload, download the patches in
585 * segments with a max. size of 239 bytes
586 */
587 for (index = 1; index <= no_of_patch_segment; index++) {
588
589 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
590
591 /* Frame the HCI CMD PKT to be sent to Controller*/
592 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
593 index, MAX_DATA_PER_SEGMENT);
594
595 /* Total length of the packet to be sent to the Controller */
596 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
597
598 /* Initialize the RSP packet everytime to 0 */
599 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
600
601 /* Send HCI Command packet to Controller */
602 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
603 if ( err != size) {
604 ALOGE("Failed to send the patch payload to the Controller!");
605 goto error;
606 }
607
608 /* Read Command Complete Event */
609 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
610 if ( err < 0) {
611 ALOGE("%s: Failed to downlaod patch segment: %d!",
612 __FUNCTION__, index);
613 goto error;
614 }
615 ALOGI("%s: Successfully downloaded patch segment: %d",
616 __FUNCTION__, index);
617 }
618
619 /* Check if any pending patch data to be sent */
620 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
621 rampatch_patch_info.patch_length :
622 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
623
624 if (size)
625 {
626 /* Frame the HCI CMD PKT to be sent to Controller*/
627 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
628
629 /* Initialize the RSP packet everytime to 0 */
630 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
631
632 /* Total length of the packet to be sent to the Controller */
633 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
634
635 /* Send HCI Command packet to Controller */
636 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
637 if ( err != size) {
638 ALOGE("Failed to send the patch payload to the Controller!");
639 goto error;
640 }
641
642 /* Read Command Complete Event */
643 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
644 if ( err < 0) {
645 ALOGE("%s: Failed to downlaod patch segment: %d!",
646 __FUNCTION__, index);
647 goto error;
648 }
649
650 ALOGI("%s: Successfully downloaded patch segment: %d",
651 __FUNCTION__, index);
652 }
653
654 error:
655 return err;
656 }
657
rome_download_rampatch(int fd)658 static int rome_download_rampatch(int fd)
659 {
660 int c, tmp, size, index, ret = -1;
661
662 ALOGI("%s: ", __FUNCTION__);
663
664 /* Get handle to the RAMPATCH binary file */
665 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
666 file = fopen(ROME_FW_PATH, "r");
667 if (file == NULL) {
668 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
669 __FUNCTION__);
670 return -ENFILE;
671 }
672
673 /* Allocate memory for the patch headder info */
674 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
675 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
676 if (phdr_buffer == NULL) {
677 ALOGE("%s: Failed to allocate memory for patch header",
678 __FUNCTION__);
679 goto phdr_alloc_failed;
680 }
681 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
682 phdr_buffer[index] = 0x0;
683
684 /* Read 28 bytes of patch header information */
685 ALOGI("%s: Reading patch header info", __FUNCTION__);
686 index = 0;
687 do {
688 c = fgetc (file);
689 phdr_buffer[index++] = (unsigned char)c;
690 } while (index != PATCH_HDR_LEN);
691
692 /* Save the patch header info into local structure */
693 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
694 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
695
696 /* Set the patch header info onto the Controller */
697 ret = rome_edl_set_patch_request(fd);
698 if (ret < 0) {
699 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
700 goto pdata_alloc_failed;
701 }
702
703 /* Allocate memory for the patch payload */
704 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
705 size = rampatch_patch_info.patch_length;
706 pdata_buffer = (unsigned char *) malloc(size+1);
707 if (pdata_buffer == NULL) {
708 ALOGE("%s: Failed to allocate memory for patch payload",
709 __FUNCTION__);
710 goto pdata_alloc_failed;
711 }
712 for (index = 0; index < size+1; index++)
713 pdata_buffer[index] = 0x0;
714
715 /* Read the patch data from Rampatch binary image */
716 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
717 index = 0;
718 do {
719 c = fgetc (file);
720 pdata_buffer[index++] = (unsigned char)c;
721 } while (c != EOF);
722
723 /* Downloading patches in segments to controller */
724 ret = rome_edl_patch_download_request(fd);
725 if (ret < 0) {
726 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
727 goto cleanup;
728 }
729 cleanup:
730 free(pdata_buffer);
731 pdata_alloc_failed:
732 free(phdr_buffer);
733 phdr_alloc_failed:
734 fclose(file);
735 error:
736 return ret;
737 }
738
rome_attach_rampatch(int fd)739 int rome_attach_rampatch(int fd)
740 {
741 int size, err;
742 unsigned char cmd[HCI_MAX_CMD_SIZE];
743 unsigned char rsp[HCI_MAX_EVENT_SIZE];
744
745 /* Frame the HCI CMD to be sent to the Controller */
746 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
747 -1, EDL_PATCH_CMD_LEN);
748
749 /* Total length of the packet to be sent to the Controller */
750 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
751
752 /* Send HCI Command packet to Controller */
753 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
754 if ( err != size) {
755 ALOGE("Failed to attach the patch payload to the Controller!");
756 goto error;
757 }
758
759 /* Read Command Complete Event */
760 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
761 if ( err < 0) {
762 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
763 goto error;
764 }
765 error:
766 return err;
767 }
768
rome_rampatch_reset(int fd)769 int rome_rampatch_reset(int fd)
770 {
771 int size, err = 0, flags;
772 unsigned char cmd[HCI_MAX_CMD_SIZE];
773 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
774
775 /* Frame the HCI CMD to be sent to the Controller */
776 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
777 -1, EDL_PATCH_CMD_LEN);
778
779 /* Total length of the packet to be sent to the Controller */
780 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
781
782 /* Send HCI Command packet to Controller */
783 err = do_write(fd, cmd, size);
784 if (err != size) {
785 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
786 goto error;
787 }
788
789 /*
790 * Controller doesn't sends any response for the patch reset
791 * command. HOST has to wait for 100ms before proceeding.
792 */
793 nanosleep(&tm, NULL);
794
795 error:
796 return err;
797 }
798
rome_get_tlv_file(char * file_path)799 int rome_get_tlv_file(char *file_path)
800 {
801 FILE * pFile;
802 long fileSize;
803 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
804 unsigned short nvm_tag_len;
805 tlv_patch_info *ptlv_header;
806 tlv_nvm_hdr *nvm_ptr;
807 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
808 unsigned char *nvm_byte_ptr;
809
810 ALOGI("File Open (%s)", file_path);
811 pFile = fopen ( file_path , "r" );
812 if (pFile==NULL) {;
813 ALOGE("%s File Open Fail", file_path);
814 return -1;
815 }
816
817 /* Get File Size */
818 fseek (pFile , 0 , SEEK_END);
819 fileSize = ftell (pFile);
820 rewind (pFile);
821
822 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
823 if (pdata_buffer == NULL) {
824 ALOGE("Allocated Memory failed");
825 fclose (pFile);
826 return -1;
827 }
828
829 /* Copy file into allocated buffer */
830 readSize = fread (pdata_buffer,1,fileSize,pFile);
831
832 /* File Close */
833 fclose (pFile);
834
835 if (readSize != fileSize) {
836 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
837 return -1;
838 }
839
840 ptlv_header = (tlv_patch_info *) pdata_buffer;
841
842 /* To handle different event between rampatch and NVM */
843 gTlv_type = ptlv_header->tlv_type;
844 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
845
846 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
847 ALOGI("====================================================");
848 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
849 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
850 (ptlv_header->tlv_length2 << 8) |
851 (ptlv_header->tlv_length3 << 16));
852 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
853 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
854 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
855 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
856 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
857 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
858 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
859 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
860 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
861 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
862 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
863 ALOGI("====================================================");
864
865 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
866 ALOGI("====================================================");
867 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
868 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
869 (ptlv_header->tlv_length2 << 8) |
870 (ptlv_header->tlv_length3 << 16));
871
872 if(nvm_length <= 0)
873 return readSize;
874
875 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
876 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
877 {
878 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
879 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
880 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
881 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
882
883 /* Increase nvm_index to NVM data */
884 nvm_index+=sizeof(tlv_nvm_hdr);
885 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
886
887 /* Write BD Address */
888 if(nvm_ptr->tag_id == TAG_NUM_2){
889 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
890 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
891 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
892 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
893 }
894
895 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
896 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
897
898 ALOGI("TAG Data\t\t\t : %s", data_buf);
899
900 /* Clear buffer */
901 memset(data_buf, 0x0, PRINT_BUF_SIZE);
902
903 /* increased by tag_len */
904 nvm_index+=nvm_ptr->tag_len;
905 nvm_byte_ptr +=nvm_ptr->tag_len;
906 }
907
908 ALOGI("====================================================");
909
910 } else {
911 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
912 }
913
914 return readSize;
915 }
916
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)917 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
918 {
919 int size=0, err = -1;
920 unsigned char cmd[HCI_MAX_CMD_SIZE];
921 unsigned char rsp[HCI_MAX_EVENT_SIZE];
922
923 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
924
925 /* Frame the HCI CMD PKT to be sent to Controller*/
926 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
927
928 /* Total length of the packet to be sent to the Controller */
929 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
930
931 /* Initialize the RSP packet everytime to 0 */
932 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
933
934 /* Send HCI Command packet to Controller */
935 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
936 if ( err != size) {
937 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
938 return err;
939 }
940
941 if(wait_cc_evt) {
942 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
943 if ( err < 0) {
944 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
945 return err;
946 }
947 }
948
949 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
950 return err;
951 }
952
rome_tlv_dnld_req(int fd,int tlv_size)953 int rome_tlv_dnld_req(int fd, int tlv_size)
954 {
955 int total_segment, remain_size, i, err = -1;
956 unsigned char wait_cc_evt;
957
958 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
959 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
960 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
961
962 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
963 __FUNCTION__,tlv_size, total_segment, remain_size);
964
965 if (gTlv_type == TLV_TYPE_PATCH) {
966 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
967 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
968 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
969 */
970 switch(gTlv_dwndCfg)
971 {
972 case ROME_SKIP_EVT_NONE:
973 wait_vsc_evt = TRUE;
974 wait_cc_evt = TRUE;
975 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
976 break;
977 case ROME_SKIP_EVT_VSE_CC:
978 wait_vsc_evt = FALSE;
979 wait_cc_evt = FALSE;
980 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
981 break;
982 /* Not handled for now */
983 case ROME_SKIP_EVT_VSE:
984 case ROME_SKIP_EVT_CC:
985 default:
986 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
987 break;
988 }
989 } else {
990 wait_vsc_evt = TRUE;
991 wait_cc_evt = TRUE;
992 }
993
994 for(i=0;i<total_segment ;i++){
995 if ((i+1) == total_segment) {
996 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
997 /* If the Rome version is from 1.1 to 3.1
998 * 1. No CCE for the last command segment but all other segment
999 * 2. All the command segments get VSE including the last one
1000 */
1001 wait_cc_evt = !remain_size ? FALSE: TRUE;
1002 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1003 /* If the Rome version is 3.2
1004 * 1. None of the command segments receive CCE
1005 * 2. No command segments receive VSE except the last one
1006 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1007 * same as Rome 2.1, 2.2, 3.0
1008 */
1009 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1010 wait_cc_evt = !remain_size ? FALSE: TRUE;
1011 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1012 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1013 }
1014 }
1015 }
1016
1017 patch_dnld_pending = TRUE;
1018 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1019 goto error;
1020 patch_dnld_pending = FALSE;
1021 }
1022
1023 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1024 /* If the Rome version is from 1.1 to 3.1
1025 * 1. No CCE for the last command segment but all other segment
1026 * 2. All the command segments get VSE including the last one
1027 */
1028 wait_cc_evt = remain_size ? FALSE: TRUE;
1029 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1030 /* If the Rome version is 3.2
1031 * 1. None of the command segments receive CCE
1032 * 2. No command segments receive VSE except the last one
1033 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1034 * same as Rome 2.1, 2.2, 3.0
1035 */
1036 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1037 wait_cc_evt = remain_size ? FALSE: TRUE;
1038 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1039 wait_vsc_evt = remain_size ? TRUE: FALSE;
1040 }
1041 }
1042 patch_dnld_pending = TRUE;
1043 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1044 patch_dnld_pending = FALSE;
1045 error:
1046 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1047 return err;
1048 }
1049
rome_download_tlv_file(int fd)1050 int rome_download_tlv_file(int fd)
1051 {
1052 int tlv_size, err = -1;
1053
1054 /* Rampatch TLV file Downloading */
1055 pdata_buffer = NULL;
1056 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1057 goto error;
1058
1059 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1060 goto error;
1061
1062 if (pdata_buffer != NULL){
1063 free (pdata_buffer);
1064 pdata_buffer = NULL;
1065 }
1066 /* NVM TLV file Downloading */
1067 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1068 goto error;
1069
1070 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1071 goto error;
1072
1073 error:
1074 if (pdata_buffer != NULL)
1075 free (pdata_buffer);
1076
1077 return err;
1078 }
1079
rome_1_0_nvm_tag_dnld(int fd)1080 int rome_1_0_nvm_tag_dnld(int fd)
1081 {
1082 int i, size, err = 0;
1083 unsigned char cmd[HCI_MAX_CMD_SIZE];
1084 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1085
1086 #if (NVM_VERSION >= ROME_1_0_100019)
1087 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1088 {
1089 /* Tag 2 */ /* BD Address */
1090 { /* Packet Type */HCI_COMMAND_PKT,
1091 /* Opcode */ 0x0b,0xfc,
1092 /* Total Len */ 9,
1093 /* NVM CMD */ NVM_ACCESS_SET,
1094 /* Tag Num */ 2,
1095 /* Tag Len */ 6,
1096 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1097 },
1098 /* Tag 6 */ /* Bluetooth Support Features */
1099 { /* Packet Type */HCI_COMMAND_PKT,
1100 /* Opcode */ 0x0b,0xfc,
1101 /* Total Len */ 11,
1102 /* NVM CMD */ NVM_ACCESS_SET,
1103 /* Tag Num */ 6,
1104 /* Tag Len */ 8,
1105 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1106 },
1107 /* Tag 17 */ /* HCI Transport Layer Setting */
1108 { /* Packet Type */HCI_COMMAND_PKT,
1109 /* Opcode */ 0x0b,0xfc,
1110 /* Total Len */ 11,
1111 /* NVM CMD */ NVM_ACCESS_SET,
1112 /* Tag Num */ 17,
1113 /* Tag Len */ 8,
1114 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1115 },
1116 /* Tag 35 */
1117 { /* Packet Type */HCI_COMMAND_PKT,
1118 /* Opcode */ 0x0b,0xfc,
1119 /* Total Len */ 58,
1120 /* NVM CMD */ NVM_ACCESS_SET,
1121 /* Tag Num */ 35,
1122 /* Tag Len */ 55,
1123 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1124 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1125 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1126 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1127 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1128 0x1B, 0x14, 0x01, 0x04, 0x48
1129 },
1130 /* Tag 36 */
1131 { /* Packet Type */HCI_COMMAND_PKT,
1132 /* Opcode */ 0x0b,0xfc,
1133 /* Total Len */ 15,
1134 /* NVM CMD */ NVM_ACCESS_SET,
1135 /* Tag Num */ 36,
1136 /* Tag Len */ 12,
1137 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1138 },
1139 /* Tag 39 */
1140 { /* Packet Type */HCI_COMMAND_PKT,
1141 /* Opcode */ 0x0b,0xfc,
1142 /* Total Len */ 7,
1143 /* NVM CMD */ NVM_ACCESS_SET,
1144 /* Tag Num */ 39,
1145 /* Tag Len */ 4,
1146 /* Tag Value */ 0x12,0x00,0x00,0x00
1147 },
1148 /* Tag 41 */
1149 { /* Packet Type */HCI_COMMAND_PKT,
1150 /* Opcode */ 0x0b,0xfc,
1151 /* Total Len */ 91,
1152 /* NVM CMD */ NVM_ACCESS_SET,
1153 /* Tag Num */ 41,
1154 /* Tag Len */ 88,
1155 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1156 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1157 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1158 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1159 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1160 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1161 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1162 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1163 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1164 },
1165 /* Tag 42 */
1166 { /* Packet Type */HCI_COMMAND_PKT,
1167 /* Opcode */ 0x0b,0xfc,
1168 /* Total Len */ 63,
1169 /* NVM CMD */ NVM_ACCESS_SET,
1170 /* Tag Num */ 42,
1171 /* Tag Len */ 60,
1172 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1173 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1174 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1175 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1176 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1177 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1178 },
1179 /* Tag 84 */
1180 { /* Packet Type */HCI_COMMAND_PKT,
1181 /* Opcode */ 0x0b,0xfc,
1182 /* Total Len */ 153,
1183 /* NVM CMD */ NVM_ACCESS_SET,
1184 /* Tag Num */ 84,
1185 /* Tag Len */ 150,
1186 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1187 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1188 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1189 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1190 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1191 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1192 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1193 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1194 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1195 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1196 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1197 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1198 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1199 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1200 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1201 },
1202 /* Tag 85 */
1203 { /* Packet Type */HCI_COMMAND_PKT,
1204 /* Opcode */ 0x0b,0xfc,
1205 /* Total Len */ 119,
1206 /* NVM CMD */ NVM_ACCESS_SET,
1207 /* Tag Num */ 85,
1208 /* Tag Len */ 116,
1209 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1210 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1211 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1212 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1213 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1214 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1215 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1216 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1217 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1218 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1219 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1220 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1221 },
1222 {TAG_END}
1223 };
1224 #elif (NVM_VERSION == ROME_1_0_6002)
1225 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1226 {
1227 /* Tag 2 */
1228 { /* Packet Type */HCI_COMMAND_PKT,
1229 /* Opcode */ 0x0b,0xfc,
1230 /* Total Len */ 9,
1231 /* NVM CMD */ NVM_ACCESS_SET,
1232 /* Tag Num */ 2,
1233 /* Tag Len */ 6,
1234 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1235 },
1236 /* Tag 6 */
1237 { /* Packet Type */HCI_COMMAND_PKT,
1238 /* Opcode */ 0x0b,0xfc,
1239 /* Total Len */ 11,
1240 /* NVM CMD */ NVM_ACCESS_SET,
1241 /* Tag Num */ 6,
1242 /* Tag Len */ 8,
1243 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1244 },
1245 /* Tag 17 */
1246 { /* Packet Type */HCI_COMMAND_PKT,
1247 /* Opcode */ 0x0b,0xfc,
1248 /* Total Len */ 11,
1249 /* NVM CMD */ NVM_ACCESS_SET,
1250 /* Tag Num */ 17,
1251 /* Tag Len */ 8,
1252 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1253 },
1254 /* Tag 36 */
1255 { /* Packet Type */HCI_COMMAND_PKT,
1256 /* Opcode */ 0x0b,0xfc,
1257 /* Total Len */ 15,
1258 /* NVM CMD */ NVM_ACCESS_SET,
1259 /* Tag Num */ 36,
1260 /* Tag Len */ 12,
1261 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1262 },
1263
1264 /* Tag 39 */
1265 { /* Packet Type */HCI_COMMAND_PKT,
1266 /* Opcode */ 0x0b,0xfc,
1267 /* Total Len */ 7,
1268 /* NVM CMD */ NVM_ACCESS_SET,
1269 /* Tag Num */ 39,
1270 /* Tag Len */ 4,
1271 /* Tag Value */ 0x12,0x00,0x00,0x00
1272 },
1273
1274 /* Tag 41 */
1275 { /* Packet Type */HCI_COMMAND_PKT,
1276 /* Opcode */ 0x0b,0xfc,
1277 /* Total Len */ 199,
1278 /* NVM CMD */ NVM_ACCESS_SET,
1279 /* Tag Num */ 41,
1280 /* Tag Len */ 196,
1281 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1282 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1283 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1284 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1285 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1286 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1287 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1288 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1289 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1290 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1291 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1292 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1293 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1294 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1295 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1296 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1297 0x0B,0x01,0x03,0x00
1298 },
1299
1300 /* Tag 44 */
1301 { /* Packet Type */HCI_COMMAND_PKT,
1302 /* Opcode */ 0x0b,0xfc,
1303 /* Total Len */ 44,
1304 /* NVM CMD */ NVM_ACCESS_SET,
1305 /* Tag Num */ 44,
1306 /* Tag Len */ 41,
1307 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1308 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1309 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1310 0x00,0x14,0x01,0x02,0x03
1311 },
1312 {TAG_END}
1313 };
1314 #endif
1315
1316 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1317
1318 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1319 {
1320 /* Write BD Address */
1321 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1322 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1323 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1324 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1325 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1326 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1327 }
1328 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1329 /* Send HCI Command packet to Controller */
1330 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1331 if ( err != size) {
1332 ALOGE("Failed to attach the patch payload to the Controller!");
1333 goto error;
1334 }
1335
1336 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1337 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1338 if ( err < 0) {
1339 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1340 goto error;
1341 }
1342 }
1343
1344 error:
1345 return err;
1346 }
1347
1348
1349
rome_patch_ver_req(int fd)1350 int rome_patch_ver_req(int fd)
1351 {
1352 int size, err = 0;
1353 unsigned char cmd[HCI_MAX_CMD_SIZE];
1354 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1355
1356 /* Frame the HCI CMD to be sent to the Controller */
1357 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1358 -1, EDL_PATCH_CMD_LEN);
1359
1360 /* Total length of the packet to be sent to the Controller */
1361 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1362
1363 /* Send HCI Command packet to Controller */
1364 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1365 if ( err != size) {
1366 ALOGE("Failed to attach the patch payload to the Controller!");
1367 goto error;
1368 }
1369
1370 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1371 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1372 if ( err < 0) {
1373 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1374 goto error;
1375 }
1376 error:
1377 return err;
1378
1379 }
1380
rome_get_build_info_req(int fd)1381 int rome_get_build_info_req(int fd)
1382 {
1383 int size, err = 0;
1384 unsigned char cmd[HCI_MAX_CMD_SIZE];
1385 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1386
1387 /* Frame the HCI CMD to be sent to the Controller */
1388 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1389 -1, EDL_PATCH_CMD_LEN);
1390
1391 /* Total length of the packet to be sent to the Controller */
1392 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1393
1394 /* Send HCI Command packet to Controller */
1395 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1396 if ( err != size) {
1397 ALOGE("Failed to send get build info cmd to the SoC!");
1398 goto error;
1399 }
1400
1401 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1402 if ( err < 0) {
1403 ALOGE("%s: Failed to get build info", __FUNCTION__);
1404 goto error;
1405 }
1406 error:
1407 return err;
1408
1409 }
1410
1411
rome_set_baudrate_req(int fd)1412 int rome_set_baudrate_req(int fd)
1413 {
1414 int size, err = 0;
1415 unsigned char cmd[HCI_MAX_CMD_SIZE];
1416 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1417 hci_command_hdr *cmd_hdr;
1418 int flags;
1419
1420 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1421
1422 cmd_hdr = (void *) (cmd + 1);
1423 cmd[0] = HCI_COMMAND_PKT;
1424 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1425 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1426 cmd[4] = BAUDRATE_3000000;
1427
1428 /* Total length of the packet to be sent to the Controller */
1429 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1430 tcflush(fd,TCIOFLUSH);
1431 /* Flow off during baudrate change */
1432 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1433 {
1434 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1435 goto error;
1436 }
1437
1438 /* Send the HCI command packet to UART for transmission */
1439 err = do_write(fd, cmd, size);
1440 if (err != size) {
1441 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1442 goto error;
1443 }
1444
1445 /* Change Local UART baudrate to high speed UART */
1446 userial_vendor_set_baud(USERIAL_BAUD_3M);
1447
1448 /* Flow on after changing local uart baudrate */
1449 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1450 {
1451 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1452 return err;
1453 }
1454
1455 /* Check for response from the Controller */
1456 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1457 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1458 goto error;
1459 }
1460
1461 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1462
1463 /* Wait for command complete event */
1464 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1465 if ( err < 0) {
1466 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1467 goto error;
1468 }
1469
1470 error:
1471 return err;
1472
1473 }
1474
1475
rome_hci_reset_req(int fd)1476 int rome_hci_reset_req(int fd)
1477 {
1478 int size, err = 0;
1479 unsigned char cmd[HCI_MAX_CMD_SIZE];
1480 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1481 hci_command_hdr *cmd_hdr;
1482 int flags;
1483
1484 ALOGI("%s: HCI RESET ", __FUNCTION__);
1485
1486 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1487
1488 cmd_hdr = (void *) (cmd + 1);
1489 cmd[0] = HCI_COMMAND_PKT;
1490 cmd_hdr->opcode = HCI_RESET;
1491 cmd_hdr->plen = 0;
1492
1493 /* Total length of the packet to be sent to the Controller */
1494 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1495
1496 /* Flow off during baudrate change */
1497 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1498 {
1499 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1500 goto error;
1501 }
1502
1503 /* Send the HCI command packet to UART for transmission */
1504 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1505 err = do_write(fd, cmd, size);
1506 if (err != size) {
1507 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1508 goto error;
1509 }
1510
1511 /* Change Local UART baudrate to high speed UART */
1512 userial_vendor_set_baud(USERIAL_BAUD_3M);
1513
1514 /* Flow on after changing local uart baudrate */
1515 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1516 {
1517 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1518 return err;
1519 }
1520
1521 /* Wait for command complete event */
1522 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1523 if ( err < 0) {
1524 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1525 goto error;
1526 }
1527
1528 error:
1529 return err;
1530
1531 }
1532
1533
rome_hci_reset(int fd)1534 int rome_hci_reset(int fd)
1535 {
1536 int size, err = 0;
1537 unsigned char cmd[HCI_MAX_CMD_SIZE];
1538 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1539 hci_command_hdr *cmd_hdr;
1540 int flags;
1541
1542 ALOGI("%s: HCI RESET ", __FUNCTION__);
1543
1544 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1545
1546 cmd_hdr = (void *) (cmd + 1);
1547 cmd[0] = HCI_COMMAND_PKT;
1548 cmd_hdr->opcode = HCI_RESET;
1549 cmd_hdr->plen = 0;
1550
1551 /* Total length of the packet to be sent to the Controller */
1552 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1553 err = do_write(fd, cmd, size);
1554 if (err != size) {
1555 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1556 err = -1;
1557 goto error;
1558 }
1559
1560 /* Wait for command complete event */
1561 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1562 if ( err < 0) {
1563 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1564 goto error;
1565 }
1566
1567 error:
1568 return err;
1569
1570 }
1571
rome_wipower_current_charging_status_req(int fd)1572 int rome_wipower_current_charging_status_req(int fd)
1573 {
1574 int size, err = 0;
1575 unsigned char cmd[HCI_MAX_CMD_SIZE];
1576 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1577 hci_command_hdr *cmd_hdr;
1578 int flags;
1579
1580 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1581
1582 cmd_hdr = (void *) (cmd + 1);
1583 cmd[0] = HCI_COMMAND_PKT;
1584 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1585 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1586 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1587
1588 /* Total length of the packet to be sent to the Controller */
1589 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1590
1591 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1592 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1593
1594 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1595 if ( err != size) {
1596 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1597 goto error;
1598 }
1599
1600 /* Check for response from the Controller */
1601 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1602 err = -ETIMEDOUT;
1603 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1604 goto error;
1605 }
1606
1607 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1608 if (rsp[4] >= NON_WIPOWER_MODE) {
1609 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1610 if (err < 0) {
1611 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1612 goto error;
1613 }
1614 }
1615
1616 error:
1617 return err;
1618 }
1619
addon_feature_req(int fd)1620 int addon_feature_req(int fd)
1621 {
1622 int size, err = 0;
1623 unsigned char cmd[HCI_MAX_CMD_SIZE];
1624 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1625 hci_command_hdr *cmd_hdr;
1626 int flags;
1627
1628 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1629
1630 cmd_hdr = (void *) (cmd + 1);
1631 cmd[0] = HCI_COMMAND_PKT;
1632 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1633 cmd_hdr->plen = 0x00;
1634
1635 /* Total length of the packet to be sent to the Controller */
1636 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1637
1638 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1639 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1640 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1641 if ( err != size) {
1642 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1643 goto error;
1644 }
1645
1646 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1647 if (err < 0) {
1648 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1649 goto error;
1650 }
1651 error:
1652 return err;
1653 }
1654
1655
check_embedded_mode(int fd)1656 int check_embedded_mode(int fd) {
1657 int err = 0;
1658
1659 wipower_flag = 0;
1660 /* Get current wipower charging status */
1661 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1662 {
1663 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1664 }
1665 usleep(500);
1666
1667 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1668
1669 return wipower_flag;
1670 }
1671
rome_get_addon_feature_list(fd)1672 int rome_get_addon_feature_list(fd) {
1673 int err = 0;
1674
1675 /* Get addon features that are supported by FW */
1676 if ((err = addon_feature_req(fd)) < 0)
1677 {
1678 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1679 }
1680 return err;
1681 }
1682
rome_wipower_forward_handoff_req(int fd)1683 int rome_wipower_forward_handoff_req(int fd)
1684 {
1685 int size, err = 0;
1686 unsigned char cmd[HCI_MAX_CMD_SIZE];
1687 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1688 hci_command_hdr *cmd_hdr;
1689 int flags;
1690
1691 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1692
1693 cmd_hdr = (void *) (cmd + 1);
1694 cmd[0] = HCI_COMMAND_PKT;
1695 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1696 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1697 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1698
1699 /* Total length of the packet to be sent to the Controller */
1700 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1701
1702 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1703 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1704 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1705 if ( err != size) {
1706 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1707 goto error;
1708 }
1709
1710 /* Check for response from the Controller */
1711 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1712 err = -ETIMEDOUT;
1713 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1714 goto error;
1715 }
1716
1717 error:
1718 return err;
1719 }
1720
1721
enable_controller_log(int fd,unsigned char wait_for_evt)1722 void enable_controller_log (int fd, unsigned char wait_for_evt)
1723 {
1724 int ret = 0;
1725 /* VS command to enable controller logging to the HOST. By default it is disabled */
1726 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1727 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1728 char value[PROPERTY_VALUE_MAX] = {'\0'};
1729
1730 property_get("persist.service.bdroid.soclog", value, "false");
1731
1732 // value at cmd[5]: 1 - to enable, 0 - to disable
1733 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1734 ALOGI("%s: %d", __func__, ret);
1735 /* Ignore vsc evt if wait_for_evt is true */
1736 if (wait_for_evt) wait_vsc_evt = FALSE;
1737
1738 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1739 if (ret != 6) {
1740 ALOGE("%s: command failed", __func__);
1741 }
1742 /*Ignore hci_event if wait_for_evt is true*/
1743 if (wait_for_evt)
1744 goto end;
1745 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1746 if (ret < 0) {
1747 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1748 }
1749 end:
1750 wait_vsc_evt = TRUE;
1751 return;
1752 }
1753
1754
disable_internal_ldo(int fd)1755 static int disable_internal_ldo(int fd)
1756 {
1757 int ret = 0;
1758 if (enable_extldo) {
1759 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1760 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1761
1762 ALOGI(" %s ", __FUNCTION__);
1763 ret = do_write(fd, cmd, 5);
1764 if (ret != 5) {
1765 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1766 ret = -1;
1767 } else {
1768 /* Wait for command complete event */
1769 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1770 if ( ret < 0) {
1771 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1772 }
1773 }
1774 }
1775 return ret;
1776 }
1777
rome_soc_init(int fd,char * bdaddr)1778 int rome_soc_init(int fd, char *bdaddr)
1779 {
1780 int err = -1, size = 0;
1781 dnld_fd = fd;
1782 ALOGI(" %s ", __FUNCTION__);
1783
1784 /* If wipower charging is going on in embedded mode then start hand off req */
1785 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1786 {
1787 wipower_flag = 0;
1788 wipower_handoff_ready = 0;
1789 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1790 {
1791 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1792 }
1793 }
1794
1795 /* Get Rome version information */
1796 if((err = rome_patch_ver_req(fd)) <0){
1797 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1798 goto error;
1799 }
1800
1801 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1802
1803 switch (rome_ver){
1804 case ROME_VER_1_0:
1805 {
1806 /* Set and Download the RAMPATCH */
1807 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1808 err = rome_download_rampatch(fd);
1809 if (err < 0) {
1810 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1811 goto error;
1812 }
1813 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1814
1815 /* Attach the RAMPATCH */
1816 ALOGI("%s: Attaching the patches", __FUNCTION__);
1817 err = rome_attach_rampatch(fd);
1818 if (err < 0) {
1819 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1820 goto error;
1821 }
1822 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1823
1824 /* Send Reset */
1825 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1826 err = rome_rampatch_reset(fd);
1827 if ( err < 0 ) {
1828 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1829 goto error;
1830 }
1831
1832 /* NVM download */
1833 ALOGI("%s: Downloading NVM", __FUNCTION__);
1834 err = rome_1_0_nvm_tag_dnld(fd);
1835 if ( err <0 ) {
1836 ALOGE("Downloading NVM Failed !!");
1837 goto error;
1838 }
1839
1840 /* Change baud rate 115.2 kbps to 3Mbps*/
1841 err = rome_hci_reset_req(fd);
1842 if (err < 0) {
1843 ALOGE("HCI Reset Failed !!");
1844 goto error;
1845 }
1846
1847 ALOGI("HCI Reset is done\n");
1848 }
1849 break;
1850 case ROME_VER_1_1:
1851 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1852 nvm_file_path = ROME_NVM_TLV_PATH;
1853 goto download;
1854 case ROME_VER_1_3:
1855 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1856 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1857 goto download;
1858 case ROME_VER_2_1:
1859 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1860 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1861 goto download;
1862 case ROME_VER_3_0:
1863 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1864 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1865 fw_su_info = ROME_3_1_FW_SU;
1866 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1867 goto download;
1868 case ROME_VER_3_2:
1869 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1870 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1871 fw_su_info = ROME_3_2_FW_SU;
1872 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1873
1874 download:
1875 /* Change baud rate 115.2 kbps to 3Mbps*/
1876 err = rome_set_baudrate_req(fd);
1877 if (err < 0) {
1878 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1879 goto error;
1880 }
1881 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1882 /* Donwload TLV files (rampatch, NVM) */
1883 err = rome_download_tlv_file(fd);
1884 if (err < 0) {
1885 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1886 goto error;
1887 }
1888 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1889
1890 /* Get SU FM label information */
1891 if((err = rome_get_build_info_req(fd)) <0){
1892 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1893 //Ignore the failure of ROME FW SU label information
1894 err = 0;
1895 }
1896
1897 /* Disable internal LDO to use external LDO instead*/
1898 err = disable_internal_ldo(fd);
1899
1900 /* Send HCI Reset */
1901 err = rome_hci_reset(fd);
1902 if ( err <0 ) {
1903 ALOGE("HCI Reset Failed !!");
1904 goto error;
1905 }
1906
1907 ALOGI("HCI Reset is done\n");
1908
1909 break;
1910 case ROME_VER_UNKNOWN:
1911 default:
1912 ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1913 err = -1;
1914 break;
1915 }
1916
1917 error:
1918 dnld_fd = -1;
1919 return err;
1920 }
1921