1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include <sys/socket.h>
38 #include <utils/Log.h>
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <signal.h>
42 #include <time.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <dirent.h>
46 #include <ctype.h>
47 #include <cutils/properties.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <termios.h>
51 #include <string.h>
52 #include <stdbool.h>
53
54 #include "bt_hci_bdroid.h"
55 #include "bt_vendor_qcom.h"
56 #include "hci_uart.h"
57 #include "hw_rome.h"
58
59 #define BOARD_ID_LEN 0x5
60 #define MSB_NIBBLE_MASK 0xF0
61 #define LSB_NIBBLE_MASK 0x0F
62
63 #ifdef __cplusplus
64 }
65 #endif
66
67 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
68
69 int read_vs_hci_event(int fd, unsigned char* buf, int size);
70 int get_boardid_req(int fd);
71 unsigned char convert2ascii(unsigned char temp);
72
73
74 /******************************************************************************
75 ** Variables
76 ******************************************************************************/
77 FILE *file;
78 unsigned char *phdr_buffer;
79 unsigned char *pdata_buffer = NULL;
80 patch_info rampatch_patch_info;
81 int rome_ver = ROME_VER_UNKNOWN;
82 unsigned char gTlv_type;
83 unsigned char gTlv_dwndCfg;
84 static unsigned int wipower_flag = 0;
85 static unsigned int wipower_handoff_ready = 0;
86 char *rampatch_file_path;
87 char *nvm_file_path;
88 char *fw_su_info = NULL;
89 unsigned short fw_su_offset =0;
90 extern char enable_extldo;
91 unsigned char wait_vsc_evt = TRUE;
92 bool patch_dnld_pending = FALSE;
93 int dnld_fd = -1;
94 unsigned char board_id[BOARD_ID_LEN];
95
96 /******************************************************************************
97 ** Extern variables
98 ******************************************************************************/
99 extern uint8_t vnd_local_bd_addr[6];
100
101 /*****************************************************************************
102 ** Functions
103 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)104 int do_write(int fd, unsigned char *buf,int len)
105 {
106 int ret = 0;
107 int write_offset = 0;
108 int write_len = len;
109 do {
110 ret = write(fd,buf+write_offset,write_len);
111 if (ret < 0)
112 {
113 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
114 return -1;
115 } else if (ret == 0) {
116 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
117 return 0;
118 } else {
119 if (ret < write_len) {
120 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
121 strerror(errno));
122 write_len = write_len - ret;
123 write_offset = ret;
124 } else {
125 ALOGV("Write successful");
126 break;
127 }
128 }
129 } while(1);
130 return len;
131 }
132
get_vs_hci_event(unsigned char * rsp)133 int get_vs_hci_event(unsigned char *rsp)
134 {
135 int err = 0;
136 unsigned char paramlen = 0;
137 unsigned char EMBEDDED_MODE_CHECK = 0x02;
138 FILE *btversionfile = 0;
139 unsigned int soc_id = 0;
140 unsigned int productid = 0;
141 unsigned short patchversion = 0;
142 char build_label[255];
143 int build_lbl_len;
144
145 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
146 ALOGV("%s: Received HCI-Vendor Specific event", __FUNCTION__);
147 else {
148 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
149 err = -EIO;
150 goto failed;
151 }
152
153 ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN],
154 rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]);
155
156 /* Check the status of the operation */
157 switch ( rsp[CMD_RSP_OFFSET] )
158 {
159 case EDL_CMD_REQ_RES_EVT:
160 ALOGV("%s: Command Request Response", __FUNCTION__);
161 switch(rsp[RSP_TYPE_OFFSET])
162 {
163 case EDL_PATCH_VER_RES_EVT:
164 case EDL_APP_VER_RES_EVT:
165 ALOGI("\t Current Product ID\t\t: 0x%08x",
166 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
167 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
168 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
169 rsp[PATCH_PROD_ID_OFFSET] ));
170
171 /* Patch Version indicates FW patch version */
172 ALOGI("\t Current Patch Version\t\t: 0x%04x",
173 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
174 rsp[PATCH_PATCH_VER_OFFSET] )));
175
176 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
177 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver =
178 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
179 rsp[PATCH_ROM_BUILD_VER_OFFSET] ));
180
181 /* In case rome 1.0/1.1, there is no SOC ID version available */
182 if (paramlen - 10)
183 {
184 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id =
185 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
186 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
187 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
188 rsp[PATCH_SOC_VER_OFFSET] ));
189 }
190
191 /* Rome Chipset Version can be decided by Patch version and SOC version,
192 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
193 used for SOC as combination for BT host driver */
194 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff);
195 break;
196 case EDL_TVL_DNLD_RES_EVT:
197 case EDL_CMD_EXE_STATUS_EVT:
198 switch (err = rsp[CMD_STATUS_OFFSET])
199 {
200 case HCI_CMD_SUCCESS:
201 ALOGV("%s: Download Packet successfully!", __FUNCTION__);
202 break;
203 case PATCH_LEN_ERROR:
204 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
205 "SET REQ cmd", __FUNCTION__);
206 break;
207 case PATCH_VER_ERROR:
208 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
209 "SET REQ cmd", __FUNCTION__);
210 break;
211 case PATCH_CRC_ERROR:
212 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
213 break;
214 case PATCH_NOT_FOUND:
215 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
216 break;
217 case TLV_TYPE_ERROR:
218 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
219 break;
220 default:
221 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
222 break;
223 }
224 break;
225 case HCI_VS_GET_BUILD_VER_EVT:
226 build_lbl_len = rsp[5];
227 memcpy (build_label, &rsp[6], build_lbl_len);
228 *(build_label+build_lbl_len) = '\0';
229
230 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
231 break;
232 case EDL_BOARD_ID_RESPONSE:
233 ALOGI("%s: board id %x %x!!", __FUNCTION__, rsp[6], rsp[7]);
234 if (rsp[6] <= 0x00) {
235 board_id[0] = convert2ascii ((rsp[7] & MSB_NIBBLE_MASK) >> 4);
236 board_id[1] = convert2ascii (rsp[7] & LSB_NIBBLE_MASK);
237 board_id[2] = '\0';
238 } else {
239 board_id[0] = convert2ascii ((rsp[6] & MSB_NIBBLE_MASK) >> 4);
240 board_id[1] = convert2ascii (rsp[6] & LSB_NIBBLE_MASK);
241 board_id[2] = convert2ascii ((rsp[7] & MSB_NIBBLE_MASK) >> 4);
242 board_id[3] = convert2ascii (rsp[7] & LSB_NIBBLE_MASK);
243 board_id[4] = '\0';
244 }
245 break;
246 }
247 break;
248
249 case NVM_ACCESS_CODE:
250 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
251 err = HCI_CMD_SUCCESS;
252 break;
253 case EDL_SET_BAUDRATE_RSP_EVT:
254 /* Rome 1.1 has bug with the response, so it should ignore it. */
255 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
256 {
257 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
258 rsp[CMD_STATUS_OFFSET]);
259 err = -1;
260 }
261 break;
262 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
263 /* Query charging command has below return values
264 0 - in embedded mode not charging
265 1 - in embedded mode and charging
266 2 - hadofff completed and in normal mode
267 3 - no wipower supported on mtp. so irrepective of charging
268 handoff command has to be sent if return values are 0 or 1.
269 These change include logic to enable generic BT turn on sequence.*/
270 if (rsp[4] < EMBEDDED_MODE_CHECK)
271 {
272 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
273 wipower_handoff_ready = rsp[4];
274 wipower_flag = 1;
275 }
276 break;
277 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
278 /*TODO: rsp code 00 mean no charging
279 this is going to change in FW soon*/
280 if (rsp[4] == NON_WIPOWER_MODE)
281 {
282 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
283 }
284 break;
285 case HCI_VS_GET_ADDON_FEATURES_EVENT:
286 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
287 {
288 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
289 property_set("persist.bluetooth.a4wp", "true");
290 }
291 break;
292 case HCI_VS_STRAY_EVT:
293 /* WAR to handle stray Power Apply EVT during patch download */
294 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
295 if (patch_dnld_pending && dnld_fd != -1)
296 {
297 unsigned char rsp[HCI_MAX_EVENT_SIZE];
298 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
299 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
300 }
301 else
302 {
303 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
304 err = -1;
305 }
306 break;
307 default:
308 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
309 err = -1;
310 break;
311 }
312
313 failed:
314 return err;
315 }
316
317
318 /*
319 * Read an VS HCI event from the given file descriptor.
320 */
read_vs_hci_event(int fd,unsigned char * buf,int size)321 int read_vs_hci_event(int fd, unsigned char* buf, int size)
322 {
323 int remain, r;
324 int count = 0, i;
325
326 if (size <= 0) {
327 ALOGE("Invalid size arguement!");
328 return -1;
329 }
330
331 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
332
333 /* The first byte identifies the packet type. For HCI event packets, it
334 * should be 0x04, so we read until we get to the 0x04. */
335 /* It will keep reading until find 0x04 byte */
336 while (1) {
337 r = read(fd, buf, 1);
338 if (r <= 0)
339 return -1;
340 if (buf[0] == 0x04)
341 break;
342 }
343 count++;
344
345 /* The next two bytes are the event code and parameter total length. */
346 while (count < 3) {
347 r = read(fd, buf + count, 3 - count);
348 if ((r <= 0) || (buf[1] != 0xFF )) {
349 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
350 return -1;
351 }
352 count += r;
353 }
354
355 /* Now we read the parameters. */
356 if (buf[2] < (size - 3))
357 remain = buf[2];
358 else
359 remain = size - 3;
360
361 while ((count - 3) < remain) {
362 r = read(fd, buf + count, remain - (count - 3));
363 if (r <= 0)
364 return -1;
365 count += r;
366 }
367
368 /* Check if the set patch command is successful or not */
369 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
370 return -1;
371
372 return count;
373 }
374
375 /*
376 * For Hand-Off related Wipower commands, Command complete arrives first and
377 * the followd with VS event
378 *
379 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)380 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
381 {
382 int ret = 0;
383 int err = 0;
384
385 /* Send the HCI command packet to UART for transmission */
386 ret = do_write(fd, cmd, size);
387 if (ret != size) {
388 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
389 goto failed;
390 }
391
392 /* Wait for command complete event */
393 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
394 if ( err < 0) {
395 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
396 goto failed;
397 }
398
399 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
400 failed:
401 return ret;
402 }
403
404
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)405 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
406 {
407 int ret = 0;
408
409 /* Send the HCI command packet to UART for transmission */
410 ret = do_write(fd, cmd, size);
411 if (ret != size) {
412 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
413 goto failed;
414 }
415
416 if (wait_vsc_evt) {
417 /* Check for response from the Controller */
418 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
419 ret = -ETIMEDOUT;
420 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
421 goto failed;
422 }
423 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
424 }
425
426 failed:
427 return ret;
428 }
429
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)430 void frame_hci_cmd_pkt(
431 unsigned char *cmd,
432 int edl_cmd, unsigned int p_base_addr,
433 int segtNo, int size
434 )
435 {
436 int offset = 0;
437 hci_command_hdr *cmd_hdr;
438
439 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
440
441 cmd_hdr = (void *) (cmd + 1);
442
443 cmd[0] = HCI_COMMAND_PKT;
444 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
445 cmd_hdr->plen = size;
446 cmd[4] = edl_cmd;
447
448 switch (edl_cmd)
449 {
450 case EDL_PATCH_SET_REQ_CMD:
451 /* Copy the patch header info as CMD params */
452 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
453 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
454 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
455 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
456 break;
457 case EDL_PATCH_DLD_REQ_CMD:
458 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
459 p_base_addr += offset;
460 cmd_hdr->plen = (size + 6);
461 cmd[5] = (size + 4);
462 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
463 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
464 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
465 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
466 memcpy(&cmd[10], (pdata_buffer + offset), size);
467
468 ALOGV("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
469 __FUNCTION__, size);
470 ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
471 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
472 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
473 break;
474 case EDL_PATCH_ATCH_REQ_CMD:
475 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
476 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
477 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
478 break;
479 case EDL_PATCH_RST_REQ_CMD:
480 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
481 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
482 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
483 break;
484 case EDL_PATCH_VER_REQ_CMD:
485 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
486 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
487 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
488 break;
489 case EDL_PATCH_TLV_REQ_CMD:
490 ALOGV("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
491 /* Parameter Total Length */
492 cmd[3] = size +2;
493
494 /* TLV Segment Length */
495 cmd[5] = size;
496 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
497 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
498 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
499 memcpy(&cmd[6], (pdata_buffer + offset), size);
500 break;
501 case EDL_GET_BUILD_INFO:
502 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
503 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
504 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
505 break;
506 case EDL_GET_BOARD_ID:
507 ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
508 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
509 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
510 break;
511 default:
512 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
513 }
514 }
515
rome_extract_patch_header_info(unsigned char * buf)516 void rome_extract_patch_header_info(unsigned char *buf)
517 {
518 int index;
519
520 /* Extract patch id */
521 for (index = 0; index < 4; index++)
522 rampatch_patch_info.patch_id |=
523 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
524
525 /* Extract (ROM and BUILD) version information */
526 for (index = 0; index < 2; index++)
527 rampatch_patch_info.patch_ver.rom_version |=
528 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
529
530 for (index = 0; index < 2; index++)
531 rampatch_patch_info.patch_ver.build_version |=
532 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
533
534 /* Extract patch base and entry addresses */
535 for (index = 0; index < 4; index++)
536 rampatch_patch_info.patch_base_addr |=
537 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
538
539 /* Patch BASE & ENTRY addresses are same */
540 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
541
542 /* Extract total length of the patch payload */
543 for (index = 0; index < 4; index++)
544 rampatch_patch_info.patch_length |=
545 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
546
547 /* Extract the CRC checksum of the patch payload */
548 for (index = 0; index < 4; index++)
549 rampatch_patch_info.patch_crc |=
550 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
551
552 /* Extract patch control value */
553 for (index = 0; index < 4; index++)
554 rampatch_patch_info.patch_ctrl |=
555 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
556
557 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
558 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
559 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
560 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
561 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
562 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
563 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
564
565 }
566
rome_edl_set_patch_request(int fd)567 int rome_edl_set_patch_request(int fd)
568 {
569 int size, err;
570 unsigned char cmd[HCI_MAX_CMD_SIZE];
571 unsigned char rsp[HCI_MAX_EVENT_SIZE];
572
573 /* Frame the HCI CMD to be sent to the Controller */
574 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
575 -1, PATCH_HDR_LEN + 1);
576
577 /* Total length of the packet to be sent to the Controller */
578 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
579
580 /* Send HCI Command packet to Controller */
581 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
582 if ( err != size) {
583 ALOGE("Failed to set the patch info to the Controller!");
584 goto error;
585 }
586
587 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
588 if ( err < 0) {
589 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
590 goto error;
591 }
592 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
593 error:
594 return err;
595 }
596
rome_edl_patch_download_request(int fd)597 int rome_edl_patch_download_request(int fd)
598 {
599 int no_of_patch_segment;
600 int index = 1, err = 0, size = 0;
601 unsigned int p_base_addr;
602 unsigned char cmd[HCI_MAX_CMD_SIZE];
603 unsigned char rsp[HCI_MAX_EVENT_SIZE];
604
605 no_of_patch_segment = (rampatch_patch_info.patch_length /
606 MAX_DATA_PER_SEGMENT);
607 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
608 __FUNCTION__, no_of_patch_segment,
609 rampatch_patch_info.patch_base_addr);
610
611 /* Initialize the patch base address from the one read from bin file */
612 p_base_addr = rampatch_patch_info.patch_base_addr;
613
614 /*
615 * Depending upon size of the patch payload, download the patches in
616 * segments with a max. size of 239 bytes
617 */
618 for (index = 1; index <= no_of_patch_segment; index++) {
619
620 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
621
622 /* Frame the HCI CMD PKT to be sent to Controller*/
623 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
624 index, MAX_DATA_PER_SEGMENT);
625
626 /* Total length of the packet to be sent to the Controller */
627 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
628
629 /* Initialize the RSP packet everytime to 0 */
630 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
631
632 /* Send HCI Command packet to Controller */
633 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
634 if ( err != size) {
635 ALOGE("Failed to send the patch payload to the Controller!");
636 goto error;
637 }
638
639 /* Read Command Complete Event */
640 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
641 if ( err < 0) {
642 ALOGE("%s: Failed to downlaod patch segment: %d!",
643 __FUNCTION__, index);
644 goto error;
645 }
646 ALOGI("%s: Successfully downloaded patch segment: %d",
647 __FUNCTION__, index);
648 }
649
650 /* Check if any pending patch data to be sent */
651 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
652 rampatch_patch_info.patch_length :
653 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
654
655 if (size)
656 {
657 /* Frame the HCI CMD PKT to be sent to Controller*/
658 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
659
660 /* Initialize the RSP packet everytime to 0 */
661 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
662
663 /* Total length of the packet to be sent to the Controller */
664 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
665
666 /* Send HCI Command packet to Controller */
667 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
668 if ( err != size) {
669 ALOGE("Failed to send the patch payload to the Controller!");
670 goto error;
671 }
672
673 /* Read Command Complete Event */
674 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
675 if ( err < 0) {
676 ALOGE("%s: Failed to downlaod patch segment: %d!",
677 __FUNCTION__, index);
678 goto error;
679 }
680
681 ALOGI("%s: Successfully downloaded patch segment: %d",
682 __FUNCTION__, index);
683 }
684
685 error:
686 return err;
687 }
688
rome_download_rampatch(int fd)689 static int rome_download_rampatch(int fd)
690 {
691 int c, tmp, size, index, ret = -1;
692
693 ALOGI("%s: ", __FUNCTION__);
694
695 /* Get handle to the RAMPATCH binary file */
696 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
697 file = fopen(ROME_FW_PATH, "r");
698 if (file == NULL) {
699 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
700 __FUNCTION__);
701 return -ENFILE;
702 }
703
704 /* Allocate memory for the patch headder info */
705 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
706 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
707 if (phdr_buffer == NULL) {
708 ALOGE("%s: Failed to allocate memory for patch header",
709 __FUNCTION__);
710 goto phdr_alloc_failed;
711 }
712 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
713 phdr_buffer[index] = 0x0;
714
715 /* Read 28 bytes of patch header information */
716 ALOGI("%s: Reading patch header info", __FUNCTION__);
717 index = 0;
718 do {
719 c = fgetc (file);
720 phdr_buffer[index++] = (unsigned char)c;
721 } while (index != PATCH_HDR_LEN);
722
723 /* Save the patch header info into local structure */
724 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
725 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
726
727 /* Set the patch header info onto the Controller */
728 ret = rome_edl_set_patch_request(fd);
729 if (ret < 0) {
730 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
731 goto pdata_alloc_failed;
732 }
733
734 /* Allocate memory for the patch payload */
735 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
736 size = rampatch_patch_info.patch_length;
737 pdata_buffer = (unsigned char *) malloc(size+1);
738 if (pdata_buffer == NULL) {
739 ALOGE("%s: Failed to allocate memory for patch payload",
740 __FUNCTION__);
741 goto pdata_alloc_failed;
742 }
743 for (index = 0; index < size+1; index++)
744 pdata_buffer[index] = 0x0;
745
746 /* Read the patch data from Rampatch binary image */
747 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
748 index = 0;
749 do {
750 c = fgetc (file);
751 pdata_buffer[index++] = (unsigned char)c;
752 } while (c != EOF);
753
754 /* Downloading patches in segments to controller */
755 ret = rome_edl_patch_download_request(fd);
756 if (ret < 0) {
757 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
758 goto cleanup;
759 }
760 cleanup:
761 free(pdata_buffer);
762 pdata_alloc_failed:
763 free(phdr_buffer);
764 phdr_alloc_failed:
765 fclose(file);
766 error:
767 return ret;
768 }
769
rome_attach_rampatch(int fd)770 int rome_attach_rampatch(int fd)
771 {
772 int size, err;
773 unsigned char cmd[HCI_MAX_CMD_SIZE];
774 unsigned char rsp[HCI_MAX_EVENT_SIZE];
775
776 /* Frame the HCI CMD to be sent to the Controller */
777 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
778 -1, EDL_PATCH_CMD_LEN);
779
780 /* Total length of the packet to be sent to the Controller */
781 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
782
783 /* Send HCI Command packet to Controller */
784 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
785 if ( err != size) {
786 ALOGE("Failed to attach the patch payload to the Controller!");
787 goto error;
788 }
789
790 /* Read Command Complete Event */
791 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
792 if ( err < 0) {
793 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
794 goto error;
795 }
796 error:
797 return err;
798 }
799
rome_rampatch_reset(int fd)800 int rome_rampatch_reset(int fd)
801 {
802 int size, err = 0, flags;
803 unsigned char cmd[HCI_MAX_CMD_SIZE];
804 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
805
806 /* Frame the HCI CMD to be sent to the Controller */
807 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
808 -1, EDL_PATCH_CMD_LEN);
809
810 /* Total length of the packet to be sent to the Controller */
811 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
812
813 /* Send HCI Command packet to Controller */
814 err = do_write(fd, cmd, size);
815 if (err != size) {
816 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
817 goto error;
818 }
819
820 /*
821 * Controller doesn't sends any response for the patch reset
822 * command. HOST has to wait for 100ms before proceeding.
823 */
824 nanosleep(&tm, NULL);
825
826 error:
827 return err;
828 }
829
rome_get_tlv_file(char * file_path)830 int rome_get_tlv_file(char *file_path)
831 {
832 FILE * pFile;
833 long fileSize;
834 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
835 unsigned short nvm_tag_len;
836 tlv_patch_info *ptlv_header;
837 tlv_nvm_hdr *nvm_ptr;
838 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
839 unsigned char *nvm_byte_ptr;
840
841 ALOGI("File Open (%s)", file_path);
842 pFile = fopen ( file_path , "r" );
843 if (pFile==NULL) {;
844 ALOGE("%s File Open Fail", file_path);
845 return -1;
846 }
847
848 /* Get File Size */
849 fseek (pFile , 0 , SEEK_END);
850 fileSize = ftell (pFile);
851 rewind (pFile);
852
853 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
854 if (pdata_buffer == NULL) {
855 ALOGE("Allocated Memory failed");
856 fclose (pFile);
857 return -1;
858 }
859
860 /* Copy file into allocated buffer */
861 readSize = fread (pdata_buffer,1,fileSize,pFile);
862
863 /* File Close */
864 fclose (pFile);
865
866 if (readSize != fileSize) {
867 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
868 return -1;
869 }
870
871 ptlv_header = (tlv_patch_info *) pdata_buffer;
872
873 /* To handle different event between rampatch and NVM */
874 gTlv_type = ptlv_header->tlv_type;
875 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
876
877 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
878 ALOGI("====================================================");
879 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
880 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
881 (ptlv_header->tlv_length2 << 8) |
882 (ptlv_header->tlv_length3 << 16));
883 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
884 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
885 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
886 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
887 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
888 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
889 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
890 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
891 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
892 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
893 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
894 ALOGI("====================================================");
895
896 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
897 ALOGV("====================================================");
898 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
899 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
900 (ptlv_header->tlv_length2 << 8) |
901 (ptlv_header->tlv_length3 << 16));
902
903 if(nvm_length <= 0)
904 return readSize;
905
906 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
907 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
908 {
909 ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
910 ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
911 ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
912 ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
913
914 /* Increase nvm_index to NVM data */
915 nvm_index+=sizeof(tlv_nvm_hdr);
916 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
917
918 /* Write BD Address */
919 if(nvm_ptr->tag_id == TAG_NUM_2){
920 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6);
921 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
922 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
923 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
924 }
925
926 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
927 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
928
929 ALOGV("TAG Data\t\t\t : %s", data_buf);
930
931 /* Clear buffer */
932 memset(data_buf, 0x0, PRINT_BUF_SIZE);
933
934 /* increased by tag_len */
935 nvm_index+=nvm_ptr->tag_len;
936 nvm_byte_ptr +=nvm_ptr->tag_len;
937 }
938
939 ALOGV("====================================================");
940
941 } else {
942 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
943 }
944
945 return readSize;
946 }
947
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)948 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
949 {
950 int size=0, err = -1;
951 unsigned char cmd[HCI_MAX_CMD_SIZE];
952 unsigned char rsp[HCI_MAX_EVENT_SIZE];
953
954 ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
955
956 /* Frame the HCI CMD PKT to be sent to Controller*/
957 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
958
959 /* Total length of the packet to be sent to the Controller */
960 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
961
962 /* Initialize the RSP packet everytime to 0 */
963 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
964
965 /* Send HCI Command packet to Controller */
966 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
967 if ( err != size) {
968 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
969 return err;
970 }
971
972 if(wait_cc_evt) {
973 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
974 if ( err < 0) {
975 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
976 return err;
977 }
978 }
979
980 ALOGV("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
981 return err;
982 }
983
rome_tlv_dnld_req(int fd,int tlv_size)984 int rome_tlv_dnld_req(int fd, int tlv_size)
985 {
986 int total_segment, remain_size, i, err = -1;
987 unsigned char wait_cc_evt = TRUE;
988
989 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
990 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
991 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
992
993 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
994 __FUNCTION__,tlv_size, total_segment, remain_size);
995
996 if (gTlv_type == TLV_TYPE_PATCH) {
997 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
998 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
999 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
1000 */
1001 switch(gTlv_dwndCfg)
1002 {
1003 case ROME_SKIP_EVT_NONE:
1004 wait_vsc_evt = TRUE;
1005 wait_cc_evt = TRUE;
1006 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
1007 break;
1008 case ROME_SKIP_EVT_VSE_CC:
1009 wait_vsc_evt = FALSE;
1010 wait_cc_evt = FALSE;
1011 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
1012 break;
1013 /* Not handled for now */
1014 case ROME_SKIP_EVT_VSE:
1015 case ROME_SKIP_EVT_CC:
1016 default:
1017 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
1018 break;
1019 }
1020 } else {
1021 wait_vsc_evt = TRUE;
1022 wait_cc_evt = TRUE;
1023 }
1024
1025 for(i=0;i<total_segment ;i++){
1026 if ((i+1) == total_segment) {
1027 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1028 /* If the Rome version is from 1.1 to 3.1
1029 * 1. No CCE for the last command segment but all other segment
1030 * 2. All the command segments get VSE including the last one
1031 */
1032 wait_cc_evt = !remain_size ? FALSE: TRUE;
1033 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1034 /* If the Rome version is 3.2
1035 * 1. None of the command segments receive CCE
1036 * 2. No command segments receive VSE except the last one
1037 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1038 * same as Rome 2.1, 2.2, 3.0
1039 */
1040 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1041 wait_cc_evt = !remain_size ? FALSE: TRUE;
1042 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1043 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1044 }
1045 }
1046 }
1047
1048 patch_dnld_pending = TRUE;
1049 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1050 goto error;
1051 patch_dnld_pending = FALSE;
1052 }
1053
1054 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1055 /* If the Rome version is from 1.1 to 3.1
1056 * 1. No CCE for the last command segment but all other segment
1057 * 2. All the command segments get VSE including the last one
1058 */
1059 wait_cc_evt = remain_size ? FALSE: TRUE;
1060 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1061 /* If the Rome version is 3.2
1062 * 1. None of the command segments receive CCE
1063 * 2. No command segments receive VSE except the last one
1064 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1065 * same as Rome 2.1, 2.2, 3.0
1066 */
1067 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1068 wait_cc_evt = remain_size ? FALSE: TRUE;
1069 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1070 wait_vsc_evt = remain_size ? TRUE: FALSE;
1071 }
1072 }
1073
1074 patch_dnld_pending = TRUE;
1075 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1076 patch_dnld_pending = FALSE;
1077 error:
1078 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1079 return err;
1080 }
1081
rome_download_tlv_file(int fd)1082 int rome_download_tlv_file(int fd)
1083 {
1084 int tlv_size, err = -1;
1085 char nvm_file_path_bid[32] = { 0,};
1086
1087 memcpy(nvm_file_path_bid, nvm_file_path, strlen(nvm_file_path) - 2);
1088
1089 /* Rampatch TLV file Downloading */
1090 pdata_buffer = NULL;
1091 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1092 goto error;
1093
1094 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1095 goto error;
1096
1097 if (pdata_buffer != NULL){
1098 free (pdata_buffer);
1099 pdata_buffer = NULL;
1100 }
1101 if (get_boardid_req(fd) < 0) {
1102 ALOGE("%s: failed to get board id(0x%x)", __FUNCTION__, err);
1103 goto default_download;
1104 }
1105
1106 strlcat(nvm_file_path_bid, board_id, sizeof(nvm_file_path_bid));
1107
1108 if((tlv_size = rome_get_tlv_file(nvm_file_path_bid)) < 0) {
1109 ALOGI("%s: %s: file doesn't exist, falling back to default file", __FUNCTION__, nvm_file_path_bid);
1110 default_download:
1111 /* NVM TLV file Downloading */
1112 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0)
1113 goto error;
1114 }
1115
1116 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1117 goto error;
1118
1119 error:
1120 if (pdata_buffer != NULL)
1121 free (pdata_buffer);
1122
1123 return err;
1124 }
1125
rome_1_0_nvm_tag_dnld(int fd)1126 int rome_1_0_nvm_tag_dnld(int fd)
1127 {
1128 int i, size, err = 0;
1129 unsigned char cmd[HCI_MAX_CMD_SIZE];
1130 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1131
1132 #if (NVM_VERSION >= ROME_1_0_100019)
1133 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1134 {
1135 /* Tag 2 */ /* BD Address */
1136 { /* Packet Type */HCI_COMMAND_PKT,
1137 /* Opcode */ 0x0b,0xfc,
1138 /* Total Len */ 9,
1139 /* NVM CMD */ NVM_ACCESS_SET,
1140 /* Tag Num */ 2,
1141 /* Tag Len */ 6,
1142 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1143 },
1144 /* Tag 6 */ /* Bluetooth Support Features */
1145 { /* Packet Type */HCI_COMMAND_PKT,
1146 /* Opcode */ 0x0b,0xfc,
1147 /* Total Len */ 11,
1148 /* NVM CMD */ NVM_ACCESS_SET,
1149 /* Tag Num */ 6,
1150 /* Tag Len */ 8,
1151 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1152 },
1153 /* Tag 17 */ /* HCI Transport Layer Setting */
1154 { /* Packet Type */HCI_COMMAND_PKT,
1155 /* Opcode */ 0x0b,0xfc,
1156 /* Total Len */ 11,
1157 /* NVM CMD */ NVM_ACCESS_SET,
1158 /* Tag Num */ 17,
1159 /* Tag Len */ 8,
1160 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1161 },
1162 /* Tag 35 */
1163 { /* Packet Type */HCI_COMMAND_PKT,
1164 /* Opcode */ 0x0b,0xfc,
1165 /* Total Len */ 58,
1166 /* NVM CMD */ NVM_ACCESS_SET,
1167 /* Tag Num */ 35,
1168 /* Tag Len */ 55,
1169 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1170 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1171 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1172 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1173 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1174 0x1B, 0x14, 0x01, 0x04, 0x48
1175 },
1176 /* Tag 36 */
1177 { /* Packet Type */HCI_COMMAND_PKT,
1178 /* Opcode */ 0x0b,0xfc,
1179 /* Total Len */ 15,
1180 /* NVM CMD */ NVM_ACCESS_SET,
1181 /* Tag Num */ 36,
1182 /* Tag Len */ 12,
1183 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1184 },
1185 /* Tag 39 */
1186 { /* Packet Type */HCI_COMMAND_PKT,
1187 /* Opcode */ 0x0b,0xfc,
1188 /* Total Len */ 7,
1189 /* NVM CMD */ NVM_ACCESS_SET,
1190 /* Tag Num */ 39,
1191 /* Tag Len */ 4,
1192 /* Tag Value */ 0x12,0x00,0x00,0x00
1193 },
1194 /* Tag 41 */
1195 { /* Packet Type */HCI_COMMAND_PKT,
1196 /* Opcode */ 0x0b,0xfc,
1197 /* Total Len */ 91,
1198 /* NVM CMD */ NVM_ACCESS_SET,
1199 /* Tag Num */ 41,
1200 /* Tag Len */ 88,
1201 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1202 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1203 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1204 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1205 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1206 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1207 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1208 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1209 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1210 },
1211 /* Tag 42 */
1212 { /* Packet Type */HCI_COMMAND_PKT,
1213 /* Opcode */ 0x0b,0xfc,
1214 /* Total Len */ 63,
1215 /* NVM CMD */ NVM_ACCESS_SET,
1216 /* Tag Num */ 42,
1217 /* Tag Len */ 60,
1218 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1219 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1220 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1221 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1222 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1223 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1224 },
1225 /* Tag 84 */
1226 { /* Packet Type */HCI_COMMAND_PKT,
1227 /* Opcode */ 0x0b,0xfc,
1228 /* Total Len */ 153,
1229 /* NVM CMD */ NVM_ACCESS_SET,
1230 /* Tag Num */ 84,
1231 /* Tag Len */ 150,
1232 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1233 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1234 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1235 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1236 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1237 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1238 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1239 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1240 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1241 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1242 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1243 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1244 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1245 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1246 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1247 },
1248 /* Tag 85 */
1249 { /* Packet Type */HCI_COMMAND_PKT,
1250 /* Opcode */ 0x0b,0xfc,
1251 /* Total Len */ 119,
1252 /* NVM CMD */ NVM_ACCESS_SET,
1253 /* Tag Num */ 85,
1254 /* Tag Len */ 116,
1255 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1256 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1257 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1258 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1259 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1260 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1261 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1262 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1263 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1264 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1265 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1266 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1267 },
1268 {TAG_END}
1269 };
1270 #elif (NVM_VERSION == ROME_1_0_6002)
1271 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1272 {
1273 /* Tag 2 */
1274 { /* Packet Type */HCI_COMMAND_PKT,
1275 /* Opcode */ 0x0b,0xfc,
1276 /* Total Len */ 9,
1277 /* NVM CMD */ NVM_ACCESS_SET,
1278 /* Tag Num */ 2,
1279 /* Tag Len */ 6,
1280 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1281 },
1282 /* Tag 6 */
1283 { /* Packet Type */HCI_COMMAND_PKT,
1284 /* Opcode */ 0x0b,0xfc,
1285 /* Total Len */ 11,
1286 /* NVM CMD */ NVM_ACCESS_SET,
1287 /* Tag Num */ 6,
1288 /* Tag Len */ 8,
1289 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1290 },
1291 /* Tag 17 */
1292 { /* Packet Type */HCI_COMMAND_PKT,
1293 /* Opcode */ 0x0b,0xfc,
1294 /* Total Len */ 11,
1295 /* NVM CMD */ NVM_ACCESS_SET,
1296 /* Tag Num */ 17,
1297 /* Tag Len */ 8,
1298 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1299 },
1300 /* Tag 36 */
1301 { /* Packet Type */HCI_COMMAND_PKT,
1302 /* Opcode */ 0x0b,0xfc,
1303 /* Total Len */ 15,
1304 /* NVM CMD */ NVM_ACCESS_SET,
1305 /* Tag Num */ 36,
1306 /* Tag Len */ 12,
1307 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1308 },
1309
1310 /* Tag 39 */
1311 { /* Packet Type */HCI_COMMAND_PKT,
1312 /* Opcode */ 0x0b,0xfc,
1313 /* Total Len */ 7,
1314 /* NVM CMD */ NVM_ACCESS_SET,
1315 /* Tag Num */ 39,
1316 /* Tag Len */ 4,
1317 /* Tag Value */ 0x12,0x00,0x00,0x00
1318 },
1319
1320 /* Tag 41 */
1321 { /* Packet Type */HCI_COMMAND_PKT,
1322 /* Opcode */ 0x0b,0xfc,
1323 /* Total Len */ 199,
1324 /* NVM CMD */ NVM_ACCESS_SET,
1325 /* Tag Num */ 41,
1326 /* Tag Len */ 196,
1327 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1328 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1329 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1330 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1331 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1332 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1333 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1334 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1335 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1336 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1337 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1338 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1339 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1340 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1341 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1342 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1343 0x0B,0x01,0x03,0x00
1344 },
1345
1346 /* Tag 44 */
1347 { /* Packet Type */HCI_COMMAND_PKT,
1348 /* Opcode */ 0x0b,0xfc,
1349 /* Total Len */ 44,
1350 /* NVM CMD */ NVM_ACCESS_SET,
1351 /* Tag Num */ 44,
1352 /* Tag Len */ 41,
1353 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1354 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1355 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1356 0x00,0x14,0x01,0x02,0x03
1357 },
1358 {TAG_END}
1359 };
1360 #endif
1361
1362 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1363
1364 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1365 {
1366 /* Write BD Address */
1367 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1368 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6);
1369 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1370 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1371 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1372 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1373 }
1374 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1375 /* Send HCI Command packet to Controller */
1376 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1377 if ( err != size) {
1378 ALOGE("Failed to attach the patch payload to the Controller!");
1379 goto error;
1380 }
1381
1382 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1383 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1384 if ( err < 0) {
1385 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1386 goto error;
1387 }
1388 }
1389
1390 error:
1391 return err;
1392 }
1393
1394
1395
rome_patch_ver_req(int fd)1396 int rome_patch_ver_req(int fd)
1397 {
1398 int size, err = 0;
1399 unsigned char cmd[HCI_MAX_CMD_SIZE];
1400 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1401
1402 /* Frame the HCI CMD to be sent to the Controller */
1403 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1404 -1, EDL_PATCH_CMD_LEN);
1405
1406 /* Total length of the packet to be sent to the Controller */
1407 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1408
1409 /* Send HCI Command packet to Controller */
1410 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1411 if ( err != size) {
1412 ALOGE("Failed to attach the patch payload to the Controller!");
1413 goto error;
1414 }
1415
1416 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1417 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1418 if ( err < 0) {
1419 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1420 goto error;
1421 }
1422 error:
1423 return err;
1424
1425 }
1426
rome_get_build_info_req(int fd)1427 int rome_get_build_info_req(int fd)
1428 {
1429 int size, err = 0;
1430 unsigned char cmd[HCI_MAX_CMD_SIZE];
1431 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1432
1433 /* Frame the HCI CMD to be sent to the Controller */
1434 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1435 -1, EDL_PATCH_CMD_LEN);
1436
1437 /* Total length of the packet to be sent to the Controller */
1438 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1439
1440 /* Send HCI Command packet to Controller */
1441 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1442 if ( err != size) {
1443 ALOGE("Failed to send get build info cmd to the SoC!");
1444 goto error;
1445 }
1446
1447 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1448 if ( err < 0) {
1449 ALOGE("%s: Failed to get build info", __FUNCTION__);
1450 goto error;
1451 }
1452 error:
1453 return err;
1454
1455 }
1456
1457
rome_set_baudrate_req(int fd)1458 int rome_set_baudrate_req(int fd)
1459 {
1460 int size, err = 0;
1461 unsigned char cmd[HCI_MAX_CMD_SIZE];
1462 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1463 hci_command_hdr *cmd_hdr;
1464 int flags;
1465
1466 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1467
1468 cmd_hdr = (void *) (cmd + 1);
1469 cmd[0] = HCI_COMMAND_PKT;
1470 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1471 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1472 cmd[4] = BAUDRATE_3000000;
1473
1474 /* Total length of the packet to be sent to the Controller */
1475 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1476 tcflush(fd,TCIOFLUSH);
1477 /* Flow off during baudrate change */
1478 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1479 {
1480 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1481 goto error;
1482 }
1483
1484 /* Send the HCI command packet to UART for transmission */
1485 err = do_write(fd, cmd, size);
1486 if (err != size) {
1487 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1488 goto error;
1489 }
1490
1491 /* Change Local UART baudrate to high speed UART */
1492 userial_vendor_set_baud(USERIAL_BAUD_3M);
1493
1494 /* Flow on after changing local uart baudrate */
1495 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1496 {
1497 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1498 return err;
1499 }
1500
1501 /* Check for response from the Controller */
1502 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1503 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1504 goto error;
1505 }
1506
1507 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1508
1509 /* Wait for command complete event */
1510 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1511 if ( err < 0) {
1512 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1513 goto error;
1514 }
1515
1516 error:
1517 return err;
1518
1519 }
1520
1521
rome_hci_reset_req(int fd)1522 int rome_hci_reset_req(int fd)
1523 {
1524 int size, err = 0;
1525 unsigned char cmd[HCI_MAX_CMD_SIZE];
1526 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1527 hci_command_hdr *cmd_hdr;
1528 int flags;
1529
1530 ALOGI("%s: HCI RESET ", __FUNCTION__);
1531
1532 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1533
1534 cmd_hdr = (void *) (cmd + 1);
1535 cmd[0] = HCI_COMMAND_PKT;
1536 cmd_hdr->opcode = HCI_RESET;
1537 cmd_hdr->plen = 0;
1538
1539 /* Total length of the packet to be sent to the Controller */
1540 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1541
1542 /* Flow off during baudrate change */
1543 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1544 {
1545 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1546 goto error;
1547 }
1548
1549 /* Send the HCI command packet to UART for transmission */
1550 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1551 err = do_write(fd, cmd, size);
1552 if (err != size) {
1553 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1554 goto error;
1555 }
1556
1557 /* Change Local UART baudrate to high speed UART */
1558 userial_vendor_set_baud(USERIAL_BAUD_3M);
1559
1560 /* Flow on after changing local uart baudrate */
1561 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1562 {
1563 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1564 return err;
1565 }
1566
1567 /* Wait for command complete event */
1568 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1569 if ( err < 0) {
1570 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1571 goto error;
1572 }
1573
1574 error:
1575 return err;
1576
1577 }
1578
1579
rome_hci_reset(int fd)1580 int rome_hci_reset(int fd)
1581 {
1582 int size, err = 0;
1583 unsigned char cmd[HCI_MAX_CMD_SIZE];
1584 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1585 hci_command_hdr *cmd_hdr;
1586 int flags;
1587
1588 ALOGI("%s: HCI RESET ", __FUNCTION__);
1589
1590 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1591
1592 cmd_hdr = (void *) (cmd + 1);
1593 cmd[0] = HCI_COMMAND_PKT;
1594 cmd_hdr->opcode = HCI_RESET;
1595 cmd_hdr->plen = 0;
1596
1597 /* Total length of the packet to be sent to the Controller */
1598 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1599 err = do_write(fd, cmd, size);
1600 if (err != size) {
1601 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1602 err = -1;
1603 goto error;
1604 }
1605
1606 /* Wait for command complete event */
1607 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1608 if ( err < 0) {
1609 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1610 goto error;
1611 }
1612
1613 error:
1614 return err;
1615
1616 }
1617
rome_wipower_current_charging_status_req(int fd)1618 int rome_wipower_current_charging_status_req(int fd)
1619 {
1620 int size, err = 0;
1621 unsigned char cmd[HCI_MAX_CMD_SIZE];
1622 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1623 hci_command_hdr *cmd_hdr;
1624 int flags;
1625
1626 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1627
1628 cmd_hdr = (void *) (cmd + 1);
1629 cmd[0] = HCI_COMMAND_PKT;
1630 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1631 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1632 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1633
1634 /* Total length of the packet to be sent to the Controller */
1635 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1636
1637 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1638 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1639
1640 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1641 if ( err != size) {
1642 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1643 goto error;
1644 }
1645
1646 /* Check for response from the Controller */
1647 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1648 err = -ETIMEDOUT;
1649 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1650 goto error;
1651 }
1652
1653 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1654 if (rsp[4] >= NON_WIPOWER_MODE) {
1655 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1656 if (err < 0) {
1657 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1658 goto error;
1659 }
1660 }
1661
1662 error:
1663 return err;
1664 }
1665
get_boardid_req(int fd)1666 int get_boardid_req(int fd)
1667 {
1668 int size, err = 0;
1669 unsigned char cmd[HCI_MAX_CMD_SIZE];
1670 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1671 bool cmd_supported = TRUE;
1672
1673 /* Frame the HCI CMD to be sent to the Controller */
1674 frame_hci_cmd_pkt(cmd, EDL_GET_BOARD_ID, 0,
1675 -1, EDL_PATCH_CMD_LEN);
1676 /* Total length of the packet to be sent to the Controller */
1677 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1678
1679 ALOGI("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__);
1680 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1681 if ( err != size) {
1682 ALOGE("Failed to send EDL_GET_BOARD_ID command!");
1683 cmd_supported = FALSE;
1684 }
1685
1686 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1687 if (err < 0) {
1688 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1689 goto error;
1690 }
1691 error:
1692 return (cmd_supported == TRUE? err: -1);
1693 }
1694
1695
addon_feature_req(int fd)1696 int addon_feature_req(int fd)
1697 {
1698 int size, err = 0;
1699 unsigned char cmd[HCI_MAX_CMD_SIZE];
1700 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1701 hci_command_hdr *cmd_hdr;
1702 int flags;
1703
1704 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1705
1706 cmd_hdr = (void *) (cmd + 1);
1707 cmd[0] = HCI_COMMAND_PKT;
1708 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1709 cmd_hdr->plen = 0x00;
1710
1711 /* Total length of the packet to be sent to the Controller */
1712 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1713
1714 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1715 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1716 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1717 if ( err != size) {
1718 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1719 goto error;
1720 }
1721
1722 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1723 if (err < 0) {
1724 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1725 goto error;
1726 }
1727 error:
1728 return err;
1729 }
1730
1731
check_embedded_mode(int fd)1732 int check_embedded_mode(int fd) {
1733 int err = 0;
1734
1735 wipower_flag = 0;
1736 /* Get current wipower charging status */
1737 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1738 {
1739 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1740 }
1741 usleep(500);
1742
1743 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1744
1745 return wipower_flag;
1746 }
1747
rome_get_addon_feature_list(int fd)1748 int rome_get_addon_feature_list(int fd) {
1749 int err = 0;
1750
1751 /* Get addon features that are supported by FW */
1752 if ((err = addon_feature_req(fd)) < 0)
1753 {
1754 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1755 }
1756 return err;
1757 }
1758
rome_wipower_forward_handoff_req(int fd)1759 int rome_wipower_forward_handoff_req(int fd)
1760 {
1761 int size, err = 0;
1762 unsigned char cmd[HCI_MAX_CMD_SIZE];
1763 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1764 hci_command_hdr *cmd_hdr;
1765 int flags;
1766
1767 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1768
1769 cmd_hdr = (void *) (cmd + 1);
1770 cmd[0] = HCI_COMMAND_PKT;
1771 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1772 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1773 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1774
1775 /* Total length of the packet to be sent to the Controller */
1776 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1777
1778 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1779 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1780 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1781 if ( err != size) {
1782 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1783 goto error;
1784 }
1785
1786 /* Check for response from the Controller */
1787 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1788 err = -ETIMEDOUT;
1789 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1790 goto error;
1791 }
1792
1793 error:
1794 return err;
1795 }
1796
1797
enable_controller_log(int fd,unsigned char wait_for_evt)1798 void enable_controller_log (int fd, unsigned char wait_for_evt)
1799 {
1800 int ret = 0;
1801 /* VS command to enable controller logging to the HOST. By default it is disabled */
1802 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1803 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1804 char value[PROPERTY_VALUE_MAX] = {'\0'};
1805
1806 property_get("persist.service.bdroid.soclog", value, "false");
1807
1808 // value at cmd[5]: 1 - to enable, 0 - to disable
1809 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1810 ALOGI("%s: %d", __func__, ret);
1811 /* Ignore vsc evt if wait_for_evt is true */
1812 if (wait_for_evt) wait_vsc_evt = FALSE;
1813
1814 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1815 if (ret != 6) {
1816 ALOGE("%s: command failed", __func__);
1817 }
1818 /*Ignore hci_event if wait_for_evt is true*/
1819 if (wait_for_evt)
1820 goto end;
1821 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1822 if (ret < 0) {
1823 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1824 }
1825 end:
1826 wait_vsc_evt = TRUE;
1827 return;
1828 }
1829
1830
disable_internal_ldo(int fd)1831 static int disable_internal_ldo(int fd)
1832 {
1833 int ret = 0;
1834 if (enable_extldo) {
1835 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1836 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1837
1838 ALOGI(" %s ", __FUNCTION__);
1839 ret = do_write(fd, cmd, 5);
1840 if (ret != 5) {
1841 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1842 ret = -1;
1843 } else {
1844 /* Wait for command complete event */
1845 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1846 if ( ret < 0) {
1847 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1848 }
1849 }
1850 }
1851 return ret;
1852 }
1853
rome_soc_init(int fd,char * bdaddr)1854 int rome_soc_init(int fd, char *bdaddr)
1855 {
1856 int err = -1, size = 0;
1857 dnld_fd = fd;
1858 ALOGI(" %s ", __FUNCTION__);
1859 RESERVED(bdaddr);
1860
1861 /* If wipower charging is going on in embedded mode then start hand off req */
1862 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1863 {
1864 wipower_flag = 0;
1865 wipower_handoff_ready = 0;
1866 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1867 {
1868 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1869 }
1870 }
1871
1872 /* Get Rome version information */
1873 if((err = rome_patch_ver_req(fd)) <0){
1874 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1875 goto error;
1876 }
1877
1878 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver);
1879
1880 switch (rome_ver){
1881 case ROME_VER_1_0:
1882 {
1883 /* Set and Download the RAMPATCH */
1884 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1885 err = rome_download_rampatch(fd);
1886 if (err < 0) {
1887 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1888 goto error;
1889 }
1890 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1891
1892 /* Attach the RAMPATCH */
1893 ALOGI("%s: Attaching the patches", __FUNCTION__);
1894 err = rome_attach_rampatch(fd);
1895 if (err < 0) {
1896 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1897 goto error;
1898 }
1899 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1900
1901 /* Send Reset */
1902 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1903 err = rome_rampatch_reset(fd);
1904 if ( err < 0 ) {
1905 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1906 goto error;
1907 }
1908
1909 /* NVM download */
1910 ALOGI("%s: Downloading NVM", __FUNCTION__);
1911 err = rome_1_0_nvm_tag_dnld(fd);
1912 if ( err <0 ) {
1913 ALOGE("Downloading NVM Failed !!");
1914 goto error;
1915 }
1916
1917 /* Change baud rate 115.2 kbps to 3Mbps*/
1918 err = rome_hci_reset_req(fd);
1919 if (err < 0) {
1920 ALOGE("HCI Reset Failed !!");
1921 goto error;
1922 }
1923
1924 ALOGI("HCI Reset is done\n");
1925 }
1926 break;
1927 case ROME_VER_1_1:
1928 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1929 nvm_file_path = ROME_NVM_TLV_PATH;
1930 goto download;
1931 case ROME_VER_1_3:
1932 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1933 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1934 goto download;
1935 case ROME_VER_2_1:
1936 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1937 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1938 goto download;
1939 case ROME_VER_3_0:
1940 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1941 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1942 fw_su_info = ROME_3_1_FW_SU;
1943 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1944 goto download;
1945 case ROME_VER_3_2:
1946 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1947 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1948 fw_su_info = ROME_3_2_FW_SU;
1949 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1950
1951 download:
1952 /* Change baud rate 115.2 kbps to 3Mbps*/
1953 err = rome_set_baudrate_req(fd);
1954 if (err < 0) {
1955 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1956 goto error;
1957 }
1958 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1959 /* Donwload TLV files (rampatch, NVM) */
1960 err = rome_download_tlv_file(fd);
1961 if (err < 0) {
1962 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1963 goto error;
1964 }
1965 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1966
1967 /* Get SU FM label information */
1968 if((err = rome_get_build_info_req(fd)) <0){
1969 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1970 //Ignore the failure of ROME FW SU label information
1971 err = 0;
1972 }
1973
1974 /* Disable internal LDO to use external LDO instead*/
1975 err = disable_internal_ldo(fd);
1976
1977 /* Send HCI Reset */
1978 err = rome_hci_reset(fd);
1979 if ( err <0 ) {
1980 ALOGE("HCI Reset Failed !!");
1981 goto error;
1982 }
1983
1984 ALOGI("HCI Reset is done\n");
1985
1986 break;
1987 case ROME_VER_UNKNOWN:
1988 default:
1989 ALOGI("%s: Detected unknown ROME version", __FUNCTION__);
1990 err = -1;
1991 break;
1992 }
1993
1994 error:
1995 dnld_fd = -1;
1996 return err;
1997 }
1998
convert2ascii(unsigned char temp)1999 unsigned char convert2ascii(unsigned char temp)
2000 {
2001 unsigned char n = temp;
2002 if ( n >= 0 && n <= 9)
2003 n = n + 0x30;
2004 else
2005 n = n + 0x57;
2006 return n;
2007 }
2008