1 /*
2 *
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2005-2010 Marcel Holtmann <marcel@holtmann.org>
6 * Copyright (c) 2010, Code Aurora Forum. All rights reserved.
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 *
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include <config.h>
27 #endif
28
29 #include <stdio.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <unistd.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <signal.h>
36 #include <syslog.h>
37 #include <termios.h>
38 #include <time.h>
39 #include <sys/time.h>
40 #include <sys/poll.h>
41 #include <sys/param.h>
42 #include <sys/ioctl.h>
43 #include <sys/socket.h>
44 #include <sys/uio.h>
45
46 #include <bluetooth/bluetooth.h>
47 #include <bluetooth/hci.h>
48 #include <bluetooth/hci_lib.h>
49
50 #include "hciattach.h"
51
52 #define FAILIF(x, args...) do { \
53 if (x) { \
54 fprintf(stderr, ##args); \
55 return -1; \
56 } \
57 } while (0)
58
59 typedef struct {
60 uint8_t uart_prefix;
61 hci_event_hdr hci_hdr;
62 evt_cmd_complete cmd_complete;
63 uint8_t status;
64 uint8_t data[16];
65 } __attribute__((packed)) command_complete_t;
66
read_command_complete(int fd,unsigned short opcode,unsigned char len)67 static int read_command_complete(int fd,
68 unsigned short opcode,
69 unsigned char len)
70 {
71 command_complete_t resp;
72 unsigned char vsevent[512];
73 int n;
74
75 /* Read reply. */
76 n = read_hci_event(fd, vsevent, sizeof(vsevent));
77 FAILIF(n < 0, "Failed to read response");
78
79 FAILIF(vsevent[1] != 0xFF, "Failed to read response");
80
81 n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
82 FAILIF(n < 0, "Failed to read response");
83
84 /* event must be event-complete */
85 FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE,
86 "Error in response: not a cmd-complete event, "
87 "but 0x%02x!\n", resp.hci_hdr.evt);
88
89 FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
90 "Error in response: plen is not >= 4, but 0x%02x!\n",
91 resp.hci_hdr.plen);
92
93 /* cmd-complete event: opcode */
94 FAILIF(resp.cmd_complete.opcode != 0,
95 "Error in response: opcode is 0x%04x, not 0!",
96 resp.cmd_complete.opcode);
97
98 return resp.status == 0 ? 0 : -1;
99 }
100
qualcomm_load_firmware(int fd,const char * firmware,const char * bdaddr_s)101 static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s)
102 {
103
104 int fw = open(firmware, O_RDONLY);
105
106 fprintf(stdout, "Opening firmware file: %s\n", firmware);
107
108 FAILIF(fw < 0,
109 "Could not open firmware file %s: %s (%d).\n",
110 firmware, strerror(errno), errno);
111
112 fprintf(stdout, "Uploading firmware...\n");
113 do {
114 /* Read each command and wait for a response. */
115 unsigned char data[1024];
116 unsigned char cmdp[1 + sizeof(hci_command_hdr)];
117 hci_command_hdr *cmd = (hci_command_hdr *) (cmdp + 1);
118 int nr;
119
120 nr = read(fw, cmdp, sizeof(cmdp));
121 if (!nr)
122 break;
123
124 FAILIF(nr != sizeof(cmdp),
125 "Could not read H4 + HCI header!\n");
126 FAILIF(*cmdp != HCI_COMMAND_PKT,
127 "Command is not an H4 command packet!\n");
128
129 FAILIF(read(fw, data, cmd->plen) != cmd->plen,
130 "Could not read %d bytes of data \
131 for command with opcode %04x!\n",
132 cmd->plen, cmd->opcode);
133
134 if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
135 bdaddr_t bdaddr;
136 if (bdaddr_s != NULL) {
137 str2ba(bdaddr_s, &bdaddr);
138 memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
139 }
140 }
141
142 {
143 int nw;
144 struct iovec iov_cmd[2];
145 iov_cmd[0].iov_base = cmdp;
146 iov_cmd[0].iov_len = sizeof(cmdp);
147 iov_cmd[1].iov_base = data;
148 iov_cmd[1].iov_len = cmd->plen;
149 nw = writev(fd, iov_cmd, 2);
150 FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
151 "Could not send entire command \
152 (sent only %d bytes)!\n",
153 nw);
154 }
155
156 /* Wait for response */
157 if (read_command_complete(fd, cmd->opcode, cmd->plen) < 0)
158 return -1;
159 } while (1);
160 fprintf(stdout, "Firmware upload successful.\n");
161
162 close(fw);
163
164 return 0;
165 }
166
qualcomm_init(int fd,int speed,struct termios * ti,const char * bdaddr)167 int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
168 {
169 struct timespec tm = {0, 50000};
170 char cmd[5];
171 unsigned char resp[100]; /* Response */
172 char fw[100];
173 int n;
174
175 memset(resp, 0, 100);
176
177 /* Get Manufacturer and LMP version */
178 cmd[0] = HCI_COMMAND_PKT;
179 cmd[1] = 0x01;
180 cmd[2] = 0x10;
181 cmd[3] = 0x00;
182
183 do {
184 n = write(fd, cmd, 4);
185 if (n < 4) {
186 perror("Failed to write init command");
187 return -1;
188 }
189
190 /* Read reply. */
191 if (read_hci_event(fd, resp, 100) < 0) {
192 perror("Failed to read init response");
193 return -1;
194 }
195
196 /* Wait for command complete event for our Opcode */
197 } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
198
199 /* Verify manufacturer */
200 if ((resp[11] & 0xFF) != 0x1d)
201 fprintf(stderr,
202 "WARNING : module's manufacturer is not Qualcomm\n");
203
204 /* Print LMP version */
205 fprintf(stderr,
206 "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
207
208 /* Print LMP subversion */
209 {
210 unsigned short lmp_subv = resp[13] | (resp[14] << 8);
211
212 fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n",
213 lmp_subv);
214 }
215
216 /* Get SoC type */
217 cmd[0] = HCI_COMMAND_PKT;
218 cmd[1] = 0x00;
219 cmd[2] = 0xFC;
220 cmd[3] = 0x01;
221 cmd[4] = 0x06;
222
223 do {
224 n = write(fd, cmd, 5);
225 if (n < 5) {
226 perror("Failed to write vendor init command");
227 return -1;
228 }
229
230 /* Read reply. */
231 if ((n = read_hci_event(fd, resp, 100)) < 0) {
232 perror("Failed to read vendor init response");
233 return -1;
234 }
235
236 } while (resp[3] != 0 && resp[4] != 2);
237
238 snprintf(fw, sizeof(fw), "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
239 resp[18], resp[19], resp[20], resp[21],
240 resp[22], resp[23],
241 resp[32], resp[33], resp[34], resp[35]);
242
243 /* Wait for command complete event for our Opcode */
244 if (read_hci_event(fd, resp, 100) < 0) {
245 perror("Failed to read init response");
246 return -1;
247 }
248
249 qualcomm_load_firmware(fd, fw, bdaddr);
250
251 /* Reset */
252 cmd[0] = HCI_COMMAND_PKT;
253 cmd[1] = 0x03;
254 cmd[2] = 0x0C;
255 cmd[3] = 0x00;
256
257 do {
258 n = write(fd, cmd, 4);
259 if (n < 4) {
260 perror("Failed to write reset command");
261 return -1;
262 }
263
264 /* Read reply. */
265 if ((n = read_hci_event(fd, resp, 100)) < 0) {
266 perror("Failed to read reset response");
267 return -1;
268 }
269
270 } while (resp[4] != cmd[1] && resp[5] != cmd[2]);
271
272 nanosleep(&tm, NULL);
273
274 return 0;
275 }
276