1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <termios.h>
51 #include <stdbool.h>
52
53 #include "bt_hci_bdroid.h"
54 #include "bt_vendor_qcom.h"
55 #include "hci_uart.h"
56 #include "hw_rome.h"
57
58 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt"
59
60 #ifdef __cplusplus
61 }
62 #endif
63
64 /******************************************************************************
65 ** Variables
66 ******************************************************************************/
67 FILE *file;
68 unsigned char *phdr_buffer;
69 unsigned char *pdata_buffer = NULL;
70 patch_info rampatch_patch_info;
71 int rome_ver = ROME_VER_UNKNOWN;
72 unsigned char gTlv_type;
73 unsigned char gTlv_dwndCfg;
74 static unsigned int wipower_flag = 0;
75 static unsigned int wipower_handoff_ready = 0;
76 char *rampatch_file_path;
77 char *nvm_file_path;
78 char *fw_su_info = NULL;
79 unsigned short fw_su_offset =0;
80 extern char enable_extldo;
81 unsigned char wait_vsc_evt = TRUE;
82
83 /******************************************************************************
84 ** Extern variables
85 ******************************************************************************/
86 extern uint8_t vnd_local_bd_addr[6];
87
88 /*****************************************************************************
89 ** Functions
90 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)91 int do_write(int fd, unsigned char *buf,int len)
92 {
93 int ret = 0;
94 int write_offset = 0;
95 int write_len = len;
96 do {
97 ret = write(fd,buf+write_offset,write_len);
98 if (ret < 0)
99 {
100 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
101 return -1;
102 } else if (ret == 0) {
103 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
104 return 0;
105 } else {
106 if (ret < write_len) {
107 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
108 strerror(errno));
109 write_len = write_len - ret;
110 write_offset = ret;
111 } else {
112 ALOGV("Write successful");
113 break;
114 }
115 }
116 } while(1);
117 return len;
118 }
119
get_vs_hci_event(unsigned char * rsp)120 int get_vs_hci_event(unsigned char *rsp)
121 {
122 int err = 0;
123 unsigned char paramlen = 0;
124 unsigned char EMBEDDED_MODE_CHECK = 0x02;
125 FILE *btversionfile = 0;
126 unsigned int soc_id = 0;
127 unsigned int productid = 0;
128 unsigned short patchversion = 0;
129 char build_label[255];
130 int build_lbl_len;
131
132 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
133 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
134 else {
135 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
136 err = -EIO;
137 goto failed;
138 }
139
140 ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN],
141 rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]);
142
143 /* Check the status of the operation */
144 switch ( rsp[CMD_RSP_OFFSET] )
145 {
146 case EDL_CMD_REQ_RES_EVT:
147 ALOGV("%s: Command Request Response", __FUNCTION__);
148 switch(rsp[RSP_TYPE_OFFSET])
149 {
150 case EDL_PATCH_VER_RES_EVT:
151 case EDL_APP_VER_RES_EVT:
152 ALOGI("\t Current Product ID\t\t: 0x%08x",
153 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
154 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
155 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
156 rsp[PATCH_PROD_ID_OFFSET] ));
157
158 /* Patch Version indicates FW patch version */
159 ALOGI("\t Current Patch Version\t\t: 0x%04x",
160 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
161 rsp[PATCH_PATCH_VER_OFFSET] )));
162
163 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
164 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
165 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
166 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
167
168 /* In case rome 1.0/1.1, there is no SOC ID version available */
169 if (paramlen - 10)
170 {
171 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
172 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
173 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
174 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
175 rsp[PATCH_SOC_VER_OFFSET] ));
176 }
177
178 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) {
179 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid);
180 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion);
181 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", rome_ver);
182 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id);
183 fclose(btversionfile);
184 }else {
185 ALOGI("Failed to dump SOC version info. Errno:%d", errno);
186 }
187
188 /* Rome Chipset Version can be decided by Patch version and SOC version,
189 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
190 used for SOC as combination for BT host driver */
191 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
192 break;
193 case EDL_TVL_DNLD_RES_EVT:
194 case EDL_CMD_EXE_STATUS_EVT:
195 switch (err = rsp[CMD_STATUS_OFFSET])
196 {
197 case HCI_CMD_SUCCESS:
198 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
199 break;
200 case PATCH_LEN_ERROR:
201 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
202 "SET REQ cmd", __FUNCTION__);
203 break;
204 case PATCH_VER_ERROR:
205 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
206 "SET REQ cmd", __FUNCTION__);
207 break;
208 case PATCH_CRC_ERROR:
209 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
210 break;
211 case PATCH_NOT_FOUND:
212 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
213 break;
214 case TLV_TYPE_ERROR:
215 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
216 break;
217 default:
218 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
219 break;
220 }
221 break;
222 case HCI_VS_GET_BUILD_VER_EVT:
223 build_lbl_len = rsp[5];
224 memcpy (build_label, &rsp[6], build_lbl_len);
225 *(build_label+build_lbl_len) = '\0';
226
227 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
228 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) {
229 fprintf(btversionfile, "Bluetooth Contoller SU Build info : %s\n", build_label);
230 fclose(btversionfile);
231 } else {
232 ALOGI("Failed to dump FW SU build info. Errno:%d", errno);
233 }
234 break;
235 }
236 break;
237
238 case NVM_ACCESS_CODE:
239 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
240 err = HCI_CMD_SUCCESS;
241 break;
242 case EDL_SET_BAUDRATE_RSP_EVT:
243 /* Rome 1.1 has bug with the response, so it should ignore it. */
244 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
245 {
246 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
247 rsp[CMD_STATUS_OFFSET]);
248 err = -1;
249 }
250 break;
251 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
252 /*TODO: rsp code 00 mean no charging
253 this is going to change in FW soon*/
254 if (rsp[4] != EMBEDDED_MODE_CHECK)
255 {
256 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
257 wipower_handoff_ready = rsp[4];
258 wipower_flag = 1;
259 }
260 break;
261 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
262 /*TODO: rsp code 00 mean no charging
263 this is going to change in FW soon*/
264 if (rsp[4] == NON_WIPOWER_MODE)
265 {
266 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
267 }
268 break;
269 case HCI_VS_GET_ADDON_FEATURES_EVENT:
270 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
271 {
272 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
273 property_set("persist.bluetooth.a4wp", "true");
274 }
275 break;
276 default:
277 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
278 err = -1;
279 break;
280 }
281
282 failed:
283 return err;
284 }
285
286
287 /*
288 * Read an VS HCI event from the given file descriptor.
289 */
read_vs_hci_event(int fd,unsigned char * buf,int size)290 int read_vs_hci_event(int fd, unsigned char* buf, int size)
291 {
292 int remain, r;
293 int count = 0, i;
294
295 if (size <= 0) {
296 ALOGE("Invalid size arguement!");
297 return -1;
298 }
299
300 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
301
302 /* The first byte identifies the packet type. For HCI event packets, it
303 * should be 0x04, so we read until we get to the 0x04. */
304 /* It will keep reading until find 0x04 byte */
305 while (1) {
306 r = read(fd, buf, 1);
307 if (r <= 0)
308 return -1;
309 if (buf[0] == 0x04)
310 break;
311 }
312 count++;
313
314 /* The next two bytes are the event code and parameter total length. */
315 while (count < 3) {
316 r = read(fd, buf + count, 3 - count);
317 if ((r <= 0) || (buf[1] != 0xFF )) {
318 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
319 return -1;
320 }
321 count += r;
322 }
323
324 /* Now we read the parameters. */
325 if (buf[2] < (size - 3))
326 remain = buf[2];
327 else
328 remain = size - 3;
329
330 while ((count - 3) < remain) {
331 r = read(fd, buf + count, remain - (count - 3));
332 if (r <= 0)
333 return -1;
334 count += r;
335 }
336
337 /* Check if the set patch command is successful or not */
338 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
339 return -1;
340
341 return count;
342 }
343
344 /*
345 * For Hand-Off related Wipower commands, Command complete arrives first and
346 * the followd with VS event
347 *
348 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)349 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
350 {
351 int ret = 0;
352 int err = 0;
353
354 /* Send the HCI command packet to UART for transmission */
355 ret = do_write(fd, cmd, size);
356 if (ret != size) {
357 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
358 goto failed;
359 }
360
361 /* Wait for command complete event */
362 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
363 if ( err < 0) {
364 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
365 goto failed;
366 }
367
368 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
369 failed:
370 return ret;
371 }
372
373
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)374 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
375 {
376 int ret = 0;
377
378 /* Send the HCI command packet to UART for transmission */
379 ret = do_write(fd, cmd, size);
380 if (ret != size) {
381 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
382 goto failed;
383 }
384
385 if (wait_vsc_evt) {
386 /* Check for response from the Controller */
387 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
388 ret = -ETIMEDOUT;
389 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
390 goto failed;
391 }
392 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
393 }
394
395 failed:
396 return ret;
397 }
398
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)399 void frame_hci_cmd_pkt(
400 unsigned char *cmd,
401 int edl_cmd, unsigned int p_base_addr,
402 int segtNo, int size
403 )
404 {
405 int offset = 0;
406 hci_command_hdr *cmd_hdr;
407
408 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
409
410 cmd_hdr = (void *) (cmd + 1);
411
412 cmd[0] = HCI_COMMAND_PKT;
413 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
414 cmd_hdr->plen = size;
415 cmd[4] = edl_cmd;
416
417 switch (edl_cmd)
418 {
419 case EDL_PATCH_SET_REQ_CMD:
420 /* Copy the patch header info as CMD params */
421 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
422 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
423 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
424 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
425 break;
426 case EDL_PATCH_DLD_REQ_CMD:
427 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
428 p_base_addr += offset;
429 cmd_hdr->plen = (size + 6);
430 cmd[5] = (size + 4);
431 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
432 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
433 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
434 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
435 memcpy(&cmd[10], (pdata_buffer + offset), size);
436
437 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
438 __FUNCTION__, size);
439 ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
440 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
441 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
442 break;
443 case EDL_PATCH_ATCH_REQ_CMD:
444 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
445 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
446 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
447 break;
448 case EDL_PATCH_RST_REQ_CMD:
449 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
450 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
451 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
452 break;
453 case EDL_PATCH_VER_REQ_CMD:
454 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
455 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
456 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
457 break;
458 case EDL_PATCH_TLV_REQ_CMD:
459 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
460 /* Parameter Total Length */
461 cmd[3] = size +2;
462
463 /* TLV Segment Length */
464 cmd[5] = size;
465 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
466 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
467 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
468 memcpy(&cmd[6], (pdata_buffer + offset), size);
469 break;
470 case EDL_GET_BUILD_INFO:
471 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
472 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
473 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
474 break;
475 case EDL_GET_BOARD_ID:
476 ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
477 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
478 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
479 break;
480 default:
481 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
482 }
483 }
484
rome_extract_patch_header_info(unsigned char * buf)485 void rome_extract_patch_header_info(unsigned char *buf)
486 {
487 int index;
488
489 /* Extract patch id */
490 for (index = 0; index < 4; index++)
491 rampatch_patch_info.patch_id |=
492 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
493
494 /* Extract (ROM and BUILD) version information */
495 for (index = 0; index < 2; index++)
496 rampatch_patch_info.patch_ver.rom_version |=
497 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
498
499 for (index = 0; index < 2; index++)
500 rampatch_patch_info.patch_ver.build_version |=
501 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
502
503 /* Extract patch base and entry addresses */
504 for (index = 0; index < 4; index++)
505 rampatch_patch_info.patch_base_addr |=
506 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
507
508 /* Patch BASE & ENTRY addresses are same */
509 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
510
511 /* Extract total length of the patch payload */
512 for (index = 0; index < 4; index++)
513 rampatch_patch_info.patch_length |=
514 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
515
516 /* Extract the CRC checksum of the patch payload */
517 for (index = 0; index < 4; index++)
518 rampatch_patch_info.patch_crc |=
519 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
520
521 /* Extract patch control value */
522 for (index = 0; index < 4; index++)
523 rampatch_patch_info.patch_ctrl |=
524 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
525
526 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
527 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
528 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
529 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
530 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
531 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
532 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
533
534 }
535
rome_edl_set_patch_request(int fd)536 int rome_edl_set_patch_request(int fd)
537 {
538 int size, err;
539 unsigned char cmd[HCI_MAX_CMD_SIZE];
540 unsigned char rsp[HCI_MAX_EVENT_SIZE];
541
542 /* Frame the HCI CMD to be sent to the Controller */
543 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
544 -1, PATCH_HDR_LEN + 1);
545
546 /* Total length of the packet to be sent to the Controller */
547 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
548
549 /* Send HCI Command packet to Controller */
550 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
551 if ( err != size) {
552 ALOGE("Failed to set the patch info to the Controller!");
553 goto error;
554 }
555
556 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
557 if ( err < 0) {
558 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
559 goto error;
560 }
561 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
562 error:
563 return err;
564 }
565
rome_edl_patch_download_request(int fd)566 int rome_edl_patch_download_request(int fd)
567 {
568 int no_of_patch_segment;
569 int index = 1, err = 0, size = 0;
570 unsigned int p_base_addr;
571 unsigned char cmd[HCI_MAX_CMD_SIZE];
572 unsigned char rsp[HCI_MAX_EVENT_SIZE];
573
574 no_of_patch_segment = (rampatch_patch_info.patch_length /
575 MAX_DATA_PER_SEGMENT);
576 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
577 __FUNCTION__, no_of_patch_segment,
578 rampatch_patch_info.patch_base_addr);
579
580 /* Initialize the patch base address from the one read from bin file */
581 p_base_addr = rampatch_patch_info.patch_base_addr;
582
583 /*
584 * Depending upon size of the patch payload, download the patches in
585 * segments with a max. size of 239 bytes
586 */
587 for (index = 1; index <= no_of_patch_segment; index++) {
588
589 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
590
591 /* Frame the HCI CMD PKT to be sent to Controller*/
592 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
593 index, MAX_DATA_PER_SEGMENT);
594
595 /* Total length of the packet to be sent to the Controller */
596 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
597
598 /* Initialize the RSP packet everytime to 0 */
599 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
600
601 /* Send HCI Command packet to Controller */
602 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
603 if ( err != size) {
604 ALOGE("Failed to send the patch payload to the Controller!");
605 goto error;
606 }
607
608 /* Read Command Complete Event */
609 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
610 if ( err < 0) {
611 ALOGE("%s: Failed to downlaod patch segment: %d!",
612 __FUNCTION__, index);
613 goto error;
614 }
615 ALOGI("%s: Successfully downloaded patch segment: %d",
616 __FUNCTION__, index);
617 }
618
619 /* Check if any pending patch data to be sent */
620 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
621 rampatch_patch_info.patch_length :
622 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
623
624 if (size)
625 {
626 /* Frame the HCI CMD PKT to be sent to Controller*/
627 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
628
629 /* Initialize the RSP packet everytime to 0 */
630 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
631
632 /* Total length of the packet to be sent to the Controller */
633 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
634
635 /* Send HCI Command packet to Controller */
636 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
637 if ( err != size) {
638 ALOGE("Failed to send the patch payload to the Controller!");
639 goto error;
640 }
641
642 /* Read Command Complete Event */
643 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
644 if ( err < 0) {
645 ALOGE("%s: Failed to downlaod patch segment: %d!",
646 __FUNCTION__, index);
647 goto error;
648 }
649
650 ALOGI("%s: Successfully downloaded patch segment: %d",
651 __FUNCTION__, index);
652 }
653
654 error:
655 return err;
656 }
657
rome_download_rampatch(int fd)658 static int rome_download_rampatch(int fd)
659 {
660 int c, tmp, size, index, ret = -1;
661
662 ALOGI("%s: ", __FUNCTION__);
663
664 /* Get handle to the RAMPATCH binary file */
665 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
666 file = fopen(ROME_FW_PATH, "r");
667 if (file == NULL) {
668 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
669 __FUNCTION__);
670 return -ENFILE;
671 }
672
673 /* Allocate memory for the patch headder info */
674 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
675 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
676 if (phdr_buffer == NULL) {
677 ALOGE("%s: Failed to allocate memory for patch header",
678 __FUNCTION__);
679 goto phdr_alloc_failed;
680 }
681 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
682 phdr_buffer[index] = 0x0;
683
684 /* Read 28 bytes of patch header information */
685 ALOGI("%s: Reading patch header info", __FUNCTION__);
686 index = 0;
687 do {
688 c = fgetc (file);
689 phdr_buffer[index++] = (unsigned char)c;
690 } while (index != PATCH_HDR_LEN);
691
692 /* Save the patch header info into local structure */
693 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
694 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
695
696 /* Set the patch header info onto the Controller */
697 ret = rome_edl_set_patch_request(fd);
698 if (ret < 0) {
699 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
700 goto pdata_alloc_failed;
701 }
702
703 /* Allocate memory for the patch payload */
704 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
705 size = rampatch_patch_info.patch_length;
706 pdata_buffer = (unsigned char *) malloc(size+1);
707 if (pdata_buffer == NULL) {
708 ALOGE("%s: Failed to allocate memory for patch payload",
709 __FUNCTION__);
710 goto pdata_alloc_failed;
711 }
712 for (index = 0; index < size+1; index++)
713 pdata_buffer[index] = 0x0;
714
715 /* Read the patch data from Rampatch binary image */
716 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
717 index = 0;
718 do {
719 c = fgetc (file);
720 pdata_buffer[index++] = (unsigned char)c;
721 } while (c != EOF);
722
723 /* Downloading patches in segments to controller */
724 ret = rome_edl_patch_download_request(fd);
725 if (ret < 0) {
726 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
727 goto cleanup;
728 }
729 cleanup:
730 free(pdata_buffer);
731 pdata_alloc_failed:
732 free(phdr_buffer);
733 phdr_alloc_failed:
734 fclose(file);
735 error:
736 return ret;
737 }
738
rome_attach_rampatch(int fd)739 int rome_attach_rampatch(int fd)
740 {
741 int size, err;
742 unsigned char cmd[HCI_MAX_CMD_SIZE];
743 unsigned char rsp[HCI_MAX_EVENT_SIZE];
744
745 /* Frame the HCI CMD to be sent to the Controller */
746 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
747 -1, EDL_PATCH_CMD_LEN);
748
749 /* Total length of the packet to be sent to the Controller */
750 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
751
752 /* Send HCI Command packet to Controller */
753 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
754 if ( err != size) {
755 ALOGE("Failed to attach the patch payload to the Controller!");
756 goto error;
757 }
758
759 /* Read Command Complete Event */
760 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
761 if ( err < 0) {
762 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
763 goto error;
764 }
765 error:
766 return err;
767 }
768
rome_rampatch_reset(int fd)769 int rome_rampatch_reset(int fd)
770 {
771 int size, err = 0, flags;
772 unsigned char cmd[HCI_MAX_CMD_SIZE];
773 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
774
775 /* Frame the HCI CMD to be sent to the Controller */
776 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
777 -1, EDL_PATCH_CMD_LEN);
778
779 /* Total length of the packet to be sent to the Controller */
780 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
781
782 /* Send HCI Command packet to Controller */
783 err = do_write(fd, cmd, size);
784 if (err != size) {
785 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
786 goto error;
787 }
788
789 /*
790 * Controller doesn't sends any response for the patch reset
791 * command. HOST has to wait for 100ms before proceeding.
792 */
793 nanosleep(&tm, NULL);
794
795 error:
796 return err;
797 }
798
rome_get_tlv_file(char * file_path)799 int rome_get_tlv_file(char *file_path)
800 {
801 FILE * pFile;
802 long fileSize;
803 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
804 unsigned short nvm_tag_len;
805 tlv_patch_info *ptlv_header;
806 tlv_nvm_hdr *nvm_ptr;
807 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
808 unsigned char *nvm_byte_ptr;
809
810 ALOGI("File Open (%s)", file_path);
811 pFile = fopen ( file_path , "r" );
812 if (pFile==NULL) {;
813 ALOGE("%s File Open Fail", file_path);
814 return -1;
815 }
816
817 /* Get File Size */
818 fseek (pFile , 0 , SEEK_END);
819 fileSize = ftell (pFile);
820 rewind (pFile);
821
822 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
823 if (pdata_buffer == NULL) {
824 ALOGE("Allocated Memory failed");
825 fclose (pFile);
826 return -1;
827 }
828
829 /* Copy file into allocated buffer */
830 readSize = fread (pdata_buffer,1,fileSize,pFile);
831
832 /* File Close */
833 fclose (pFile);
834
835 if (readSize != fileSize) {
836 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
837 return -1;
838 }
839
840 ptlv_header = (tlv_patch_info *) pdata_buffer;
841
842 /* To handle different event between rampatch and NVM */
843 gTlv_type = ptlv_header->tlv_type;
844 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
845
846 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
847 ALOGI("====================================================");
848 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
849 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
850 (ptlv_header->tlv_length2 << 8) |
851 (ptlv_header->tlv_length3 << 16));
852 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
853 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
854 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
855 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
856 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
857 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
858 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
859 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
860 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
861 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
862 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
863 ALOGI("====================================================");
864
865 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
866 ALOGV("====================================================");
867 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
868 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
869 (ptlv_header->tlv_length2 << 8) |
870 (ptlv_header->tlv_length3 << 16));
871
872 if(nvm_length <= 0)
873 return readSize;
874
875 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
876 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
877 {
878 ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
879 ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
880 ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
881 ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
882
883 /* Increase nvm_index to NVM data */
884 nvm_index+=sizeof(tlv_nvm_hdr);
885 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
886
887 /* Write BD Address */
888 if(nvm_ptr->tag_id == TAG_NUM_2){
889 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
890 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
891 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
892 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
893 }
894
895 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
896 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
897
898 ALOGV("TAG Data\t\t\t : %s", data_buf);
899
900 /* Clear buffer */
901 memset(data_buf, 0x0, PRINT_BUF_SIZE);
902
903 /* increased by tag_len */
904 nvm_index+=nvm_ptr->tag_len;
905 nvm_byte_ptr +=nvm_ptr->tag_len;
906 }
907
908 ALOGV("====================================================");
909
910 } else {
911 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
912 }
913
914 return readSize;
915 }
916
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)917 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
918 {
919 int size=0, err = -1;
920 unsigned char cmd[HCI_MAX_CMD_SIZE];
921 unsigned char rsp[HCI_MAX_EVENT_SIZE];
922
923 ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
924
925 /* Frame the HCI CMD PKT to be sent to Controller*/
926 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
927
928 /* Total length of the packet to be sent to the Controller */
929 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
930
931 /* Initialize the RSP packet everytime to 0 */
932 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
933
934 /* Send HCI Command packet to Controller */
935 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
936 if ( err != size) {
937 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
938 return err;
939 }
940
941 if(wait_cc_evt) {
942 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
943 if ( err < 0) {
944 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
945 return err;
946 }
947 }
948
949 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
950 return err;
951 }
952
rome_tlv_dnld_req(int fd,int tlv_size)953 int rome_tlv_dnld_req(int fd, int tlv_size)
954 {
955 int total_segment, remain_size, i, err = -1;
956 unsigned char wait_cc_evt;
957
958 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
959 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
960 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
961
962 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
963 __FUNCTION__,tlv_size, total_segment, remain_size);
964
965 if (gTlv_type == TLV_TYPE_PATCH) {
966 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
967 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
968 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
969 */
970 switch(gTlv_dwndCfg)
971 {
972 case ROME_SKIP_EVT_NONE:
973 wait_vsc_evt = TRUE;
974 wait_cc_evt = TRUE;
975 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
976 break;
977 case ROME_SKIP_EVT_VSE_CC:
978 wait_vsc_evt = FALSE;
979 wait_cc_evt = FALSE;
980 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
981 break;
982 /* Not handled for now */
983 case ROME_SKIP_EVT_VSE:
984 case ROME_SKIP_EVT_CC:
985 default:
986 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
987 break;
988 }
989 } else {
990 wait_vsc_evt = TRUE;
991 wait_cc_evt = TRUE;
992 }
993
994 for(i=0;i<total_segment ;i++){
995 if ((i+1) == total_segment) {
996 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
997 /* If the Rome version is from 1.1 to 3.1
998 * 1. No CCE for the last command segment but all other segment
999 * 2. All the command segments get VSE including the last one
1000 */
1001 wait_cc_evt = !remain_size ? FALSE: TRUE;
1002 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1003 /* If the Rome version is 3.2
1004 * 1. None of the command segments receive CCE
1005 * 2. No command segments receive VSE except the last one
1006 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1007 * same as Rome 2.1, 2.2, 3.0
1008 */
1009 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1010 wait_cc_evt = !remain_size ? FALSE: TRUE;
1011 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1012 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1013 }
1014 }
1015 }
1016
1017 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1018 goto error;
1019 }
1020
1021 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1022 /* If the Rome version is from 1.1 to 3.1
1023 * 1. No CCE for the last command segment but all other segment
1024 * 2. All the command segments get VSE including the last one
1025 */
1026 wait_cc_evt = remain_size ? FALSE: TRUE;
1027 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1028 /* If the Rome version is 3.2
1029 * 1. None of the command segments receive CCE
1030 * 2. No command segments receive VSE except the last one
1031 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1032 * same as Rome 2.1, 2.2, 3.0
1033 */
1034 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1035 wait_cc_evt = remain_size ? FALSE: TRUE;
1036 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1037 wait_vsc_evt = remain_size ? TRUE: FALSE;
1038 }
1039 }
1040
1041 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1042
1043 error:
1044 return err;
1045 }
1046
rome_download_tlv_file(int fd)1047 int rome_download_tlv_file(int fd)
1048 {
1049 int tlv_size, err = -1;
1050
1051 /* Rampatch TLV file Downloading */
1052 pdata_buffer = NULL;
1053 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1054 goto error;
1055
1056 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1057 goto error;
1058
1059 if (pdata_buffer != NULL){
1060 free (pdata_buffer);
1061 pdata_buffer = NULL;
1062 }
1063 /* NVM TLV file Downloading */
1064 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1065 goto error;
1066
1067 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1068 goto error;
1069
1070 error:
1071 if (pdata_buffer != NULL)
1072 free (pdata_buffer);
1073
1074 return err;
1075 }
1076
rome_1_0_nvm_tag_dnld(int fd)1077 int rome_1_0_nvm_tag_dnld(int fd)
1078 {
1079 int i, size, err = 0;
1080 unsigned char cmd[HCI_MAX_CMD_SIZE];
1081 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1082
1083 #if (NVM_VERSION >= ROME_1_0_100019)
1084 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1085 {
1086 /* Tag 2 */ /* BD Address */
1087 { /* Packet Type */HCI_COMMAND_PKT,
1088 /* Opcode */ 0x0b,0xfc,
1089 /* Total Len */ 9,
1090 /* NVM CMD */ NVM_ACCESS_SET,
1091 /* Tag Num */ 2,
1092 /* Tag Len */ 6,
1093 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1094 },
1095 /* Tag 6 */ /* Bluetooth Support Features */
1096 { /* Packet Type */HCI_COMMAND_PKT,
1097 /* Opcode */ 0x0b,0xfc,
1098 /* Total Len */ 11,
1099 /* NVM CMD */ NVM_ACCESS_SET,
1100 /* Tag Num */ 6,
1101 /* Tag Len */ 8,
1102 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1103 },
1104 /* Tag 17 */ /* HCI Transport Layer Setting */
1105 { /* Packet Type */HCI_COMMAND_PKT,
1106 /* Opcode */ 0x0b,0xfc,
1107 /* Total Len */ 11,
1108 /* NVM CMD */ NVM_ACCESS_SET,
1109 /* Tag Num */ 17,
1110 /* Tag Len */ 8,
1111 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1112 },
1113 /* Tag 35 */
1114 { /* Packet Type */HCI_COMMAND_PKT,
1115 /* Opcode */ 0x0b,0xfc,
1116 /* Total Len */ 58,
1117 /* NVM CMD */ NVM_ACCESS_SET,
1118 /* Tag Num */ 35,
1119 /* Tag Len */ 55,
1120 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1121 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1122 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1123 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1124 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1125 0x1B, 0x14, 0x01, 0x04, 0x48
1126 },
1127 /* Tag 36 */
1128 { /* Packet Type */HCI_COMMAND_PKT,
1129 /* Opcode */ 0x0b,0xfc,
1130 /* Total Len */ 15,
1131 /* NVM CMD */ NVM_ACCESS_SET,
1132 /* Tag Num */ 36,
1133 /* Tag Len */ 12,
1134 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1135 },
1136 /* Tag 39 */
1137 { /* Packet Type */HCI_COMMAND_PKT,
1138 /* Opcode */ 0x0b,0xfc,
1139 /* Total Len */ 7,
1140 /* NVM CMD */ NVM_ACCESS_SET,
1141 /* Tag Num */ 39,
1142 /* Tag Len */ 4,
1143 /* Tag Value */ 0x12,0x00,0x00,0x00
1144 },
1145 /* Tag 41 */
1146 { /* Packet Type */HCI_COMMAND_PKT,
1147 /* Opcode */ 0x0b,0xfc,
1148 /* Total Len */ 91,
1149 /* NVM CMD */ NVM_ACCESS_SET,
1150 /* Tag Num */ 41,
1151 /* Tag Len */ 88,
1152 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1153 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1154 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1155 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1156 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1157 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1158 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1159 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1160 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1161 },
1162 /* Tag 42 */
1163 { /* Packet Type */HCI_COMMAND_PKT,
1164 /* Opcode */ 0x0b,0xfc,
1165 /* Total Len */ 63,
1166 /* NVM CMD */ NVM_ACCESS_SET,
1167 /* Tag Num */ 42,
1168 /* Tag Len */ 60,
1169 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1170 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1171 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1172 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1173 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1174 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1175 },
1176 /* Tag 84 */
1177 { /* Packet Type */HCI_COMMAND_PKT,
1178 /* Opcode */ 0x0b,0xfc,
1179 /* Total Len */ 153,
1180 /* NVM CMD */ NVM_ACCESS_SET,
1181 /* Tag Num */ 84,
1182 /* Tag Len */ 150,
1183 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1184 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1185 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1186 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1187 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1188 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1189 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1190 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1191 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1192 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1193 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1194 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1195 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1196 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1197 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1198 },
1199 /* Tag 85 */
1200 { /* Packet Type */HCI_COMMAND_PKT,
1201 /* Opcode */ 0x0b,0xfc,
1202 /* Total Len */ 119,
1203 /* NVM CMD */ NVM_ACCESS_SET,
1204 /* Tag Num */ 85,
1205 /* Tag Len */ 116,
1206 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1207 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1208 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1209 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1210 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1211 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1212 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1213 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1214 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1215 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1216 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1217 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1218 },
1219 {TAG_END}
1220 };
1221 #elif (NVM_VERSION == ROME_1_0_6002)
1222 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1223 {
1224 /* Tag 2 */
1225 { /* Packet Type */HCI_COMMAND_PKT,
1226 /* Opcode */ 0x0b,0xfc,
1227 /* Total Len */ 9,
1228 /* NVM CMD */ NVM_ACCESS_SET,
1229 /* Tag Num */ 2,
1230 /* Tag Len */ 6,
1231 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1232 },
1233 /* Tag 6 */
1234 { /* Packet Type */HCI_COMMAND_PKT,
1235 /* Opcode */ 0x0b,0xfc,
1236 /* Total Len */ 11,
1237 /* NVM CMD */ NVM_ACCESS_SET,
1238 /* Tag Num */ 6,
1239 /* Tag Len */ 8,
1240 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1241 },
1242 /* Tag 17 */
1243 { /* Packet Type */HCI_COMMAND_PKT,
1244 /* Opcode */ 0x0b,0xfc,
1245 /* Total Len */ 11,
1246 /* NVM CMD */ NVM_ACCESS_SET,
1247 /* Tag Num */ 17,
1248 /* Tag Len */ 8,
1249 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1250 },
1251 /* Tag 36 */
1252 { /* Packet Type */HCI_COMMAND_PKT,
1253 /* Opcode */ 0x0b,0xfc,
1254 /* Total Len */ 15,
1255 /* NVM CMD */ NVM_ACCESS_SET,
1256 /* Tag Num */ 36,
1257 /* Tag Len */ 12,
1258 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1259 },
1260
1261 /* Tag 39 */
1262 { /* Packet Type */HCI_COMMAND_PKT,
1263 /* Opcode */ 0x0b,0xfc,
1264 /* Total Len */ 7,
1265 /* NVM CMD */ NVM_ACCESS_SET,
1266 /* Tag Num */ 39,
1267 /* Tag Len */ 4,
1268 /* Tag Value */ 0x12,0x00,0x00,0x00
1269 },
1270
1271 /* Tag 41 */
1272 { /* Packet Type */HCI_COMMAND_PKT,
1273 /* Opcode */ 0x0b,0xfc,
1274 /* Total Len */ 199,
1275 /* NVM CMD */ NVM_ACCESS_SET,
1276 /* Tag Num */ 41,
1277 /* Tag Len */ 196,
1278 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1279 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1280 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1281 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1282 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1283 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1284 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1285 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1286 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1287 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1288 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1289 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1290 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1291 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1292 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1293 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1294 0x0B,0x01,0x03,0x00
1295 },
1296
1297 /* Tag 44 */
1298 { /* Packet Type */HCI_COMMAND_PKT,
1299 /* Opcode */ 0x0b,0xfc,
1300 /* Total Len */ 44,
1301 /* NVM CMD */ NVM_ACCESS_SET,
1302 /* Tag Num */ 44,
1303 /* Tag Len */ 41,
1304 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1305 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1306 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1307 0x00,0x14,0x01,0x02,0x03
1308 },
1309 {TAG_END}
1310 };
1311 #endif
1312
1313 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1314
1315 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1316 {
1317 /* Write BD Address */
1318 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1319 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1320 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1321 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1322 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1323 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1324 }
1325 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1326 /* Send HCI Command packet to Controller */
1327 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1328 if ( err != size) {
1329 ALOGE("Failed to attach the patch payload to the Controller!");
1330 goto error;
1331 }
1332
1333 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1334 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1335 if ( err < 0) {
1336 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1337 goto error;
1338 }
1339 }
1340
1341 error:
1342 return err;
1343 }
1344
1345
1346
rome_patch_ver_req(int fd)1347 int rome_patch_ver_req(int fd)
1348 {
1349 int size, err = 0;
1350 unsigned char cmd[HCI_MAX_CMD_SIZE];
1351 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1352
1353 /* Frame the HCI CMD to be sent to the Controller */
1354 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1355 -1, EDL_PATCH_CMD_LEN);
1356
1357 /* Total length of the packet to be sent to the Controller */
1358 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1359
1360 /* Send HCI Command packet to Controller */
1361 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1362 if ( err != size) {
1363 ALOGE("Failed to attach the patch payload to the Controller!");
1364 goto error;
1365 }
1366
1367 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1368 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1369 if ( err < 0) {
1370 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1371 goto error;
1372 }
1373 error:
1374 return err;
1375
1376 }
1377
rome_get_build_info_req(int fd)1378 int rome_get_build_info_req(int fd)
1379 {
1380 int size, err = 0;
1381 unsigned char cmd[HCI_MAX_CMD_SIZE];
1382 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1383
1384 /* Frame the HCI CMD to be sent to the Controller */
1385 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1386 -1, EDL_PATCH_CMD_LEN);
1387
1388 /* Total length of the packet to be sent to the Controller */
1389 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1390
1391 /* Send HCI Command packet to Controller */
1392 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1393 if ( err != size) {
1394 ALOGE("Failed to send get build info cmd to the SoC!");
1395 goto error;
1396 }
1397
1398 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1399 if ( err < 0) {
1400 ALOGE("%s: Failed to get build info", __FUNCTION__);
1401 goto error;
1402 }
1403 error:
1404 return err;
1405
1406 }
1407
1408
rome_set_baudrate_req(int fd)1409 int rome_set_baudrate_req(int fd)
1410 {
1411 int size, err = 0;
1412 unsigned char cmd[HCI_MAX_CMD_SIZE];
1413 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1414 hci_command_hdr *cmd_hdr;
1415 int flags;
1416
1417 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1418
1419 cmd_hdr = (void *) (cmd + 1);
1420 cmd[0] = HCI_COMMAND_PKT;
1421 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1422 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1423 cmd[4] = BAUDRATE_3000000;
1424
1425 /* Total length of the packet to be sent to the Controller */
1426 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1427 tcflush(fd,TCIOFLUSH);
1428 /* Flow off during baudrate change */
1429 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1430 {
1431 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1432 goto error;
1433 }
1434
1435 /* Send the HCI command packet to UART for transmission */
1436 err = do_write(fd, cmd, size);
1437 if (err != size) {
1438 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1439 goto error;
1440 }
1441
1442 /* Change Local UART baudrate to high speed UART */
1443 userial_vendor_set_baud(USERIAL_BAUD_3M);
1444
1445 /* Flow on after changing local uart baudrate */
1446 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1447 {
1448 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1449 return err;
1450 }
1451
1452 /* Check for response from the Controller */
1453 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1454 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1455 goto error;
1456 }
1457
1458 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1459
1460 /* Wait for command complete event */
1461 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1462 if ( err < 0) {
1463 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1464 goto error;
1465 }
1466
1467 error:
1468 return err;
1469
1470 }
1471
1472
rome_hci_reset_req(int fd)1473 int rome_hci_reset_req(int fd)
1474 {
1475 int size, err = 0;
1476 unsigned char cmd[HCI_MAX_CMD_SIZE];
1477 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1478 hci_command_hdr *cmd_hdr;
1479 int flags;
1480
1481 ALOGI("%s: HCI RESET ", __FUNCTION__);
1482
1483 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1484
1485 cmd_hdr = (void *) (cmd + 1);
1486 cmd[0] = HCI_COMMAND_PKT;
1487 cmd_hdr->opcode = HCI_RESET;
1488 cmd_hdr->plen = 0;
1489
1490 /* Total length of the packet to be sent to the Controller */
1491 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1492
1493 /* Flow off during baudrate change */
1494 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1495 {
1496 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1497 goto error;
1498 }
1499
1500 /* Send the HCI command packet to UART for transmission */
1501 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1502 err = do_write(fd, cmd, size);
1503 if (err != size) {
1504 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1505 goto error;
1506 }
1507
1508 /* Change Local UART baudrate to high speed UART */
1509 userial_vendor_set_baud(USERIAL_BAUD_3M);
1510
1511 /* Flow on after changing local uart baudrate */
1512 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1513 {
1514 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1515 return err;
1516 }
1517
1518 /* Wait for command complete event */
1519 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1520 if ( err < 0) {
1521 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1522 goto error;
1523 }
1524
1525 error:
1526 return err;
1527
1528 }
1529
1530
rome_hci_reset(int fd)1531 int rome_hci_reset(int fd)
1532 {
1533 int size, err = 0;
1534 unsigned char cmd[HCI_MAX_CMD_SIZE];
1535 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1536 hci_command_hdr *cmd_hdr;
1537 int flags;
1538
1539 ALOGI("%s: HCI RESET ", __FUNCTION__);
1540
1541 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1542
1543 cmd_hdr = (void *) (cmd + 1);
1544 cmd[0] = HCI_COMMAND_PKT;
1545 cmd_hdr->opcode = HCI_RESET;
1546 cmd_hdr->plen = 0;
1547
1548 /* Total length of the packet to be sent to the Controller */
1549 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1550 err = do_write(fd, cmd, size);
1551 if (err != size) {
1552 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1553 err = -1;
1554 goto error;
1555 }
1556
1557 /* Wait for command complete event */
1558 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1559 if ( err < 0) {
1560 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1561 goto error;
1562 }
1563
1564 error:
1565 return err;
1566
1567 }
1568
rome_wipower_current_charging_status_req(int fd)1569 int rome_wipower_current_charging_status_req(int fd)
1570 {
1571 int size, err = 0;
1572 unsigned char cmd[HCI_MAX_CMD_SIZE];
1573 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1574 hci_command_hdr *cmd_hdr;
1575 int flags;
1576
1577 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1578
1579 cmd_hdr = (void *) (cmd + 1);
1580 cmd[0] = HCI_COMMAND_PKT;
1581 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1582 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1583 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1584
1585 /* Total length of the packet to be sent to the Controller */
1586 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1587
1588 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1589 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1590
1591 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1592 if ( err != size) {
1593 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1594 goto error;
1595 }
1596
1597 /* Check for response from the Controller */
1598 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1599 err = -ETIMEDOUT;
1600 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1601 goto error;
1602 }
1603
1604 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1605 if (rsp[4] >= NON_WIPOWER_MODE) {
1606 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1607 if (err < 0) {
1608 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1609 goto error;
1610 }
1611 }
1612
1613 error:
1614 return err;
1615 }
1616
addon_feature_req(int fd)1617 int addon_feature_req(int fd)
1618 {
1619 int size, err = 0;
1620 unsigned char cmd[HCI_MAX_CMD_SIZE];
1621 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1622 hci_command_hdr *cmd_hdr;
1623 int flags;
1624
1625 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1626
1627 cmd_hdr = (void *) (cmd + 1);
1628 cmd[0] = HCI_COMMAND_PKT;
1629 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1630 cmd_hdr->plen = 0x00;
1631
1632 /* Total length of the packet to be sent to the Controller */
1633 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1634
1635 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1636 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1637 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1638 if ( err != size) {
1639 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1640 goto error;
1641 }
1642
1643 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1644 if (err < 0) {
1645 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1646 goto error;
1647 }
1648 error:
1649 return err;
1650 }
1651
1652
check_embedded_mode(int fd)1653 int check_embedded_mode(int fd) {
1654 int err = 0;
1655
1656 wipower_flag = 0;
1657 /* Get current wipower charging status */
1658 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1659 {
1660 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1661 }
1662 usleep(500);
1663
1664 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1665
1666 return wipower_flag;
1667 }
1668
rome_get_addon_feature_list(int fd)1669 int rome_get_addon_feature_list(int fd) {
1670 int err = 0;
1671
1672 /* Get addon features that are supported by FW */
1673 if ((err = addon_feature_req(fd)) < 0)
1674 {
1675 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1676 }
1677 return err;
1678 }
1679
rome_wipower_forward_handoff_req(int fd)1680 int rome_wipower_forward_handoff_req(int fd)
1681 {
1682 int size, err = 0;
1683 unsigned char cmd[HCI_MAX_CMD_SIZE];
1684 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1685 hci_command_hdr *cmd_hdr;
1686 int flags;
1687
1688 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1689
1690 cmd_hdr = (void *) (cmd + 1);
1691 cmd[0] = HCI_COMMAND_PKT;
1692 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1693 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1694 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1695
1696 /* Total length of the packet to be sent to the Controller */
1697 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1698
1699 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1700 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1701 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1702 if ( err != size) {
1703 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1704 goto error;
1705 }
1706
1707 /* Check for response from the Controller */
1708 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1709 err = -ETIMEDOUT;
1710 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1711 goto error;
1712 }
1713
1714 error:
1715 return err;
1716 }
1717
1718
enable_controller_log(int fd)1719 void enable_controller_log (int fd)
1720 {
1721 int ret = 0;
1722 /* VS command to enable controller logging to the HOST. By default it is disabled */
1723 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1724 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1725 char value[PROPERTY_VALUE_MAX] = {'\0'};
1726
1727 property_get("persist.service.bdroid.soclog", value, "false");
1728
1729 // value at cmd[5]: 1 - to enable, 0 - to disable
1730 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1731 ALOGI("%s: %d", __func__, ret);
1732
1733 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1734 if (ret != 6) {
1735 ALOGE("%s: command failed", __func__);
1736 }
1737 }
1738
1739
disable_internal_ldo(int fd)1740 static int disable_internal_ldo(int fd)
1741 {
1742 int ret = 0;
1743 if (enable_extldo) {
1744 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1745 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1746
1747 ALOGI(" %s ", __FUNCTION__);
1748 ret = do_write(fd, cmd, 5);
1749 if (ret != 5) {
1750 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1751 ret = -1;
1752 } else {
1753 /* Wait for command complete event */
1754 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1755 if ( ret < 0) {
1756 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1757 }
1758 }
1759 }
1760 return ret;
1761 }
1762
rome_soc_init(int fd,char * bdaddr)1763 int rome_soc_init(int fd, char *bdaddr)
1764 {
1765 int err = -1, size = 0;
1766
1767 ALOGI(" %s ", __FUNCTION__);
1768
1769 /* If wipower charging is going on in embedded mode then start hand off req */
1770 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1771 {
1772 wipower_flag = 0;
1773 wipower_handoff_ready = 0;
1774 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1775 {
1776 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1777 }
1778 }
1779
1780 /* Get Rome version information */
1781 if((err = rome_patch_ver_req(fd)) <0){
1782 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1783 goto error;
1784 }
1785
1786 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1787
1788 switch (rome_ver){
1789 case ROME_VER_1_0:
1790 {
1791 /* Set and Download the RAMPATCH */
1792 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1793 err = rome_download_rampatch(fd);
1794 if (err < 0) {
1795 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1796 goto error;
1797 }
1798 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1799
1800 /* Attach the RAMPATCH */
1801 ALOGI("%s: Attaching the patches", __FUNCTION__);
1802 err = rome_attach_rampatch(fd);
1803 if (err < 0) {
1804 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1805 goto error;
1806 }
1807 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1808
1809 /* Send Reset */
1810 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1811 err = rome_rampatch_reset(fd);
1812 if ( err < 0 ) {
1813 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1814 goto error;
1815 }
1816
1817 /* NVM download */
1818 ALOGI("%s: Downloading NVM", __FUNCTION__);
1819 err = rome_1_0_nvm_tag_dnld(fd);
1820 if ( err <0 ) {
1821 ALOGE("Downloading NVM Failed !!");
1822 goto error;
1823 }
1824
1825 /* Change baud rate 115.2 kbps to 3Mbps*/
1826 err = rome_hci_reset_req(fd);
1827 if (err < 0) {
1828 ALOGE("HCI Reset Failed !!");
1829 goto error;
1830 }
1831
1832 ALOGI("HCI Reset is done\n");
1833 }
1834 break;
1835 case ROME_VER_1_1:
1836 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1837 nvm_file_path = ROME_NVM_TLV_PATH;
1838 goto download;
1839 case ROME_VER_1_3:
1840 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1841 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1842 goto download;
1843 case ROME_VER_2_1:
1844 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1845 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1846 goto download;
1847 case ROME_VER_3_0:
1848 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1849 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1850 fw_su_info = ROME_3_1_FW_SU;
1851 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1852 goto download;
1853 case ROME_VER_3_2:
1854 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1855 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1856 fw_su_info = ROME_3_2_FW_SU;
1857 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1858
1859 download:
1860 /* Change baud rate 115.2 kbps to 3Mbps*/
1861 err = rome_set_baudrate_req(fd);
1862 if (err < 0) {
1863 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1864 goto error;
1865 }
1866 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1867 /* Donwload TLV files (rampatch, NVM) */
1868 err = rome_download_tlv_file(fd);
1869 if (err < 0) {
1870 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1871 goto error;
1872 }
1873 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1874
1875 /* Get SU FM label information */
1876 if((err = rome_get_build_info_req(fd)) <0){
1877 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1878 //Ignore the failure of ROME FW SU label information
1879 err = 0;
1880 }
1881
1882 /* Disable internal LDO to use external LDO instead*/
1883 err = disable_internal_ldo(fd);
1884
1885 /* Send HCI Reset */
1886 err = rome_hci_reset(fd);
1887 if ( err <0 ) {
1888 ALOGE("HCI Reset Failed !!");
1889 goto error;
1890 }
1891
1892 ALOGI("HCI Reset is done\n");
1893
1894 break;
1895 case ROME_VER_UNKNOWN:
1896 default:
1897 ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1898 err = -1;
1899 break;
1900 }
1901
1902 error:
1903 return err;
1904 }
1905