1 /* 2 * 3 * BlueZ - Bluetooth protocol stack for Linux 4 * 5 * Copyright (C) 2005-2010 Marcel Holtmann <marcel (at) holtmann.org> 6 * Copyright (c) 2010, Code Aurora Forum. All rights reserved. 7 * 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 22 * 23 */ 24 25 #ifdef HAVE_CONFIG_H 26 #include <config.h> 27 #endif 28 29 #include <stdio.h> 30 #include <errno.h> 31 #include <fcntl.h> 32 #include <unistd.h> 33 #include <stdlib.h> 34 #include <string.h> 35 #include <signal.h> 36 #include <syslog.h> 37 #include <termios.h> 38 #include <time.h> 39 #include <sys/time.h> 40 #include <sys/poll.h> 41 #include <sys/param.h> 42 #include <sys/ioctl.h> 43 #include <sys/socket.h> 44 #include <sys/uio.h> 45 46 #include <bluetooth/bluetooth.h> 47 #include <bluetooth/hci.h> 48 #include <bluetooth/hci_lib.h> 49 50 #include "hciattach.h" 51 52 #define FAILIF(x, args...) do { \ 53 if (x) { \ 54 fprintf(stderr, ##args); \ 55 return -1; \ 56 } \ 57 } while (0) 58 59 typedef struct { 60 uint8_t uart_prefix; 61 hci_event_hdr hci_hdr; 62 evt_cmd_complete cmd_complete; 63 uint8_t status; 64 uint8_t data[16]; 65 } __attribute__((packed)) command_complete_t; 66 67 static int read_command_complete(int fd, 68 unsigned short opcode, 69 unsigned char len) 70 { 71 command_complete_t resp; 72 unsigned char vsevent[512]; 73 int n; 74 75 /* Read reply. */ 76 n = read_hci_event(fd, vsevent, sizeof(vsevent)); 77 FAILIF(n < 0, "Failed to read response"); 78 79 FAILIF(vsevent[1] != 0xFF, "Failed to read response"); 80 81 n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp)); 82 FAILIF(n < 0, "Failed to read response"); 83 84 /* event must be event-complete */ 85 FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE, 86 "Error in response: not a cmd-complete event, " 87 "but 0x%02x!\n", resp.hci_hdr.evt); 88 89 FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */ 90 "Error in response: plen is not >= 4, but 0x%02x!\n", 91 resp.hci_hdr.plen); 92 93 /* cmd-complete event: opcode */ 94 FAILIF(resp.cmd_complete.opcode != 0, 95 "Error in response: opcode is 0x%04x, not 0!", 96 resp.cmd_complete.opcode); 97 98 return resp.status == 0 ? 0 : -1; 99 } 100 101 static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s) 102 { 103 104 int fw = open(firmware, O_RDONLY); 105 106 fprintf(stdout, "Opening firmware file: %s\n", firmware); 107 108 FAILIF(fw < 0, 109 "Could not open firmware file %s: %s (%d).\n", 110 firmware, strerror(errno), errno); 111 112 fprintf(stdout, "Uploading firmware...\n"); 113 do { 114 /* Read each command and wait for a response. */ 115 unsigned char data[1024]; 116 unsigned char cmdp[1 + sizeof(hci_command_hdr)]; 117 hci_command_hdr *cmd = (hci_command_hdr *) (cmdp + 1); 118 int nr; 119 120 nr = read(fw, cmdp, sizeof(cmdp)); 121 if (!nr) 122 break; 123 124 FAILIF(nr != sizeof(cmdp), 125 "Could not read H4 + HCI header!\n"); 126 FAILIF(*cmdp != HCI_COMMAND_PKT, 127 "Command is not an H4 command packet!\n"); 128 129 FAILIF(read(fw, data, cmd->plen) != cmd->plen, 130 "Could not read %d bytes of data \ 131 for command with opcode %04x!\n", 132 cmd->plen, cmd->opcode); 133 134 if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) { 135 bdaddr_t bdaddr; 136 if (bdaddr_s != NULL) { 137 str2ba(bdaddr_s, &bdaddr); 138 memcpy(&data[3], &bdaddr, sizeof(bdaddr_t)); 139 } 140 } 141 142 { 143 int nw; 144 struct iovec iov_cmd[2]; 145 iov_cmd[0].iov_base = cmdp; 146 iov_cmd[0].iov_len = sizeof(cmdp); 147 iov_cmd[1].iov_base = data; 148 iov_cmd[1].iov_len = cmd->plen; 149 nw = writev(fd, iov_cmd, 2); 150 FAILIF(nw != (int) sizeof(cmdp) + cmd->plen, 151 "Could not send entire command \ 152 (sent only %d bytes)!\n", 153 nw); 154 } 155 156 /* Wait for response */ 157 if (read_command_complete(fd, cmd->opcode, cmd->plen) < 0) 158 return -1; 159 } while (1); 160 fprintf(stdout, "Firmware upload successful.\n"); 161 162 close(fw); 163 164 return 0; 165 } 166 167 int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr) 168 { 169 struct timespec tm = {0, 50000}; 170 char cmd[5]; 171 unsigned char resp[100]; /* Response */ 172 char fw[100]; 173 int n; 174 175 memset(resp, 0, 100); 176 177 /* Get Manufacturer and LMP version */ 178 cmd[0] = HCI_COMMAND_PKT; 179 cmd[1] = 0x01; 180 cmd[2] = 0x10; 181 cmd[3] = 0x00; 182 183 do { 184 n = write(fd, cmd, 4); 185 if (n < 4) { 186 perror("Failed to write init command"); 187 return -1; 188 } 189 190 /* Read reply. */ 191 if (read_hci_event(fd, resp, 100) < 0) { 192 perror("Failed to read init response"); 193 return -1; 194 } 195 196 /* Wait for command complete event for our Opcode */ 197 } while (resp[4] != cmd[1] && resp[5] != cmd[2]); 198 199 /* Verify manufacturer */ 200 if ((resp[11] & 0xFF) != 0x1d) 201 fprintf(stderr, 202 "WARNING : module's manufacturer is not Qualcomm\n"); 203 204 /* Print LMP version */ 205 fprintf(stderr, 206 "Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF); 207 208 /* Print LMP subversion */ 209 { 210 unsigned short lmp_subv = resp[13] | (resp[14] << 8); 211 212 fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n", 213 lmp_subv); 214 } 215 216 /* Get SoC type */ 217 cmd[0] = HCI_COMMAND_PKT; 218 cmd[1] = 0x00; 219 cmd[2] = 0xFC; 220 cmd[3] = 0x01; 221 cmd[4] = 0x06; 222 223 do { 224 n = write(fd, cmd, 5); 225 if (n < 5) { 226 perror("Failed to write vendor init command"); 227 return -1; 228 } 229 230 /* Read reply. */ 231 if ((n = read_hci_event(fd, resp, 100)) < 0) { 232 perror("Failed to read vendor init response"); 233 return -1; 234 } 235 236 } while (resp[3] != 0 && resp[4] != 2); 237 238 snprintf(fw, sizeof(fw), "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin", 239 resp[18], resp[19], resp[20], resp[21], 240 resp[22], resp[23], 241 resp[32], resp[33], resp[34], resp[35]); 242 243 /* Wait for command complete event for our Opcode */ 244 if (read_hci_event(fd, resp, 100) < 0) { 245 perror("Failed to read init response"); 246 return -1; 247 } 248 249 qualcomm_load_firmware(fd, fw, bdaddr); 250 251 /* Reset */ 252 cmd[0] = HCI_COMMAND_PKT; 253 cmd[1] = 0x03; 254 cmd[2] = 0x0C; 255 cmd[3] = 0x00; 256 257 do { 258 n = write(fd, cmd, 4); 259 if (n < 4) { 260 perror("Failed to write reset command"); 261 return -1; 262 } 263 264 /* Read reply. */ 265 if ((n = read_hci_event(fd, resp, 100)) < 0) { 266 perror("Failed to read reset response"); 267 return -1; 268 } 269 270 } while (resp[4] != cmd[1] && resp[5] != cmd[2]); 271 272 nanosleep(&tm, NULL); 273 274 return 0; 275 } 276
