1 /* 2 * 3 * Copyright (c) 2013, The Linux Foundation. All rights reserved. 4 * Not a Contribution. 5 * 6 * Copyright 2012 The Android Open Source Project 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you 9 * may not use this file except in compliance with the License. You may 10 * obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * permissions and limitations under the License. 19 * 20 */ 21 22 /****************************************************************************** 23 * 24 * Filename: hw_rome.c 25 * 26 * Description: Contains controller-specific functions, like 27 * firmware patch download 28 * low power mode operations 29 * 30 ******************************************************************************/ 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #define LOG_TAG "bt_vendor" 36 37 #include <sys/socket.h> 38 #include <utils/Log.h> 39 #include <sys/types.h> 40 #include <sys/stat.h> 41 #include <signal.h> 42 #include <time.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <dirent.h> 46 #include <ctype.h> 47 #include <cutils/properties.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <termios.h> 51 52 #include "bt_hci_bdroid.h" 53 #include "bt_vendor_qcom.h" 54 #include "hci_uart.h" 55 #include "hw_rome.h" 56 57 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt" 58 59 #ifdef __cplusplus 60 } 61 #endif 62 63 /****************************************************************************** 64 ** Variables 65 ******************************************************************************/ 66 FILE *file; 67 unsigned char *phdr_buffer; 68 unsigned char *pdata_buffer = NULL; 69 patch_info rampatch_patch_info; 70 int rome_ver = ROME_VER_UNKNOWN; 71 unsigned char gTlv_type; 72 unsigned char gTlv_dwndCfg; 73 static unsigned int wipower_flag = 0; 74 static unsigned int wipower_handoff_ready = 0; 75 char *rampatch_file_path; 76 char *nvm_file_path; 77 char *fw_su_info = NULL; 78 unsigned short fw_su_offset =0; 79 extern char enable_extldo; 80 unsigned char wait_vsc_evt = TRUE; 81 82 /****************************************************************************** 83 ** Extern variables 84 ******************************************************************************/ 85 extern uint8_t vnd_local_bd_addr[6]; 86 87 /***************************************************************************** 88 ** Functions 89 *****************************************************************************/ 90 91 int get_vs_hci_event(unsigned char *rsp) 92 { 93 int err = 0; 94 unsigned char paramlen = 0; 95 unsigned char EMBEDDED_MODE_CHECK = 0x02; 96 FILE *btversionfile = 0; 97 unsigned int soc_id = 0; 98 unsigned int productid = 0; 99 unsigned short patchversion = 0; 100 101 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE)) 102 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__); 103 else { 104 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__); 105 err = -EIO; 106 goto failed; 107 } 108 109 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]); 110 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]); 111 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]); 112 113 /* Check the status of the operation */ 114 switch ( rsp[CMD_RSP_OFFSET] ) 115 { 116 case EDL_CMD_REQ_RES_EVT: 117 ALOGI("%s: Command Request Response", __FUNCTION__); 118 switch(rsp[RSP_TYPE_OFFSET]) 119 { 120 case EDL_PATCH_VER_RES_EVT: 121 case EDL_APP_VER_RES_EVT: 122 ALOGI("\t Current Product ID\t\t: 0x%08x", 123 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 | 124 rsp[PATCH_PROD_ID_OFFSET+2] << 16 | 125 rsp[PATCH_PROD_ID_OFFSET+1] << 8 | 126 rsp[PATCH_PROD_ID_OFFSET] )); 127 128 /* Patch Version indicates FW patch version */ 129 ALOGI("\t Current Patch Version\t\t: 0x%04x", 130 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 | 131 rsp[PATCH_PATCH_VER_OFFSET] ))); 132 133 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */ 134 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver = 135 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 | 136 rsp[PATCH_ROM_BUILD_VER_OFFSET] )); 137 138 /* In case rome 1.0/1.1, there is no SOC ID version available */ 139 if (paramlen - 10) 140 { 141 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id = 142 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 | 143 rsp[PATCH_SOC_VER_OFFSET+2] << 16 | 144 rsp[PATCH_SOC_VER_OFFSET+1] << 8 | 145 rsp[PATCH_SOC_VER_OFFSET] )); 146 } 147 148 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) { 149 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid); 150 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion); 151 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", rome_ver); 152 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id); 153 fclose(btversionfile); 154 }else { 155 ALOGI("Failed to dump SOC version info. Errno:%d", errno); 156 } 157 158 /* Rome Chipset Version can be decided by Patch version and SOC version, 159 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be 160 used for SOC as combination for BT host driver */ 161 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff); 162 break; 163 case EDL_TVL_DNLD_RES_EVT: 164 case EDL_CMD_EXE_STATUS_EVT: 165 switch (err = rsp[CMD_STATUS_OFFSET]) 166 { 167 case HCI_CMD_SUCCESS: 168 ALOGI("%s: Download Packet successfully!", __FUNCTION__); 169 break; 170 case PATCH_LEN_ERROR: 171 ALOGI("%s: Invalid patch length argument passed for EDL PATCH " 172 "SET REQ cmd", __FUNCTION__); 173 break; 174 case PATCH_VER_ERROR: 175 ALOGI("%s: Invalid patch version argument passed for EDL PATCH " 176 "SET REQ cmd", __FUNCTION__); 177 break; 178 case PATCH_CRC_ERROR: 179 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__); 180 break; 181 case PATCH_NOT_FOUND: 182 ALOGI("%s: Invalid patch data!!!", __FUNCTION__); 183 break; 184 case TLV_TYPE_ERROR: 185 ALOGI("%s: TLV Type Error !!!", __FUNCTION__); 186 break; 187 default: 188 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err); 189 break; 190 } 191 break; 192 } 193 break; 194 195 case NVM_ACCESS_CODE: 196 ALOGI("%s: NVM Access Code!!!", __FUNCTION__); 197 err = HCI_CMD_SUCCESS; 198 break; 199 case EDL_SET_BAUDRATE_RSP_EVT: 200 /* Rome 1.1 has bug with the response, so it should ignore it. */ 201 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS) 202 { 203 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__, 204 rsp[CMD_STATUS_OFFSET]); 205 err = -1; 206 } 207 break; 208 case EDL_WIP_QUERY_CHARGING_STATUS_EVT: 209 /*TODO: rsp code 00 mean no charging 210 this is going to change in FW soon*/ 211 if (rsp[4] != EMBEDDED_MODE_CHECK) 212 { 213 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__); 214 wipower_handoff_ready = rsp[4]; 215 wipower_flag = 1; 216 } 217 break; 218 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT: 219 /*TODO: rsp code 00 mean no charging 220 this is going to change in FW soon*/ 221 if (rsp[4] == NON_WIPOWER_MODE) 222 { 223 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__); 224 } 225 break; 226 case HCI_VS_GET_ADDON_FEATURES_EVENT: 227 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK)) 228 { 229 ALOGD("%s: WiPower feature supported!!", __FUNCTION__); 230 property_set("persist.bluetooth.a4wp", "true"); 231 } 232 break; 233 default: 234 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 235 err = -1; 236 break; 237 } 238 239 failed: 240 return err; 241 } 242 243 244 /* 245 * Read an VS HCI event from the given file descriptor. 246 */ 247 int read_vs_hci_event(int fd, unsigned char* buf, int size) 248 { 249 int remain, r; 250 int count = 0, i; 251 252 if (size <= 0) { 253 ALOGE("Invalid size arguement!"); 254 return -1; 255 } 256 257 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__); 258 259 /* The first byte identifies the packet type. For HCI event packets, it 260 * should be 0x04, so we read until we get to the 0x04. */ 261 /* It will keep reading until find 0x04 byte */ 262 while (1) { 263 r = read(fd, buf, 1); 264 if (r <= 0) 265 return -1; 266 if (buf[0] == 0x04) 267 break; 268 } 269 count++; 270 271 /* The next two bytes are the event code and parameter total length. */ 272 while (count < 3) { 273 r = read(fd, buf + count, 3 - count); 274 if ((r <= 0) || (buf[1] != 0xFF )) { 275 ALOGE("It is not VS event !!"); 276 return -1; 277 } 278 count += r; 279 } 280 281 /* Now we read the parameters. */ 282 if (buf[2] < (size - 3)) 283 remain = buf[2]; 284 else 285 remain = size - 3; 286 287 while ((count - 3) < remain) { 288 r = read(fd, buf + count, remain - (count - 3)); 289 if (r <= 0) 290 return -1; 291 count += r; 292 } 293 294 /* Check if the set patch command is successful or not */ 295 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS) 296 return -1; 297 298 return count; 299 } 300 301 /* 302 * For Hand-Off related Wipower commands, Command complete arrives first and 303 * the followd with VS event 304 * 305 */ 306 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 307 { 308 int ret = 0; 309 int err = 0; 310 311 /* Send the HCI command packet to UART for transmission */ 312 ret = write(fd, cmd, size); 313 if (ret != size) { 314 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret); 315 goto failed; 316 } 317 318 /* Wait for command complete event */ 319 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 320 if ( err < 0) { 321 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__); 322 goto failed; 323 } 324 325 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__); 326 failed: 327 return ret; 328 } 329 330 331 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 332 { 333 int ret = 0; 334 335 /* Send the HCI command packet to UART for transmission */ 336 ret = write(fd, cmd, size); 337 if (ret != size) { 338 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 339 goto failed; 340 } 341 342 if (wait_vsc_evt) { 343 /* Check for response from the Controller */ 344 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 345 ret = -ETIMEDOUT; 346 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 347 goto failed; 348 } 349 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 350 } 351 352 failed: 353 return ret; 354 } 355 356 void frame_hci_cmd_pkt( 357 unsigned char *cmd, 358 int edl_cmd, unsigned int p_base_addr, 359 int segtNo, int size 360 ) 361 { 362 int offset = 0; 363 hci_command_hdr *cmd_hdr; 364 365 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 366 367 cmd_hdr = (void *) (cmd + 1); 368 369 cmd[0] = HCI_COMMAND_PKT; 370 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF); 371 cmd_hdr->plen = size; 372 cmd[4] = edl_cmd; 373 374 switch (edl_cmd) 375 { 376 case EDL_PATCH_SET_REQ_CMD: 377 /* Copy the patch header info as CMD params */ 378 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN); 379 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__); 380 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 381 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 382 break; 383 case EDL_PATCH_DLD_REQ_CMD: 384 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT); 385 p_base_addr += offset; 386 cmd_hdr->plen = (size + 6); 387 cmd[5] = (size + 4); 388 cmd[6] = EXTRACT_BYTE(p_base_addr, 0); 389 cmd[7] = EXTRACT_BYTE(p_base_addr, 1); 390 cmd[8] = EXTRACT_BYTE(p_base_addr, 2); 391 cmd[9] = EXTRACT_BYTE(p_base_addr, 3); 392 memcpy(&cmd[10], (pdata_buffer + offset), size); 393 394 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes", 395 __FUNCTION__, size); 396 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t" 397 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2], 398 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]); 399 break; 400 case EDL_PATCH_ATCH_REQ_CMD: 401 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__); 402 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 403 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 404 break; 405 case EDL_PATCH_RST_REQ_CMD: 406 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__); 407 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 408 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 409 break; 410 case EDL_PATCH_VER_REQ_CMD: 411 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__); 412 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 413 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 414 break; 415 case EDL_PATCH_TLV_REQ_CMD: 416 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__); 417 /* Parameter Total Length */ 418 cmd[3] = size +2; 419 420 /* TLV Segment Length */ 421 cmd[5] = size; 422 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 423 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]); 424 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT); 425 memcpy(&cmd[6], (pdata_buffer + offset), size); 426 break; 427 default: 428 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__); 429 } 430 } 431 432 void rome_extract_patch_header_info(unsigned char *buf) 433 { 434 int index; 435 436 /* Extract patch id */ 437 for (index = 0; index < 4; index++) 438 rampatch_patch_info.patch_id |= 439 (LSH(buf[index + P_ID_OFFSET], (index * 8))); 440 441 /* Extract (ROM and BUILD) version information */ 442 for (index = 0; index < 2; index++) 443 rampatch_patch_info.patch_ver.rom_version |= 444 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8))); 445 446 for (index = 0; index < 2; index++) 447 rampatch_patch_info.patch_ver.build_version |= 448 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8))); 449 450 /* Extract patch base and entry addresses */ 451 for (index = 0; index < 4; index++) 452 rampatch_patch_info.patch_base_addr |= 453 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8))); 454 455 /* Patch BASE & ENTRY addresses are same */ 456 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr; 457 458 /* Extract total length of the patch payload */ 459 for (index = 0; index < 4; index++) 460 rampatch_patch_info.patch_length |= 461 (LSH(buf[index + P_LEN_OFFSET], (index * 8))); 462 463 /* Extract the CRC checksum of the patch payload */ 464 for (index = 0; index < 4; index++) 465 rampatch_patch_info.patch_crc |= 466 (LSH(buf[index + P_CRC_OFFSET], (index * 8))); 467 468 /* Extract patch control value */ 469 for (index = 0; index < 4; index++) 470 rampatch_patch_info.patch_ctrl |= 471 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8))); 472 473 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id); 474 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version); 475 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version); 476 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length); 477 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc); 478 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl); 479 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr); 480 481 } 482 483 int rome_edl_set_patch_request(int fd) 484 { 485 int size, err; 486 unsigned char cmd[HCI_MAX_CMD_SIZE]; 487 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 488 489 /* Frame the HCI CMD to be sent to the Controller */ 490 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0, 491 -1, PATCH_HDR_LEN + 1); 492 493 /* Total length of the packet to be sent to the Controller */ 494 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 495 496 /* Send HCI Command packet to Controller */ 497 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 498 if ( err != size) { 499 ALOGE("Failed to set the patch info to the Controller!"); 500 goto error; 501 } 502 503 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 504 if ( err < 0) { 505 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 506 goto error; 507 } 508 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__); 509 error: 510 return err; 511 } 512 513 int rome_edl_patch_download_request(int fd) 514 { 515 int no_of_patch_segment; 516 int index = 1, err = 0, size = 0; 517 unsigned int p_base_addr; 518 unsigned char cmd[HCI_MAX_CMD_SIZE]; 519 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 520 521 no_of_patch_segment = (rampatch_patch_info.patch_length / 522 MAX_DATA_PER_SEGMENT); 523 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x", 524 __FUNCTION__, no_of_patch_segment, 525 rampatch_patch_info.patch_base_addr); 526 527 /* Initialize the patch base address from the one read from bin file */ 528 p_base_addr = rampatch_patch_info.patch_base_addr; 529 530 /* 531 * Depending upon size of the patch payload, download the patches in 532 * segments with a max. size of 239 bytes 533 */ 534 for (index = 1; index <= no_of_patch_segment; index++) { 535 536 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index); 537 538 /* Frame the HCI CMD PKT to be sent to Controller*/ 539 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, 540 index, MAX_DATA_PER_SEGMENT); 541 542 /* Total length of the packet to be sent to the Controller */ 543 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 544 545 /* Initialize the RSP packet everytime to 0 */ 546 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 547 548 /* Send HCI Command packet to Controller */ 549 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 550 if ( err != size) { 551 ALOGE("Failed to send the patch payload to the Controller!"); 552 goto error; 553 } 554 555 /* Read Command Complete Event */ 556 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 557 if ( err < 0) { 558 ALOGE("%s: Failed to downlaod patch segment: %d!", 559 __FUNCTION__, index); 560 goto error; 561 } 562 ALOGI("%s: Successfully downloaded patch segment: %d", 563 __FUNCTION__, index); 564 } 565 566 /* Check if any pending patch data to be sent */ 567 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ? 568 rampatch_patch_info.patch_length : 569 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT); 570 571 if (size) 572 { 573 /* Frame the HCI CMD PKT to be sent to Controller*/ 574 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size); 575 576 /* Initialize the RSP packet everytime to 0 */ 577 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 578 579 /* Total length of the packet to be sent to the Controller */ 580 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 581 582 /* Send HCI Command packet to Controller */ 583 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 584 if ( err != size) { 585 ALOGE("Failed to send the patch payload to the Controller!"); 586 goto error; 587 } 588 589 /* Read Command Complete Event */ 590 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 591 if ( err < 0) { 592 ALOGE("%s: Failed to downlaod patch segment: %d!", 593 __FUNCTION__, index); 594 goto error; 595 } 596 597 ALOGI("%s: Successfully downloaded patch segment: %d", 598 __FUNCTION__, index); 599 } 600 601 error: 602 return err; 603 } 604 605 static int rome_download_rampatch(int fd) 606 { 607 int c, tmp, size, index, ret = -1; 608 609 ALOGI("%s: ", __FUNCTION__); 610 611 /* Get handle to the RAMPATCH binary file */ 612 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH); 613 file = fopen(ROME_FW_PATH, "r"); 614 if (file == NULL) { 615 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!", 616 __FUNCTION__); 617 return -ENFILE; 618 } 619 620 /* Allocate memory for the patch headder info */ 621 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__); 622 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1); 623 if (phdr_buffer == NULL) { 624 ALOGE("%s: Failed to allocate memory for patch header", 625 __FUNCTION__); 626 goto phdr_alloc_failed; 627 } 628 for (index = 0; index < PATCH_HDR_LEN + 1; index++) 629 phdr_buffer[index] = 0x0; 630 631 /* Read 28 bytes of patch header information */ 632 ALOGI("%s: Reading patch header info", __FUNCTION__); 633 index = 0; 634 do { 635 c = fgetc (file); 636 phdr_buffer[index++] = (unsigned char)c; 637 } while (index != PATCH_HDR_LEN); 638 639 /* Save the patch header info into local structure */ 640 ALOGI("%s: Saving patch hdr. info", __FUNCTION__); 641 rome_extract_patch_header_info((unsigned char *)phdr_buffer); 642 643 /* Set the patch header info onto the Controller */ 644 ret = rome_edl_set_patch_request(fd); 645 if (ret < 0) { 646 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__); 647 goto pdata_alloc_failed; 648 } 649 650 /* Allocate memory for the patch payload */ 651 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__); 652 size = rampatch_patch_info.patch_length; 653 pdata_buffer = (unsigned char *) malloc(size+1); 654 if (pdata_buffer == NULL) { 655 ALOGE("%s: Failed to allocate memory for patch payload", 656 __FUNCTION__); 657 goto pdata_alloc_failed; 658 } 659 for (index = 0; index < size+1; index++) 660 pdata_buffer[index] = 0x0; 661 662 /* Read the patch data from Rampatch binary image */ 663 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__); 664 index = 0; 665 do { 666 c = fgetc (file); 667 pdata_buffer[index++] = (unsigned char)c; 668 } while (c != EOF); 669 670 /* Downloading patches in segments to controller */ 671 ret = rome_edl_patch_download_request(fd); 672 if (ret < 0) { 673 ALOGE("%s: Error downloading patch segments!", __FUNCTION__); 674 goto cleanup; 675 } 676 cleanup: 677 free(pdata_buffer); 678 pdata_alloc_failed: 679 free(phdr_buffer); 680 phdr_alloc_failed: 681 fclose(file); 682 error: 683 return ret; 684 } 685 686 int rome_attach_rampatch(int fd) 687 { 688 int size, err; 689 unsigned char cmd[HCI_MAX_CMD_SIZE]; 690 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 691 692 /* Frame the HCI CMD to be sent to the Controller */ 693 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0, 694 -1, EDL_PATCH_CMD_LEN); 695 696 /* Total length of the packet to be sent to the Controller */ 697 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 698 699 /* Send HCI Command packet to Controller */ 700 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 701 if ( err != size) { 702 ALOGE("Failed to attach the patch payload to the Controller!"); 703 goto error; 704 } 705 706 /* Read Command Complete Event */ 707 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 708 if ( err < 0) { 709 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__); 710 goto error; 711 } 712 error: 713 return err; 714 } 715 716 int rome_rampatch_reset(int fd) 717 { 718 int size, err = 0, flags; 719 unsigned char cmd[HCI_MAX_CMD_SIZE]; 720 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */ 721 722 /* Frame the HCI CMD to be sent to the Controller */ 723 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0, 724 -1, EDL_PATCH_CMD_LEN); 725 726 /* Total length of the packet to be sent to the Controller */ 727 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 728 729 /* Send HCI Command packet to Controller */ 730 err = write(fd, cmd, size); 731 if (err != size) { 732 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 733 goto error; 734 } 735 736 /* 737 * Controller doesn't sends any response for the patch reset 738 * command. HOST has to wait for 100ms before proceeding. 739 */ 740 nanosleep(&tm, NULL); 741 742 error: 743 return err; 744 } 745 746 int rome_get_tlv_file(char *file_path) 747 { 748 FILE * pFile; 749 long fileSize; 750 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i; 751 unsigned short nvm_tag_len; 752 tlv_patch_info *ptlv_header; 753 tlv_nvm_hdr *nvm_ptr; 754 unsigned char data_buf[PRINT_BUF_SIZE]={0,}; 755 unsigned char *nvm_byte_ptr; 756 757 ALOGI("File Open (%s)", file_path); 758 pFile = fopen ( file_path , "r" ); 759 if (pFile==NULL) {; 760 ALOGE("%s File Open Fail", file_path); 761 return -1; 762 } 763 764 /* Get File Size */ 765 fseek (pFile , 0 , SEEK_END); 766 fileSize = ftell (pFile); 767 rewind (pFile); 768 769 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize); 770 if (pdata_buffer == NULL) { 771 ALOGE("Allocated Memory failed"); 772 fclose (pFile); 773 return -1; 774 } 775 776 /* Copy file into allocated buffer */ 777 readSize = fread (pdata_buffer,1,fileSize,pFile); 778 779 /* File Close */ 780 fclose (pFile); 781 782 if (readSize != fileSize) { 783 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize); 784 return -1; 785 } 786 787 ptlv_header = (tlv_patch_info *) pdata_buffer; 788 789 /* To handle different event between rampatch and NVM */ 790 gTlv_type = ptlv_header->tlv_type; 791 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg; 792 793 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){ 794 ALOGI("===================================================="); 795 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 796 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) | 797 (ptlv_header->tlv_length2 << 8) | 798 (ptlv_header->tlv_length3 << 16)); 799 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len); 800 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len); 801 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver); 802 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm); 803 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg); 804 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1); 805 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id); 806 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver); 807 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver); 808 if (fw_su_info ) { 809 FILE *btversionfile = 0; 810 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) { 811 fprintf(btversionfile, "Bluetooth Controller FW SU Version : 0x%04x (%s-%05d)\n", 812 ptlv_header->tlv.patch.patch_ver, 813 fw_su_info, 814 (ptlv_header->tlv.patch.patch_ver - fw_su_offset ) 815 ); 816 fclose(btversionfile); 817 } 818 } 819 820 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2); 821 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr)); 822 ALOGI("===================================================="); 823 824 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) { 825 ALOGI("===================================================="); 826 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 827 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) | 828 (ptlv_header->tlv_length2 << 8) | 829 (ptlv_header->tlv_length3 << 16)); 830 831 if(nvm_length <= 0) 832 return readSize; 833 834 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0; 835 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr) 836 { 837 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id); 838 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len); 839 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr); 840 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag); 841 842 /* Increase nvm_index to NVM data */ 843 nvm_index+=sizeof(tlv_nvm_hdr); 844 nvm_byte_ptr+=sizeof(tlv_nvm_hdr); 845 846 /* Write BD Address */ 847 if(nvm_ptr->tag_id == TAG_NUM_2){ 848 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6); 849 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x", 850 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2), 851 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5)); 852 } 853 854 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++) 855 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i)); 856 857 ALOGI("TAG Data\t\t\t : %s", data_buf); 858 859 /* Clear buffer */ 860 memset(data_buf, 0x0, PRINT_BUF_SIZE); 861 862 /* increased by tag_len */ 863 nvm_index+=nvm_ptr->tag_len; 864 nvm_byte_ptr +=nvm_ptr->tag_len; 865 } 866 867 ALOGI("===================================================="); 868 869 } else { 870 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type); 871 } 872 873 return readSize; 874 } 875 876 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt) 877 { 878 int size=0, err = -1; 879 unsigned char cmd[HCI_MAX_CMD_SIZE]; 880 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 881 882 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size); 883 884 /* Frame the HCI CMD PKT to be sent to Controller*/ 885 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size); 886 887 /* Total length of the packet to be sent to the Controller */ 888 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 889 890 /* Initialize the RSP packet everytime to 0 */ 891 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 892 893 /* Send HCI Command packet to Controller */ 894 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 895 if ( err != size) { 896 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err); 897 return err; 898 } 899 900 if(wait_cc_evt) { 901 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 902 if ( err < 0) { 903 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index); 904 return err; 905 } 906 } 907 908 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index); 909 return err; 910 } 911 912 int rome_tlv_dnld_req(int fd, int tlv_size) 913 { 914 int total_segment, remain_size, i, err = -1; 915 unsigned char wait_cc_evt; 916 917 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT; 918 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\ 919 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT); 920 921 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d", 922 __FUNCTION__,tlv_size, total_segment, remain_size); 923 924 if (gTlv_type == TLV_TYPE_PATCH) { 925 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event 926 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the 927 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now 928 */ 929 switch(gTlv_dwndCfg) 930 { 931 case ROME_SKIP_EVT_NONE: 932 wait_vsc_evt = TRUE; 933 wait_cc_evt = TRUE; 934 ALOGI("Event handling type: ROME_SKIP_EVT_NONE"); 935 break; 936 case ROME_SKIP_EVT_VSE_CC: 937 wait_vsc_evt = FALSE; 938 wait_cc_evt = FALSE; 939 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC"); 940 break; 941 /* Not handled for now */ 942 case ROME_SKIP_EVT_VSE: 943 case ROME_SKIP_EVT_CC: 944 default: 945 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg); 946 break; 947 } 948 } else { 949 wait_vsc_evt = TRUE; 950 wait_cc_evt = TRUE; 951 } 952 953 for(i=0;i<total_segment ;i++){ 954 if ((i+1) == total_segment) { 955 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 956 /* If the Rome version is from 1.1 to 3.1 957 * 1. No CCE for the last command segment but all other segment 958 * 2. All the command segments get VSE including the last one 959 */ 960 wait_cc_evt = !remain_size ? FALSE: TRUE; 961 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 962 /* If the Rome version is 3.2 963 * 1. None of the command segments receive CCE 964 * 2. No command segments receive VSE except the last one 965 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 966 * same as Rome 2.1, 2.2, 3.0 967 */ 968 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 969 wait_cc_evt = !remain_size ? FALSE: TRUE; 970 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 971 wait_vsc_evt = !remain_size ? TRUE: FALSE; 972 } 973 } 974 } 975 976 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0) 977 goto error; 978 } 979 980 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 981 /* If the Rome version is from 1.1 to 3.1 982 * 1. No CCE for the last command segment but all other segment 983 * 2. All the command segments get VSE including the last one 984 */ 985 wait_cc_evt = remain_size ? FALSE: TRUE; 986 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 987 /* If the Rome version is 3.2 988 * 1. None of the command segments receive CCE 989 * 2. No command segments receive VSE except the last one 990 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 991 * same as Rome 2.1, 2.2, 3.0 992 */ 993 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 994 wait_cc_evt = remain_size ? FALSE: TRUE; 995 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 996 wait_vsc_evt = remain_size ? TRUE: FALSE; 997 } 998 } 999 1000 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt); 1001 1002 error: 1003 return err; 1004 } 1005 1006 int rome_download_tlv_file(int fd) 1007 { 1008 int tlv_size, err = -1; 1009 1010 /* Rampatch TLV file Downloading */ 1011 pdata_buffer = NULL; 1012 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0) 1013 goto error; 1014 1015 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1016 goto error; 1017 1018 if (pdata_buffer != NULL){ 1019 free (pdata_buffer); 1020 pdata_buffer = NULL; 1021 } 1022 /* NVM TLV file Downloading */ 1023 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0) 1024 goto error; 1025 1026 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1027 goto error; 1028 1029 error: 1030 if (pdata_buffer != NULL) 1031 free (pdata_buffer); 1032 1033 return err; 1034 } 1035 1036 int rome_1_0_nvm_tag_dnld(int fd) 1037 { 1038 int i, size, err = 0; 1039 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1040 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1041 1042 #if (NVM_VERSION >= ROME_1_0_100019) 1043 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1044 { 1045 /* Tag 2 */ /* BD Address */ 1046 { /* Packet Type */HCI_COMMAND_PKT, 1047 /* Opcode */ 0x0b,0xfc, 1048 /* Total Len */ 9, 1049 /* NVM CMD */ NVM_ACCESS_SET, 1050 /* Tag Num */ 2, 1051 /* Tag Len */ 6, 1052 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 1053 }, 1054 /* Tag 6 */ /* Bluetooth Support Features */ 1055 { /* Packet Type */HCI_COMMAND_PKT, 1056 /* Opcode */ 0x0b,0xfc, 1057 /* Total Len */ 11, 1058 /* NVM CMD */ NVM_ACCESS_SET, 1059 /* Tag Num */ 6, 1060 /* Tag Len */ 8, 1061 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1062 }, 1063 /* Tag 17 */ /* HCI Transport Layer Setting */ 1064 { /* Packet Type */HCI_COMMAND_PKT, 1065 /* Opcode */ 0x0b,0xfc, 1066 /* Total Len */ 11, 1067 /* NVM CMD */ NVM_ACCESS_SET, 1068 /* Tag Num */ 17, 1069 /* Tag Len */ 8, 1070 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1071 }, 1072 /* Tag 35 */ 1073 { /* Packet Type */HCI_COMMAND_PKT, 1074 /* Opcode */ 0x0b,0xfc, 1075 /* Total Len */ 58, 1076 /* NVM CMD */ NVM_ACCESS_SET, 1077 /* Tag Num */ 35, 1078 /* Tag Len */ 55, 1079 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59, 1080 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1081 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1082 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1083 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1084 0x1B, 0x14, 0x01, 0x04, 0x48 1085 }, 1086 /* Tag 36 */ 1087 { /* Packet Type */HCI_COMMAND_PKT, 1088 /* Opcode */ 0x0b,0xfc, 1089 /* Total Len */ 15, 1090 /* NVM CMD */ NVM_ACCESS_SET, 1091 /* Tag Num */ 36, 1092 /* Tag Len */ 12, 1093 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1094 }, 1095 /* Tag 39 */ 1096 { /* Packet Type */HCI_COMMAND_PKT, 1097 /* Opcode */ 0x0b,0xfc, 1098 /* Total Len */ 7, 1099 /* NVM CMD */ NVM_ACCESS_SET, 1100 /* Tag Num */ 39, 1101 /* Tag Len */ 4, 1102 /* Tag Value */ 0x12,0x00,0x00,0x00 1103 }, 1104 /* Tag 41 */ 1105 { /* Packet Type */HCI_COMMAND_PKT, 1106 /* Opcode */ 0x0b,0xfc, 1107 /* Total Len */ 91, 1108 /* NVM CMD */ NVM_ACCESS_SET, 1109 /* Tag Num */ 41, 1110 /* Tag Len */ 88, 1111 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00, 1112 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00, 1113 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00, 1114 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00, 1115 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01, 1116 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00, 1117 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01, 1118 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00, 1119 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00 1120 }, 1121 /* Tag 42 */ 1122 { /* Packet Type */HCI_COMMAND_PKT, 1123 /* Opcode */ 0x0b,0xfc, 1124 /* Total Len */ 63, 1125 /* NVM CMD */ NVM_ACCESS_SET, 1126 /* Tag Num */ 42, 1127 /* Tag Len */ 60, 1128 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47, 1129 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01, 1130 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01, 1131 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A, 1132 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00, 1133 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01 1134 }, 1135 /* Tag 84 */ 1136 { /* Packet Type */HCI_COMMAND_PKT, 1137 /* Opcode */ 0x0b,0xfc, 1138 /* Total Len */ 153, 1139 /* NVM CMD */ NVM_ACCESS_SET, 1140 /* Tag Num */ 84, 1141 /* Tag Len */ 150, 1142 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28, 1143 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28, 1144 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28, 1145 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18, 1146 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 1147 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13, 1148 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12, 1149 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01, 1150 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D, 1151 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D, 1152 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00, 1153 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40, 1154 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00, 1155 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00, 1156 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D 1157 }, 1158 /* Tag 85 */ 1159 { /* Packet Type */HCI_COMMAND_PKT, 1160 /* Opcode */ 0x0b,0xfc, 1161 /* Total Len */ 119, 1162 /* NVM CMD */ NVM_ACCESS_SET, 1163 /* Tag Num */ 85, 1164 /* Tag Len */ 116, 1165 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59, 1166 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E, 1167 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02, 1168 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02, 1169 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00, 1170 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F, 1171 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C, 1172 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 1173 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00, 1174 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00, 1175 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00, 1176 0x12, 0x04, 0x04, 0x01, 0x04, 0x03 1177 }, 1178 {TAG_END} 1179 }; 1180 #elif (NVM_VERSION == ROME_1_0_6002) 1181 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1182 { 1183 /* Tag 2 */ 1184 { /* Packet Type */HCI_COMMAND_PKT, 1185 /* Opcode */ 0x0b,0xfc, 1186 /* Total Len */ 9, 1187 /* NVM CMD */ NVM_ACCESS_SET, 1188 /* Tag Num */ 2, 1189 /* Tag Len */ 6, 1190 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */ 1191 }, 1192 /* Tag 6 */ 1193 { /* Packet Type */HCI_COMMAND_PKT, 1194 /* Opcode */ 0x0b,0xfc, 1195 /* Total Len */ 11, 1196 /* NVM CMD */ NVM_ACCESS_SET, 1197 /* Tag Num */ 6, 1198 /* Tag Len */ 8, 1199 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1200 }, 1201 /* Tag 17 */ 1202 { /* Packet Type */HCI_COMMAND_PKT, 1203 /* Opcode */ 0x0b,0xfc, 1204 /* Total Len */ 11, 1205 /* NVM CMD */ NVM_ACCESS_SET, 1206 /* Tag Num */ 17, 1207 /* Tag Len */ 8, 1208 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1209 }, 1210 /* Tag 36 */ 1211 { /* Packet Type */HCI_COMMAND_PKT, 1212 /* Opcode */ 0x0b,0xfc, 1213 /* Total Len */ 15, 1214 /* NVM CMD */ NVM_ACCESS_SET, 1215 /* Tag Num */ 36, 1216 /* Tag Len */ 12, 1217 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1218 }, 1219 1220 /* Tag 39 */ 1221 { /* Packet Type */HCI_COMMAND_PKT, 1222 /* Opcode */ 0x0b,0xfc, 1223 /* Total Len */ 7, 1224 /* NVM CMD */ NVM_ACCESS_SET, 1225 /* Tag Num */ 39, 1226 /* Tag Len */ 4, 1227 /* Tag Value */ 0x12,0x00,0x00,0x00 1228 }, 1229 1230 /* Tag 41 */ 1231 { /* Packet Type */HCI_COMMAND_PKT, 1232 /* Opcode */ 0x0b,0xfc, 1233 /* Total Len */ 199, 1234 /* NVM CMD */ NVM_ACCESS_SET, 1235 /* Tag Num */ 41, 1236 /* Tag Len */ 196, 1237 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00, 1238 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00, 1239 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00, 1240 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00, 1241 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00, 1242 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00, 1243 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00, 1244 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00, 1245 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00, 1246 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00, 1247 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00, 1248 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00, 1249 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00, 1250 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00, 1251 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00, 1252 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00, 1253 0x0B,0x01,0x03,0x00 1254 }, 1255 1256 /* Tag 44 */ 1257 { /* Packet Type */HCI_COMMAND_PKT, 1258 /* Opcode */ 0x0b,0xfc, 1259 /* Total Len */ 44, 1260 /* NVM CMD */ NVM_ACCESS_SET, 1261 /* Tag Num */ 44, 1262 /* Tag Len */ 41, 1263 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02, 1264 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01, 1265 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01, 1266 0x00,0x14,0x01,0x02,0x03 1267 }, 1268 {TAG_END} 1269 }; 1270 #endif 1271 1272 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION); 1273 1274 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++) 1275 { 1276 /* Write BD Address */ 1277 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){ 1278 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6); 1279 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", 1280 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1], 1281 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3], 1282 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]); 1283 } 1284 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1; 1285 /* Send HCI Command packet to Controller */ 1286 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size); 1287 if ( err != size) { 1288 ALOGE("Failed to attach the patch payload to the Controller!"); 1289 goto error; 1290 } 1291 1292 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1293 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1294 if ( err < 0) { 1295 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1296 goto error; 1297 } 1298 } 1299 1300 error: 1301 return err; 1302 } 1303 1304 1305 1306 int rome_patch_ver_req(int fd) 1307 { 1308 int size, err = 0; 1309 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1310 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1311 1312 /* Frame the HCI CMD to be sent to the Controller */ 1313 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0, 1314 -1, EDL_PATCH_CMD_LEN); 1315 1316 /* Total length of the packet to be sent to the Controller */ 1317 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1318 1319 /* Send HCI Command packet to Controller */ 1320 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1321 if ( err != size) { 1322 ALOGE("Failed to attach the patch payload to the Controller!"); 1323 goto error; 1324 } 1325 1326 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1327 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1328 if ( err < 0) { 1329 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1330 goto error; 1331 } 1332 error: 1333 return err; 1334 1335 } 1336 1337 1338 int rome_set_baudrate_req(int fd) 1339 { 1340 int size, err = 0; 1341 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1342 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1343 hci_command_hdr *cmd_hdr; 1344 int flags; 1345 1346 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1347 1348 cmd_hdr = (void *) (cmd + 1); 1349 cmd[0] = HCI_COMMAND_PKT; 1350 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF); 1351 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN; 1352 cmd[4] = BAUDRATE_3000000; 1353 1354 /* Total length of the packet to be sent to the Controller */ 1355 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN); 1356 1357 /* Flow off during baudrate change */ 1358 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1359 { 1360 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1361 goto error; 1362 } 1363 1364 /* Send the HCI command packet to UART for transmission */ 1365 err = write(fd, cmd, size); 1366 if (err != size) { 1367 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1368 goto error; 1369 } 1370 1371 /* Change Local UART baudrate to high speed UART */ 1372 userial_vendor_set_baud(USERIAL_BAUD_3M); 1373 1374 /* Flow on after changing local uart baudrate */ 1375 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1376 { 1377 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1378 return err; 1379 } 1380 1381 /* Check for response from the Controller */ 1382 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) { 1383 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 1384 goto error; 1385 } 1386 1387 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 1388 1389 /* Wait for command complete event */ 1390 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1391 if ( err < 0) { 1392 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1393 goto error; 1394 } 1395 1396 error: 1397 return err; 1398 1399 } 1400 1401 1402 int rome_hci_reset_req(int fd) 1403 { 1404 int size, err = 0; 1405 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1406 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1407 hci_command_hdr *cmd_hdr; 1408 int flags; 1409 1410 ALOGI("%s: HCI RESET ", __FUNCTION__); 1411 1412 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1413 1414 cmd_hdr = (void *) (cmd + 1); 1415 cmd[0] = HCI_COMMAND_PKT; 1416 cmd_hdr->opcode = HCI_RESET; 1417 cmd_hdr->plen = 0; 1418 1419 /* Total length of the packet to be sent to the Controller */ 1420 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1421 1422 /* Flow off during baudrate change */ 1423 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1424 { 1425 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1426 goto error; 1427 } 1428 1429 /* Send the HCI command packet to UART for transmission */ 1430 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]); 1431 err = write(fd, cmd, size); 1432 if (err != size) { 1433 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1434 goto error; 1435 } 1436 1437 /* Change Local UART baudrate to high speed UART */ 1438 userial_vendor_set_baud(USERIAL_BAUD_3M); 1439 1440 /* Flow on after changing local uart baudrate */ 1441 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1442 { 1443 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1444 return err; 1445 } 1446 1447 /* Wait for command complete event */ 1448 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1449 if ( err < 0) { 1450 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1451 goto error; 1452 } 1453 1454 error: 1455 return err; 1456 1457 } 1458 1459 1460 int rome_hci_reset(int fd) 1461 { 1462 int size, err = 0; 1463 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1464 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1465 hci_command_hdr *cmd_hdr; 1466 int flags; 1467 1468 ALOGI("%s: HCI RESET ", __FUNCTION__); 1469 1470 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1471 1472 cmd_hdr = (void *) (cmd + 1); 1473 cmd[0] = HCI_COMMAND_PKT; 1474 cmd_hdr->opcode = HCI_RESET; 1475 cmd_hdr->plen = 0; 1476 1477 /* Total length of the packet to be sent to the Controller */ 1478 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1479 err = write(fd, cmd, size); 1480 if (err != size) { 1481 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1482 err = -1; 1483 goto error; 1484 } 1485 1486 /* Wait for command complete event */ 1487 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1488 if ( err < 0) { 1489 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1490 goto error; 1491 } 1492 1493 error: 1494 return err; 1495 1496 } 1497 1498 int rome_wipower_current_charging_status_req(int fd) 1499 { 1500 int size, err = 0; 1501 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1502 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1503 hci_command_hdr *cmd_hdr; 1504 int flags; 1505 1506 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1507 1508 cmd_hdr = (void *) (cmd + 1); 1509 cmd[0] = HCI_COMMAND_PKT; 1510 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1511 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN; 1512 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD; 1513 1514 /* Total length of the packet to be sent to the Controller */ 1515 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN); 1516 1517 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__); 1518 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1519 1520 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1521 if ( err != size) { 1522 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!"); 1523 goto error; 1524 } 1525 1526 /* Check for response from the Controller */ 1527 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1528 err = -ETIMEDOUT; 1529 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1530 goto error; 1531 } 1532 1533 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1534 if (rsp[4] >= NON_WIPOWER_MODE) { 1535 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1536 if (err < 0) { 1537 ALOGE("%s: Failed to get charging status", __FUNCTION__); 1538 goto error; 1539 } 1540 } 1541 1542 error: 1543 return err; 1544 } 1545 1546 int addon_feature_req(int fd) 1547 { 1548 int size, err = 0; 1549 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1550 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1551 hci_command_hdr *cmd_hdr; 1552 int flags; 1553 1554 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1555 1556 cmd_hdr = (void *) (cmd + 1); 1557 cmd[0] = HCI_COMMAND_PKT; 1558 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT); 1559 cmd_hdr->plen = 0x00; 1560 1561 /* Total length of the packet to be sent to the Controller */ 1562 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1563 1564 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__); 1565 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]); 1566 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1567 if ( err != size) { 1568 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!"); 1569 goto error; 1570 } 1571 1572 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1573 if (err < 0) { 1574 ALOGE("%s: Failed to get feature request", __FUNCTION__); 1575 goto error; 1576 } 1577 error: 1578 return err; 1579 } 1580 1581 1582 int check_embedded_mode(int fd) { 1583 int err = 0; 1584 1585 wipower_flag = 0; 1586 /* Get current wipower charging status */ 1587 if ((err = rome_wipower_current_charging_status_req(fd)) < 0) 1588 { 1589 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err); 1590 } 1591 usleep(500); 1592 1593 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag); 1594 1595 return wipower_flag; 1596 } 1597 1598 int rome_get_addon_feature_list(fd) { 1599 int err = 0; 1600 1601 /* Get addon features that are supported by FW */ 1602 if ((err = addon_feature_req(fd)) < 0) 1603 { 1604 ALOGE("%s: failed (0x%x)", __FUNCTION__, err); 1605 } 1606 return err; 1607 } 1608 1609 int rome_wipower_forward_handoff_req(int fd) 1610 { 1611 int size, err = 0; 1612 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1613 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1614 hci_command_hdr *cmd_hdr; 1615 int flags; 1616 1617 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1618 1619 cmd_hdr = (void *) (cmd + 1); 1620 cmd[0] = HCI_COMMAND_PKT; 1621 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1622 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN; 1623 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD; 1624 1625 /* Total length of the packet to be sent to the Controller */ 1626 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN); 1627 1628 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__); 1629 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1630 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1631 if ( err != size) { 1632 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!"); 1633 goto error; 1634 } 1635 1636 /* Check for response from the Controller */ 1637 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1638 err = -ETIMEDOUT; 1639 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1640 goto error; 1641 } 1642 1643 error: 1644 return err; 1645 } 1646 1647 1648 static void enable_controller_log (int fd) 1649 { 1650 int ret = 0; 1651 /* VS command to enable controller logging to the HOST. By default it is disabled */ 1652 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00}; 1653 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1654 char value[PROPERTY_VALUE_MAX] = {'\0'}; 1655 1656 property_get("persist.service.bdroid.soclog", value, "false"); 1657 1658 // value at cmd[5]: 1 - to enable, 0 - to disable 1659 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0; 1660 ALOGI("%s: %d", __func__, ret); 1661 1662 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6); 1663 if (ret != 6) { 1664 ALOGE("%s: command failed", __func__); 1665 } 1666 } 1667 1668 1669 static int disable_internal_ldo(int fd) 1670 { 1671 int ret = 0; 1672 if (enable_extldo) { 1673 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32}; 1674 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1675 1676 ALOGI(" %s ", __FUNCTION__); 1677 ret = write(fd, cmd, 5); 1678 if (ret != 5) { 1679 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 1680 ret = -1; 1681 } else { 1682 /* Wait for command complete event */ 1683 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1684 if ( ret < 0) { 1685 ALOGE("%s: Failed to get response from controller", __FUNCTION__); 1686 } 1687 } 1688 } 1689 return ret; 1690 } 1691 1692 int rome_soc_init(int fd, char *bdaddr) 1693 { 1694 int err = -1, size = 0; 1695 1696 ALOGI(" %s ", __FUNCTION__); 1697 1698 /* If wipower charging is going on in embedded mode then start hand off req */ 1699 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE) 1700 { 1701 wipower_flag = 0; 1702 wipower_handoff_ready = 0; 1703 if ((err = rome_wipower_forward_handoff_req(fd)) < 0) 1704 { 1705 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err); 1706 } 1707 } 1708 1709 /* Get Rome version information */ 1710 if((err = rome_patch_ver_req(fd)) <0){ 1711 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err); 1712 goto error; 1713 } 1714 1715 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver); 1716 1717 switch (rome_ver){ 1718 case ROME_VER_1_0: 1719 { 1720 /* Set and Download the RAMPATCH */ 1721 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__); 1722 err = rome_download_rampatch(fd); 1723 if (err < 0) { 1724 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__); 1725 goto error; 1726 } 1727 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__); 1728 1729 /* Attach the RAMPATCH */ 1730 ALOGI("%s: Attaching the patches", __FUNCTION__); 1731 err = rome_attach_rampatch(fd); 1732 if (err < 0) { 1733 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__); 1734 goto error; 1735 } 1736 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__); 1737 1738 /* Send Reset */ 1739 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1740 err = rome_rampatch_reset(fd); 1741 if ( err < 0 ) { 1742 ALOGE("Failed to RESET after RAMPATCH upgrade!"); 1743 goto error; 1744 } 1745 1746 /* NVM download */ 1747 ALOGI("%s: Downloading NVM", __FUNCTION__); 1748 err = rome_1_0_nvm_tag_dnld(fd); 1749 if ( err <0 ) { 1750 ALOGE("Downloading NVM Failed !!"); 1751 goto error; 1752 } 1753 1754 /* Change baud rate 115.2 kbps to 3Mbps*/ 1755 err = rome_hci_reset_req(fd); 1756 if (err < 0) { 1757 ALOGE("HCI Reset Failed !!"); 1758 goto error; 1759 } 1760 1761 ALOGI("HCI Reset is done\n"); 1762 } 1763 break; 1764 case ROME_VER_1_1: 1765 rampatch_file_path = ROME_RAMPATCH_TLV_PATH; 1766 nvm_file_path = ROME_NVM_TLV_PATH; 1767 goto download; 1768 case ROME_VER_1_3: 1769 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH; 1770 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH; 1771 goto download; 1772 case ROME_VER_2_1: 1773 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH; 1774 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH; 1775 goto download; 1776 case ROME_VER_3_0: 1777 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH; 1778 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH; 1779 fw_su_info = ROME_3_1_FW_SU; 1780 fw_su_offset = ROME_3_1_FW_SW_OFFSET; 1781 goto download; 1782 case ROME_VER_3_2: 1783 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH; 1784 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH; 1785 fw_su_info = ROME_3_2_FW_SU; 1786 fw_su_offset = ROME_3_2_FW_SW_OFFSET; 1787 1788 download: 1789 /* Change baud rate 115.2 kbps to 3Mbps*/ 1790 err = rome_set_baudrate_req(fd); 1791 if (err < 0) { 1792 ALOGE("%s: Baud rate change failed!", __FUNCTION__); 1793 goto error; 1794 } 1795 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__); 1796 /* Donwload TLV files (rampatch, NVM) */ 1797 err = rome_download_tlv_file(fd); 1798 if (err < 0) { 1799 ALOGE("%s: Download TLV file failed!", __FUNCTION__); 1800 goto error; 1801 } 1802 ALOGI("%s: Download TLV file successfully ", __FUNCTION__); 1803 /* This function sends a vendor specific command to enable/disable 1804 * controller logs on need. Once the command is received to the SOC, 1805 * It would start sending cotroller's print strings and LMP RX/TX 1806 * packets to the HOST (over the UART) which will be logged in QXDM. 1807 * The property 'enablebtsoclog' used to send this command on BT init 1808 * sequence. 1809 */ 1810 enable_controller_log(fd); 1811 1812 /* Disable internal LDO to use external LDO instead*/ 1813 err = disable_internal_ldo(fd); 1814 1815 /* Send HCI Reset */ 1816 err = rome_hci_reset(fd); 1817 if ( err <0 ) { 1818 ALOGE("HCI Reset Failed !!"); 1819 goto error; 1820 } 1821 1822 ALOGI("HCI Reset is done\n"); 1823 1824 break; 1825 case ROME_VER_UNKNOWN: 1826 default: 1827 ALOGI("%s: Detected unknown ROME version", __FUNCTION__); 1828 err = -1; 1829 break; 1830 } 1831 1832 error: 1833 return err; 1834 } 1835
