1 /* 2 * 3 * Copyright (c) 2013, The Linux Foundation. All rights reserved. 4 * Not a Contribution. 5 * 6 * Copyright 2012 The Android Open Source Project 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you 9 * may not use this file except in compliance with the License. You may 10 * obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * permissions and limitations under the License. 19 * 20 */ 21 22 /****************************************************************************** 23 * 24 * Filename: hw_rome.c 25 * 26 * Description: Contains controller-specific functions, like 27 * firmware patch download 28 * low power mode operations 29 * 30 ******************************************************************************/ 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #define LOG_TAG "bt_vendor" 36 37 #include <sys/socket.h> 38 #include <utils/Log.h> 39 #include <sys/types.h> 40 #include <sys/stat.h> 41 #include <signal.h> 42 #include <time.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <dirent.h> 46 #include <ctype.h> 47 #include <cutils/properties.h> 48 #include <stdlib.h> 49 #include <termios.h> 50 #include <string.h> 51 #include <stdbool.h> 52 #include "bt_hci_bdroid.h" 53 #include "bt_vendor_qcom.h" 54 #include "hci_uart.h" 55 #include "hw_rome.h" 56 57 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt" 58 59 #ifdef __cplusplus 60 } 61 #endif 62 63 int read_vs_hci_event(int fd, unsigned char* buf, int size); 64 65 /****************************************************************************** 66 ** Variables 67 ******************************************************************************/ 68 FILE *file; 69 unsigned char *phdr_buffer; 70 unsigned char *pdata_buffer = NULL; 71 patch_info rampatch_patch_info; 72 int rome_ver = ROME_VER_UNKNOWN; 73 unsigned char gTlv_type; 74 unsigned char gTlv_dwndCfg; 75 static unsigned int wipower_flag = 0; 76 static unsigned int wipower_handoff_ready = 0; 77 char *rampatch_file_path; 78 char *nvm_file_path; 79 char *fw_su_info = NULL; 80 unsigned short fw_su_offset =0; 81 extern char enable_extldo; 82 unsigned char wait_vsc_evt = TRUE; 83 bool patch_dnld_pending = FALSE; 84 int dnld_fd = -1; 85 /****************************************************************************** 86 ** Extern variables 87 ******************************************************************************/ 88 extern uint8_t vnd_local_bd_addr[6]; 89 90 /***************************************************************************** 91 ** Functions 92 *****************************************************************************/ 93 int do_write(int fd, unsigned char *buf,int len) 94 { 95 int ret = 0; 96 int write_offset = 0; 97 int write_len = len; 98 do { 99 ret = write(fd,buf+write_offset,write_len); 100 if (ret < 0) 101 { 102 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno)); 103 return -1; 104 } else if (ret == 0) { 105 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno)); 106 return 0; 107 } else { 108 if (ret < write_len) { 109 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret, 110 strerror(errno)); 111 write_len = write_len - ret; 112 write_offset = ret; 113 } else { 114 ALOGV("Write successful"); 115 break; 116 } 117 } 118 } while(1); 119 return len; 120 } 121 122 int get_vs_hci_event(unsigned char *rsp) 123 { 124 int err = 0; 125 unsigned char paramlen = 0; 126 unsigned char EMBEDDED_MODE_CHECK = 0x02; 127 FILE *btversionfile = 0; 128 unsigned int soc_id = 0; 129 unsigned int productid = 0; 130 unsigned short patchversion = 0; 131 char build_label[255]; 132 int build_lbl_len; 133 134 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE)) 135 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__); 136 else { 137 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__); 138 err = -EIO; 139 goto failed; 140 } 141 142 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]); 143 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]); 144 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]); 145 146 /* Check the status of the operation */ 147 switch ( rsp[CMD_RSP_OFFSET] ) 148 { 149 case EDL_CMD_REQ_RES_EVT: 150 ALOGI("%s: Command Request Response", __FUNCTION__); 151 switch(rsp[RSP_TYPE_OFFSET]) 152 { 153 case EDL_PATCH_VER_RES_EVT: 154 case EDL_APP_VER_RES_EVT: 155 ALOGI("\t Current Product ID\t\t: 0x%08x", 156 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 | 157 rsp[PATCH_PROD_ID_OFFSET+2] << 16 | 158 rsp[PATCH_PROD_ID_OFFSET+1] << 8 | 159 rsp[PATCH_PROD_ID_OFFSET] )); 160 161 /* Patch Version indicates FW patch version */ 162 ALOGI("\t Current Patch Version\t\t: 0x%04x", 163 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 | 164 rsp[PATCH_PATCH_VER_OFFSET] ))); 165 166 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */ 167 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver = 168 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 | 169 rsp[PATCH_ROM_BUILD_VER_OFFSET] )); 170 171 /* In case rome 1.0/1.1, there is no SOC ID version available */ 172 if (paramlen - 10) 173 { 174 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id = 175 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 | 176 rsp[PATCH_SOC_VER_OFFSET+2] << 16 | 177 rsp[PATCH_SOC_VER_OFFSET+1] << 8 | 178 rsp[PATCH_SOC_VER_OFFSET] )); 179 } 180 181 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) { 182 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid); 183 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion); 184 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", rome_ver); 185 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id); 186 fclose(btversionfile); 187 }else { 188 ALOGI("Failed to dump SOC version info. Errno:%d", errno); 189 } 190 191 /* Rome Chipset Version can be decided by Patch version and SOC version, 192 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be 193 used for SOC as combination for BT host driver */ 194 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff); 195 break; 196 case EDL_TVL_DNLD_RES_EVT: 197 case EDL_CMD_EXE_STATUS_EVT: 198 switch (err = rsp[CMD_STATUS_OFFSET]) 199 { 200 case HCI_CMD_SUCCESS: 201 ALOGI("%s: Download Packet successfully!", __FUNCTION__); 202 break; 203 case PATCH_LEN_ERROR: 204 ALOGI("%s: Invalid patch length argument passed for EDL PATCH " 205 "SET REQ cmd", __FUNCTION__); 206 break; 207 case PATCH_VER_ERROR: 208 ALOGI("%s: Invalid patch version argument passed for EDL PATCH " 209 "SET REQ cmd", __FUNCTION__); 210 break; 211 case PATCH_CRC_ERROR: 212 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__); 213 break; 214 case PATCH_NOT_FOUND: 215 ALOGI("%s: Invalid patch data!!!", __FUNCTION__); 216 break; 217 case TLV_TYPE_ERROR: 218 ALOGI("%s: TLV Type Error !!!", __FUNCTION__); 219 break; 220 default: 221 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err); 222 break; 223 } 224 break; 225 case HCI_VS_GET_BUILD_VER_EVT: 226 build_lbl_len = rsp[5]; 227 memcpy (build_label, &rsp[6], build_lbl_len); 228 *(build_label+build_lbl_len) = '\0'; 229 230 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len); 231 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) { 232 fprintf(btversionfile, "Bluetooth Contoller SU Build info : %s\n", build_label); 233 fclose(btversionfile); 234 } else { 235 ALOGI("Failed to dump FW SU build info. Errno:%d", errno); 236 } 237 break; 238 } 239 break; 240 241 case NVM_ACCESS_CODE: 242 ALOGI("%s: NVM Access Code!!!", __FUNCTION__); 243 err = HCI_CMD_SUCCESS; 244 break; 245 case EDL_SET_BAUDRATE_RSP_EVT: 246 /* Rome 1.1 has bug with the response, so it should ignore it. */ 247 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS) 248 { 249 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__, 250 rsp[CMD_STATUS_OFFSET]); 251 err = -1; 252 } 253 break; 254 case EDL_WIP_QUERY_CHARGING_STATUS_EVT: 255 /* Query charging command has below return values 256 0 - in embedded mode not charging 257 1 - in embedded mode and charging 258 2 - hadofff completed and in normal mode 259 3 - no wipower supported on mtp. so irrepective of charging 260 handoff command has to be sent if return values are 0 or 1. 261 These change include logic to enable generic BT turn on sequence.*/ 262 if (rsp[4] < EMBEDDED_MODE_CHECK) 263 { 264 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__); 265 wipower_handoff_ready = rsp[4]; 266 wipower_flag = 1; 267 } 268 break; 269 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT: 270 /*TODO: rsp code 00 mean no charging 271 this is going to change in FW soon*/ 272 if (rsp[4] == NON_WIPOWER_MODE) 273 { 274 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__); 275 } 276 break; 277 case HCI_VS_GET_ADDON_FEATURES_EVENT: 278 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK)) 279 { 280 ALOGD("%s: WiPower feature supported!!", __FUNCTION__); 281 property_set("persist.bluetooth.a4wp", "true"); 282 } 283 break; 284 case HCI_VS_STRAY_EVT: 285 /* WAR to handle stray Power Apply EVT during patch download */ 286 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__); 287 if (patch_dnld_pending && dnld_fd != -1) 288 { 289 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 290 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE); 291 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE); 292 } 293 else 294 { 295 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 296 err = -1; 297 } 298 break; 299 default: 300 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 301 err = -1; 302 break; 303 } 304 305 failed: 306 return err; 307 } 308 309 310 /* 311 * Read an VS HCI event from the given file descriptor. 312 */ 313 int read_vs_hci_event(int fd, unsigned char* buf, int size) 314 { 315 int remain, r; 316 int count = 0, i; 317 318 if (size <= 0) { 319 ALOGE("Invalid size arguement!"); 320 return -1; 321 } 322 323 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__); 324 325 /* The first byte identifies the packet type. For HCI event packets, it 326 * should be 0x04, so we read until we get to the 0x04. */ 327 /* It will keep reading until find 0x04 byte */ 328 while (1) { 329 r = read(fd, buf, 1); 330 if (r <= 0) 331 return -1; 332 if (buf[0] == 0x04) 333 break; 334 } 335 count++; 336 337 /* The next two bytes are the event code and parameter total length. */ 338 while (count < 3) { 339 r = read(fd, buf + count, 3 - count); 340 if ((r <= 0) || (buf[1] != 0xFF )) { 341 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]); 342 return -1; 343 } 344 count += r; 345 } 346 347 /* Now we read the parameters. */ 348 if (buf[2] < (size - 3)) 349 remain = buf[2]; 350 else 351 remain = size - 3; 352 353 while ((count - 3) < remain) { 354 r = read(fd, buf + count, remain - (count - 3)); 355 if (r <= 0) 356 return -1; 357 count += r; 358 } 359 360 /* Check if the set patch command is successful or not */ 361 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS) 362 return -1; 363 364 return count; 365 } 366 367 /* 368 * For Hand-Off related Wipower commands, Command complete arrives first and 369 * the followd with VS event 370 * 371 */ 372 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 373 { 374 int ret = 0; 375 int err = 0; 376 377 /* Send the HCI command packet to UART for transmission */ 378 ret = do_write(fd, cmd, size); 379 if (ret != size) { 380 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret); 381 goto failed; 382 } 383 384 /* Wait for command complete event */ 385 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 386 if ( err < 0) { 387 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__); 388 goto failed; 389 } 390 391 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__); 392 failed: 393 return ret; 394 } 395 396 397 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 398 { 399 int ret = 0; 400 401 /* Send the HCI command packet to UART for transmission */ 402 ret = do_write(fd, cmd, size); 403 if (ret != size) { 404 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 405 goto failed; 406 } 407 408 if (wait_vsc_evt) { 409 /* Check for response from the Controller */ 410 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 411 ret = -ETIMEDOUT; 412 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 413 goto failed; 414 } 415 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 416 } 417 418 failed: 419 return ret; 420 } 421 422 void frame_hci_cmd_pkt( 423 unsigned char *cmd, 424 int edl_cmd, unsigned int p_base_addr, 425 int segtNo, int size 426 ) 427 { 428 int offset = 0; 429 hci_command_hdr *cmd_hdr; 430 431 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 432 433 cmd_hdr = (void *) (cmd + 1); 434 435 cmd[0] = HCI_COMMAND_PKT; 436 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF); 437 cmd_hdr->plen = size; 438 cmd[4] = edl_cmd; 439 440 switch (edl_cmd) 441 { 442 case EDL_PATCH_SET_REQ_CMD: 443 /* Copy the patch header info as CMD params */ 444 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN); 445 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__); 446 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 447 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 448 break; 449 case EDL_PATCH_DLD_REQ_CMD: 450 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT); 451 p_base_addr += offset; 452 cmd_hdr->plen = (size + 6); 453 cmd[5] = (size + 4); 454 cmd[6] = EXTRACT_BYTE(p_base_addr, 0); 455 cmd[7] = EXTRACT_BYTE(p_base_addr, 1); 456 cmd[8] = EXTRACT_BYTE(p_base_addr, 2); 457 cmd[9] = EXTRACT_BYTE(p_base_addr, 3); 458 memcpy(&cmd[10], (pdata_buffer + offset), size); 459 460 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes", 461 __FUNCTION__, size); 462 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t" 463 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2], 464 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]); 465 break; 466 case EDL_PATCH_ATCH_REQ_CMD: 467 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__); 468 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 469 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 470 break; 471 case EDL_PATCH_RST_REQ_CMD: 472 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__); 473 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 474 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 475 break; 476 case EDL_PATCH_VER_REQ_CMD: 477 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__); 478 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 479 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 480 break; 481 case EDL_PATCH_TLV_REQ_CMD: 482 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__); 483 /* Parameter Total Length */ 484 cmd[3] = size +2; 485 486 /* TLV Segment Length */ 487 cmd[5] = size; 488 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 489 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]); 490 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT); 491 memcpy(&cmd[6], (pdata_buffer + offset), size); 492 break; 493 case EDL_GET_BUILD_INFO: 494 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__); 495 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 496 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 497 break; 498 default: 499 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__); 500 } 501 } 502 503 void rome_extract_patch_header_info(unsigned char *buf) 504 { 505 int index; 506 507 /* Extract patch id */ 508 for (index = 0; index < 4; index++) 509 rampatch_patch_info.patch_id |= 510 (LSH(buf[index + P_ID_OFFSET], (index * 8))); 511 512 /* Extract (ROM and BUILD) version information */ 513 for (index = 0; index < 2; index++) 514 rampatch_patch_info.patch_ver.rom_version |= 515 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8))); 516 517 for (index = 0; index < 2; index++) 518 rampatch_patch_info.patch_ver.build_version |= 519 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8))); 520 521 /* Extract patch base and entry addresses */ 522 for (index = 0; index < 4; index++) 523 rampatch_patch_info.patch_base_addr |= 524 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8))); 525 526 /* Patch BASE & ENTRY addresses are same */ 527 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr; 528 529 /* Extract total length of the patch payload */ 530 for (index = 0; index < 4; index++) 531 rampatch_patch_info.patch_length |= 532 (LSH(buf[index + P_LEN_OFFSET], (index * 8))); 533 534 /* Extract the CRC checksum of the patch payload */ 535 for (index = 0; index < 4; index++) 536 rampatch_patch_info.patch_crc |= 537 (LSH(buf[index + P_CRC_OFFSET], (index * 8))); 538 539 /* Extract patch control value */ 540 for (index = 0; index < 4; index++) 541 rampatch_patch_info.patch_ctrl |= 542 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8))); 543 544 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id); 545 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version); 546 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version); 547 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length); 548 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc); 549 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl); 550 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr); 551 552 } 553 554 int rome_edl_set_patch_request(int fd) 555 { 556 int size, err; 557 unsigned char cmd[HCI_MAX_CMD_SIZE]; 558 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 559 560 /* Frame the HCI CMD to be sent to the Controller */ 561 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0, 562 -1, PATCH_HDR_LEN + 1); 563 564 /* Total length of the packet to be sent to the Controller */ 565 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 566 567 /* Send HCI Command packet to Controller */ 568 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 569 if ( err != size) { 570 ALOGE("Failed to set the patch info to the Controller!"); 571 goto error; 572 } 573 574 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 575 if ( err < 0) { 576 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 577 goto error; 578 } 579 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__); 580 error: 581 return err; 582 } 583 584 int rome_edl_patch_download_request(int fd) 585 { 586 int no_of_patch_segment; 587 int index = 1, err = 0, size = 0; 588 unsigned int p_base_addr; 589 unsigned char cmd[HCI_MAX_CMD_SIZE]; 590 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 591 592 no_of_patch_segment = (rampatch_patch_info.patch_length / 593 MAX_DATA_PER_SEGMENT); 594 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x", 595 __FUNCTION__, no_of_patch_segment, 596 rampatch_patch_info.patch_base_addr); 597 598 /* Initialize the patch base address from the one read from bin file */ 599 p_base_addr = rampatch_patch_info.patch_base_addr; 600 601 /* 602 * Depending upon size of the patch payload, download the patches in 603 * segments with a max. size of 239 bytes 604 */ 605 for (index = 1; index <= no_of_patch_segment; index++) { 606 607 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index); 608 609 /* Frame the HCI CMD PKT to be sent to Controller*/ 610 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, 611 index, MAX_DATA_PER_SEGMENT); 612 613 /* Total length of the packet to be sent to the Controller */ 614 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 615 616 /* Initialize the RSP packet everytime to 0 */ 617 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 618 619 /* Send HCI Command packet to Controller */ 620 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 621 if ( err != size) { 622 ALOGE("Failed to send the patch payload to the Controller!"); 623 goto error; 624 } 625 626 /* Read Command Complete Event */ 627 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 628 if ( err < 0) { 629 ALOGE("%s: Failed to downlaod patch segment: %d!", 630 __FUNCTION__, index); 631 goto error; 632 } 633 ALOGI("%s: Successfully downloaded patch segment: %d", 634 __FUNCTION__, index); 635 } 636 637 /* Check if any pending patch data to be sent */ 638 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ? 639 rampatch_patch_info.patch_length : 640 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT); 641 642 if (size) 643 { 644 /* Frame the HCI CMD PKT to be sent to Controller*/ 645 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size); 646 647 /* Initialize the RSP packet everytime to 0 */ 648 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 649 650 /* Total length of the packet to be sent to the Controller */ 651 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 652 653 /* Send HCI Command packet to Controller */ 654 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 655 if ( err != size) { 656 ALOGE("Failed to send the patch payload to the Controller!"); 657 goto error; 658 } 659 660 /* Read Command Complete Event */ 661 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 662 if ( err < 0) { 663 ALOGE("%s: Failed to downlaod patch segment: %d!", 664 __FUNCTION__, index); 665 goto error; 666 } 667 668 ALOGI("%s: Successfully downloaded patch segment: %d", 669 __FUNCTION__, index); 670 } 671 672 error: 673 return err; 674 } 675 676 static int rome_download_rampatch(int fd) 677 { 678 int c, tmp, size, index, ret = -1; 679 680 ALOGI("%s: ", __FUNCTION__); 681 682 /* Get handle to the RAMPATCH binary file */ 683 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH); 684 file = fopen(ROME_FW_PATH, "r"); 685 if (file == NULL) { 686 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!", 687 __FUNCTION__); 688 return -ENFILE; 689 } 690 691 /* Allocate memory for the patch headder info */ 692 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__); 693 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1); 694 if (phdr_buffer == NULL) { 695 ALOGE("%s: Failed to allocate memory for patch header", 696 __FUNCTION__); 697 goto phdr_alloc_failed; 698 } 699 for (index = 0; index < PATCH_HDR_LEN + 1; index++) 700 phdr_buffer[index] = 0x0; 701 702 /* Read 28 bytes of patch header information */ 703 ALOGI("%s: Reading patch header info", __FUNCTION__); 704 index = 0; 705 do { 706 c = fgetc (file); 707 phdr_buffer[index++] = (unsigned char)c; 708 } while (index != PATCH_HDR_LEN); 709 710 /* Save the patch header info into local structure */ 711 ALOGI("%s: Saving patch hdr. info", __FUNCTION__); 712 rome_extract_patch_header_info((unsigned char *)phdr_buffer); 713 714 /* Set the patch header info onto the Controller */ 715 ret = rome_edl_set_patch_request(fd); 716 if (ret < 0) { 717 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__); 718 goto pdata_alloc_failed; 719 } 720 721 /* Allocate memory for the patch payload */ 722 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__); 723 size = rampatch_patch_info.patch_length; 724 pdata_buffer = (unsigned char *) malloc(size+1); 725 if (pdata_buffer == NULL) { 726 ALOGE("%s: Failed to allocate memory for patch payload", 727 __FUNCTION__); 728 goto pdata_alloc_failed; 729 } 730 for (index = 0; index < size+1; index++) 731 pdata_buffer[index] = 0x0; 732 733 /* Read the patch data from Rampatch binary image */ 734 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__); 735 index = 0; 736 do { 737 c = fgetc (file); 738 pdata_buffer[index++] = (unsigned char)c; 739 } while (c != EOF); 740 741 /* Downloading patches in segments to controller */ 742 ret = rome_edl_patch_download_request(fd); 743 if (ret < 0) { 744 ALOGE("%s: Error downloading patch segments!", __FUNCTION__); 745 goto cleanup; 746 } 747 cleanup: 748 free(pdata_buffer); 749 pdata_alloc_failed: 750 free(phdr_buffer); 751 phdr_alloc_failed: 752 fclose(file); 753 error: 754 return ret; 755 } 756 757 int rome_attach_rampatch(int fd) 758 { 759 int size, err; 760 unsigned char cmd[HCI_MAX_CMD_SIZE]; 761 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 762 763 /* Frame the HCI CMD to be sent to the Controller */ 764 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0, 765 -1, EDL_PATCH_CMD_LEN); 766 767 /* Total length of the packet to be sent to the Controller */ 768 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 769 770 /* Send HCI Command packet to Controller */ 771 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 772 if ( err != size) { 773 ALOGE("Failed to attach the patch payload to the Controller!"); 774 goto error; 775 } 776 777 /* Read Command Complete Event */ 778 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 779 if ( err < 0) { 780 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__); 781 goto error; 782 } 783 error: 784 return err; 785 } 786 787 int rome_rampatch_reset(int fd) 788 { 789 int size, err = 0, flags; 790 unsigned char cmd[HCI_MAX_CMD_SIZE]; 791 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */ 792 793 /* Frame the HCI CMD to be sent to the Controller */ 794 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0, 795 -1, EDL_PATCH_CMD_LEN); 796 797 /* Total length of the packet to be sent to the Controller */ 798 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 799 800 /* Send HCI Command packet to Controller */ 801 err = do_write(fd, cmd, size); 802 if (err != size) { 803 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 804 goto error; 805 } 806 807 /* 808 * Controller doesn't sends any response for the patch reset 809 * command. HOST has to wait for 100ms before proceeding. 810 */ 811 nanosleep(&tm, NULL); 812 813 error: 814 return err; 815 } 816 817 int rome_get_tlv_file(char *file_path) 818 { 819 FILE * pFile; 820 long fileSize; 821 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i; 822 unsigned short nvm_tag_len; 823 tlv_patch_info *ptlv_header; 824 tlv_nvm_hdr *nvm_ptr; 825 unsigned char data_buf[PRINT_BUF_SIZE]={0,}; 826 unsigned char *nvm_byte_ptr; 827 828 ALOGI("File Open (%s)", file_path); 829 pFile = fopen ( file_path , "r" ); 830 if (pFile==NULL) {; 831 ALOGE("%s File Open Fail", file_path); 832 return -1; 833 } 834 835 /* Get File Size */ 836 fseek (pFile , 0 , SEEK_END); 837 fileSize = ftell (pFile); 838 rewind (pFile); 839 840 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize); 841 if (pdata_buffer == NULL) { 842 ALOGE("Allocated Memory failed"); 843 fclose (pFile); 844 return -1; 845 } 846 847 /* Copy file into allocated buffer */ 848 readSize = fread (pdata_buffer,1,fileSize,pFile); 849 850 /* File Close */ 851 fclose (pFile); 852 853 if (readSize != fileSize) { 854 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize); 855 return -1; 856 } 857 858 ptlv_header = (tlv_patch_info *) pdata_buffer; 859 860 /* To handle different event between rampatch and NVM */ 861 gTlv_type = ptlv_header->tlv_type; 862 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg; 863 864 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){ 865 ALOGI("===================================================="); 866 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 867 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) | 868 (ptlv_header->tlv_length2 << 8) | 869 (ptlv_header->tlv_length3 << 16)); 870 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len); 871 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len); 872 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver); 873 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm); 874 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg); 875 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1); 876 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id); 877 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver); 878 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver); 879 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2); 880 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr)); 881 ALOGI("===================================================="); 882 883 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) { 884 ALOGI("===================================================="); 885 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 886 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) | 887 (ptlv_header->tlv_length2 << 8) | 888 (ptlv_header->tlv_length3 << 16)); 889 890 if(nvm_length <= 0) 891 return readSize; 892 893 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0; 894 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr) 895 { 896 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id); 897 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len); 898 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr); 899 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag); 900 901 /* Increase nvm_index to NVM data */ 902 nvm_index+=sizeof(tlv_nvm_hdr); 903 nvm_byte_ptr+=sizeof(tlv_nvm_hdr); 904 905 /* Write BD Address */ 906 if(nvm_ptr->tag_id == TAG_NUM_2){ 907 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6); 908 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x", 909 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2), 910 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5)); 911 } 912 913 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++) 914 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i)); 915 916 ALOGI("TAG Data\t\t\t : %s", data_buf); 917 918 /* Clear buffer */ 919 memset(data_buf, 0x0, PRINT_BUF_SIZE); 920 921 /* increased by tag_len */ 922 nvm_index+=nvm_ptr->tag_len; 923 nvm_byte_ptr +=nvm_ptr->tag_len; 924 } 925 926 ALOGI("===================================================="); 927 928 } else { 929 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type); 930 } 931 932 return readSize; 933 } 934 935 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt) 936 { 937 int size=0, err = -1; 938 unsigned char cmd[HCI_MAX_CMD_SIZE]; 939 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 940 941 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size); 942 943 /* Frame the HCI CMD PKT to be sent to Controller*/ 944 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size); 945 946 /* Total length of the packet to be sent to the Controller */ 947 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 948 949 /* Initialize the RSP packet everytime to 0 */ 950 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 951 952 /* Send HCI Command packet to Controller */ 953 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 954 if ( err != size) { 955 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err); 956 return err; 957 } 958 959 if(wait_cc_evt) { 960 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 961 if ( err < 0) { 962 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index); 963 return err; 964 } 965 } 966 967 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index); 968 return err; 969 } 970 971 int rome_tlv_dnld_req(int fd, int tlv_size) 972 { 973 int total_segment, remain_size, i, err = -1; 974 unsigned char wait_cc_evt; 975 976 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT; 977 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\ 978 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT); 979 980 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d", 981 __FUNCTION__,tlv_size, total_segment, remain_size); 982 983 if (gTlv_type == TLV_TYPE_PATCH) { 984 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event 985 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the 986 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now 987 */ 988 switch(gTlv_dwndCfg) 989 { 990 case ROME_SKIP_EVT_NONE: 991 wait_vsc_evt = TRUE; 992 wait_cc_evt = TRUE; 993 ALOGI("Event handling type: ROME_SKIP_EVT_NONE"); 994 break; 995 case ROME_SKIP_EVT_VSE_CC: 996 wait_vsc_evt = FALSE; 997 wait_cc_evt = FALSE; 998 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC"); 999 break; 1000 /* Not handled for now */ 1001 case ROME_SKIP_EVT_VSE: 1002 case ROME_SKIP_EVT_CC: 1003 default: 1004 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg); 1005 break; 1006 } 1007 } else { 1008 wait_vsc_evt = TRUE; 1009 wait_cc_evt = TRUE; 1010 } 1011 1012 for(i=0;i<total_segment ;i++){ 1013 if ((i+1) == total_segment) { 1014 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1015 /* If the Rome version is from 1.1 to 3.1 1016 * 1. No CCE for the last command segment but all other segment 1017 * 2. All the command segments get VSE including the last one 1018 */ 1019 wait_cc_evt = !remain_size ? FALSE: TRUE; 1020 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1021 /* If the Rome version is 3.2 1022 * 1. None of the command segments receive CCE 1023 * 2. No command segments receive VSE except the last one 1024 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1025 * same as Rome 2.1, 2.2, 3.0 1026 */ 1027 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1028 wait_cc_evt = !remain_size ? FALSE: TRUE; 1029 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1030 wait_vsc_evt = !remain_size ? TRUE: FALSE; 1031 } 1032 } 1033 } 1034 1035 patch_dnld_pending = TRUE; 1036 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0) 1037 goto error; 1038 patch_dnld_pending = FALSE; 1039 } 1040 1041 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1042 /* If the Rome version is from 1.1 to 3.1 1043 * 1. No CCE for the last command segment but all other segment 1044 * 2. All the command segments get VSE including the last one 1045 */ 1046 wait_cc_evt = remain_size ? FALSE: TRUE; 1047 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1048 /* If the Rome version is 3.2 1049 * 1. None of the command segments receive CCE 1050 * 2. No command segments receive VSE except the last one 1051 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1052 * same as Rome 2.1, 2.2, 3.0 1053 */ 1054 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1055 wait_cc_evt = remain_size ? FALSE: TRUE; 1056 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1057 wait_vsc_evt = remain_size ? TRUE: FALSE; 1058 } 1059 } 1060 patch_dnld_pending = TRUE; 1061 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt); 1062 patch_dnld_pending = FALSE; 1063 error: 1064 if(patch_dnld_pending) patch_dnld_pending = FALSE; 1065 return err; 1066 } 1067 1068 int rome_download_tlv_file(int fd) 1069 { 1070 int tlv_size, err = -1; 1071 1072 /* Rampatch TLV file Downloading */ 1073 pdata_buffer = NULL; 1074 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0) 1075 goto error; 1076 1077 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1078 goto error; 1079 1080 if (pdata_buffer != NULL){ 1081 free (pdata_buffer); 1082 pdata_buffer = NULL; 1083 } 1084 /* NVM TLV file Downloading */ 1085 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0) 1086 goto error; 1087 1088 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1089 goto error; 1090 1091 error: 1092 if (pdata_buffer != NULL) 1093 free (pdata_buffer); 1094 1095 return err; 1096 } 1097 1098 int rome_1_0_nvm_tag_dnld(int fd) 1099 { 1100 int i, size, err = 0; 1101 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1102 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1103 1104 #if (NVM_VERSION >= ROME_1_0_100019) 1105 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1106 { 1107 /* Tag 2 */ /* BD Address */ 1108 { /* Packet Type */HCI_COMMAND_PKT, 1109 /* Opcode */ 0x0b,0xfc, 1110 /* Total Len */ 9, 1111 /* NVM CMD */ NVM_ACCESS_SET, 1112 /* Tag Num */ 2, 1113 /* Tag Len */ 6, 1114 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 1115 }, 1116 /* Tag 6 */ /* Bluetooth Support Features */ 1117 { /* Packet Type */HCI_COMMAND_PKT, 1118 /* Opcode */ 0x0b,0xfc, 1119 /* Total Len */ 11, 1120 /* NVM CMD */ NVM_ACCESS_SET, 1121 /* Tag Num */ 6, 1122 /* Tag Len */ 8, 1123 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1124 }, 1125 /* Tag 17 */ /* HCI Transport Layer Setting */ 1126 { /* Packet Type */HCI_COMMAND_PKT, 1127 /* Opcode */ 0x0b,0xfc, 1128 /* Total Len */ 11, 1129 /* NVM CMD */ NVM_ACCESS_SET, 1130 /* Tag Num */ 17, 1131 /* Tag Len */ 8, 1132 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1133 }, 1134 /* Tag 35 */ 1135 { /* Packet Type */HCI_COMMAND_PKT, 1136 /* Opcode */ 0x0b,0xfc, 1137 /* Total Len */ 58, 1138 /* NVM CMD */ NVM_ACCESS_SET, 1139 /* Tag Num */ 35, 1140 /* Tag Len */ 55, 1141 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59, 1142 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1143 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1144 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1145 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1146 0x1B, 0x14, 0x01, 0x04, 0x48 1147 }, 1148 /* Tag 36 */ 1149 { /* Packet Type */HCI_COMMAND_PKT, 1150 /* Opcode */ 0x0b,0xfc, 1151 /* Total Len */ 15, 1152 /* NVM CMD */ NVM_ACCESS_SET, 1153 /* Tag Num */ 36, 1154 /* Tag Len */ 12, 1155 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1156 }, 1157 /* Tag 39 */ 1158 { /* Packet Type */HCI_COMMAND_PKT, 1159 /* Opcode */ 0x0b,0xfc, 1160 /* Total Len */ 7, 1161 /* NVM CMD */ NVM_ACCESS_SET, 1162 /* Tag Num */ 39, 1163 /* Tag Len */ 4, 1164 /* Tag Value */ 0x12,0x00,0x00,0x00 1165 }, 1166 /* Tag 41 */ 1167 { /* Packet Type */HCI_COMMAND_PKT, 1168 /* Opcode */ 0x0b,0xfc, 1169 /* Total Len */ 91, 1170 /* NVM CMD */ NVM_ACCESS_SET, 1171 /* Tag Num */ 41, 1172 /* Tag Len */ 88, 1173 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00, 1174 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00, 1175 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00, 1176 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00, 1177 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01, 1178 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00, 1179 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01, 1180 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00, 1181 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00 1182 }, 1183 /* Tag 42 */ 1184 { /* Packet Type */HCI_COMMAND_PKT, 1185 /* Opcode */ 0x0b,0xfc, 1186 /* Total Len */ 63, 1187 /* NVM CMD */ NVM_ACCESS_SET, 1188 /* Tag Num */ 42, 1189 /* Tag Len */ 60, 1190 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47, 1191 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01, 1192 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01, 1193 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A, 1194 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00, 1195 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01 1196 }, 1197 /* Tag 84 */ 1198 { /* Packet Type */HCI_COMMAND_PKT, 1199 /* Opcode */ 0x0b,0xfc, 1200 /* Total Len */ 153, 1201 /* NVM CMD */ NVM_ACCESS_SET, 1202 /* Tag Num */ 84, 1203 /* Tag Len */ 150, 1204 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28, 1205 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28, 1206 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28, 1207 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18, 1208 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 1209 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13, 1210 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12, 1211 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01, 1212 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D, 1213 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D, 1214 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00, 1215 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40, 1216 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00, 1217 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00, 1218 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D 1219 }, 1220 /* Tag 85 */ 1221 { /* Packet Type */HCI_COMMAND_PKT, 1222 /* Opcode */ 0x0b,0xfc, 1223 /* Total Len */ 119, 1224 /* NVM CMD */ NVM_ACCESS_SET, 1225 /* Tag Num */ 85, 1226 /* Tag Len */ 116, 1227 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59, 1228 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E, 1229 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02, 1230 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02, 1231 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00, 1232 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F, 1233 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C, 1234 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 1235 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00, 1236 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00, 1237 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00, 1238 0x12, 0x04, 0x04, 0x01, 0x04, 0x03 1239 }, 1240 {TAG_END} 1241 }; 1242 #elif (NVM_VERSION == ROME_1_0_6002) 1243 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1244 { 1245 /* Tag 2 */ 1246 { /* Packet Type */HCI_COMMAND_PKT, 1247 /* Opcode */ 0x0b,0xfc, 1248 /* Total Len */ 9, 1249 /* NVM CMD */ NVM_ACCESS_SET, 1250 /* Tag Num */ 2, 1251 /* Tag Len */ 6, 1252 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */ 1253 }, 1254 /* Tag 6 */ 1255 { /* Packet Type */HCI_COMMAND_PKT, 1256 /* Opcode */ 0x0b,0xfc, 1257 /* Total Len */ 11, 1258 /* NVM CMD */ NVM_ACCESS_SET, 1259 /* Tag Num */ 6, 1260 /* Tag Len */ 8, 1261 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1262 }, 1263 /* Tag 17 */ 1264 { /* Packet Type */HCI_COMMAND_PKT, 1265 /* Opcode */ 0x0b,0xfc, 1266 /* Total Len */ 11, 1267 /* NVM CMD */ NVM_ACCESS_SET, 1268 /* Tag Num */ 17, 1269 /* Tag Len */ 8, 1270 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1271 }, 1272 /* Tag 36 */ 1273 { /* Packet Type */HCI_COMMAND_PKT, 1274 /* Opcode */ 0x0b,0xfc, 1275 /* Total Len */ 15, 1276 /* NVM CMD */ NVM_ACCESS_SET, 1277 /* Tag Num */ 36, 1278 /* Tag Len */ 12, 1279 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1280 }, 1281 1282 /* Tag 39 */ 1283 { /* Packet Type */HCI_COMMAND_PKT, 1284 /* Opcode */ 0x0b,0xfc, 1285 /* Total Len */ 7, 1286 /* NVM CMD */ NVM_ACCESS_SET, 1287 /* Tag Num */ 39, 1288 /* Tag Len */ 4, 1289 /* Tag Value */ 0x12,0x00,0x00,0x00 1290 }, 1291 1292 /* Tag 41 */ 1293 { /* Packet Type */HCI_COMMAND_PKT, 1294 /* Opcode */ 0x0b,0xfc, 1295 /* Total Len */ 199, 1296 /* NVM CMD */ NVM_ACCESS_SET, 1297 /* Tag Num */ 41, 1298 /* Tag Len */ 196, 1299 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00, 1300 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00, 1301 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00, 1302 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00, 1303 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00, 1304 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00, 1305 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00, 1306 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00, 1307 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00, 1308 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00, 1309 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00, 1310 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00, 1311 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00, 1312 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00, 1313 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00, 1314 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00, 1315 0x0B,0x01,0x03,0x00 1316 }, 1317 1318 /* Tag 44 */ 1319 { /* Packet Type */HCI_COMMAND_PKT, 1320 /* Opcode */ 0x0b,0xfc, 1321 /* Total Len */ 44, 1322 /* NVM CMD */ NVM_ACCESS_SET, 1323 /* Tag Num */ 44, 1324 /* Tag Len */ 41, 1325 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02, 1326 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01, 1327 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01, 1328 0x00,0x14,0x01,0x02,0x03 1329 }, 1330 {TAG_END} 1331 }; 1332 #endif 1333 1334 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION); 1335 1336 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++) 1337 { 1338 /* Write BD Address */ 1339 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){ 1340 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6); 1341 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", 1342 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1], 1343 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3], 1344 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]); 1345 } 1346 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1; 1347 /* Send HCI Command packet to Controller */ 1348 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size); 1349 if ( err != size) { 1350 ALOGE("Failed to attach the patch payload to the Controller!"); 1351 goto error; 1352 } 1353 1354 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1355 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1356 if ( err < 0) { 1357 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1358 goto error; 1359 } 1360 } 1361 1362 error: 1363 return err; 1364 } 1365 1366 1367 1368 int rome_patch_ver_req(int fd) 1369 { 1370 int size, err = 0; 1371 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1372 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1373 1374 /* Frame the HCI CMD to be sent to the Controller */ 1375 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0, 1376 -1, EDL_PATCH_CMD_LEN); 1377 1378 /* Total length of the packet to be sent to the Controller */ 1379 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1380 1381 /* Send HCI Command packet to Controller */ 1382 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1383 if ( err != size) { 1384 ALOGE("Failed to attach the patch payload to the Controller!"); 1385 goto error; 1386 } 1387 1388 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1389 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1390 if ( err < 0) { 1391 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1392 goto error; 1393 } 1394 error: 1395 return err; 1396 1397 } 1398 1399 int rome_get_build_info_req(int fd) 1400 { 1401 int size, err = 0; 1402 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1403 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1404 1405 /* Frame the HCI CMD to be sent to the Controller */ 1406 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0, 1407 -1, EDL_PATCH_CMD_LEN); 1408 1409 /* Total length of the packet to be sent to the Controller */ 1410 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1411 1412 /* Send HCI Command packet to Controller */ 1413 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1414 if ( err != size) { 1415 ALOGE("Failed to send get build info cmd to the SoC!"); 1416 goto error; 1417 } 1418 1419 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1420 if ( err < 0) { 1421 ALOGE("%s: Failed to get build info", __FUNCTION__); 1422 goto error; 1423 } 1424 error: 1425 return err; 1426 1427 } 1428 1429 1430 int rome_set_baudrate_req(int fd) 1431 { 1432 int size, err = 0; 1433 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1434 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1435 hci_command_hdr *cmd_hdr; 1436 int flags; 1437 1438 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1439 1440 cmd_hdr = (void *) (cmd + 1); 1441 cmd[0] = HCI_COMMAND_PKT; 1442 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF); 1443 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN; 1444 cmd[4] = BAUDRATE_3000000; 1445 1446 /* Total length of the packet to be sent to the Controller */ 1447 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN); 1448 tcflush(fd,TCIOFLUSH); 1449 /* Flow off during baudrate change */ 1450 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1451 { 1452 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1453 goto error; 1454 } 1455 1456 /* Send the HCI command packet to UART for transmission */ 1457 err = do_write(fd, cmd, size); 1458 if (err != size) { 1459 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1460 goto error; 1461 } 1462 1463 /* Change Local UART baudrate to high speed UART */ 1464 userial_vendor_set_baud(USERIAL_BAUD_3M); 1465 1466 /* Flow on after changing local uart baudrate */ 1467 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1468 { 1469 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1470 return err; 1471 } 1472 1473 /* Check for response from the Controller */ 1474 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) { 1475 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 1476 goto error; 1477 } 1478 1479 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 1480 1481 /* Wait for command complete event */ 1482 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1483 if ( err < 0) { 1484 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1485 goto error; 1486 } 1487 1488 error: 1489 return err; 1490 1491 } 1492 1493 1494 int rome_hci_reset_req(int fd) 1495 { 1496 int size, err = 0; 1497 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1498 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1499 hci_command_hdr *cmd_hdr; 1500 int flags; 1501 1502 ALOGI("%s: HCI RESET ", __FUNCTION__); 1503 1504 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1505 1506 cmd_hdr = (void *) (cmd + 1); 1507 cmd[0] = HCI_COMMAND_PKT; 1508 cmd_hdr->opcode = HCI_RESET; 1509 cmd_hdr->plen = 0; 1510 1511 /* Total length of the packet to be sent to the Controller */ 1512 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1513 1514 /* Flow off during baudrate change */ 1515 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1516 { 1517 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1518 goto error; 1519 } 1520 1521 /* Send the HCI command packet to UART for transmission */ 1522 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]); 1523 err = do_write(fd, cmd, size); 1524 if (err != size) { 1525 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1526 goto error; 1527 } 1528 1529 /* Change Local UART baudrate to high speed UART */ 1530 userial_vendor_set_baud(USERIAL_BAUD_3M); 1531 1532 /* Flow on after changing local uart baudrate */ 1533 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1534 { 1535 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1536 return err; 1537 } 1538 1539 /* Wait for command complete event */ 1540 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1541 if ( err < 0) { 1542 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1543 goto error; 1544 } 1545 1546 error: 1547 return err; 1548 1549 } 1550 1551 1552 int rome_hci_reset(int fd) 1553 { 1554 int size, err = 0; 1555 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1556 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1557 hci_command_hdr *cmd_hdr; 1558 int flags; 1559 1560 ALOGI("%s: HCI RESET ", __FUNCTION__); 1561 1562 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1563 1564 cmd_hdr = (void *) (cmd + 1); 1565 cmd[0] = HCI_COMMAND_PKT; 1566 cmd_hdr->opcode = HCI_RESET; 1567 cmd_hdr->plen = 0; 1568 1569 /* Total length of the packet to be sent to the Controller */ 1570 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1571 err = do_write(fd, cmd, size); 1572 if (err != size) { 1573 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1574 err = -1; 1575 goto error; 1576 } 1577 1578 /* Wait for command complete event */ 1579 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1580 if ( err < 0) { 1581 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1582 goto error; 1583 } 1584 1585 error: 1586 return err; 1587 1588 } 1589 1590 int rome_wipower_current_charging_status_req(int fd) 1591 { 1592 int size, err = 0; 1593 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1594 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1595 hci_command_hdr *cmd_hdr; 1596 int flags; 1597 1598 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1599 1600 cmd_hdr = (void *) (cmd + 1); 1601 cmd[0] = HCI_COMMAND_PKT; 1602 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1603 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN; 1604 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD; 1605 1606 /* Total length of the packet to be sent to the Controller */ 1607 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN); 1608 1609 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__); 1610 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1611 1612 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1613 if ( err != size) { 1614 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!"); 1615 goto error; 1616 } 1617 1618 /* Check for response from the Controller */ 1619 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1620 err = -ETIMEDOUT; 1621 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1622 goto error; 1623 } 1624 1625 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1626 if (rsp[4] >= NON_WIPOWER_MODE) { 1627 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1628 if (err < 0) { 1629 ALOGE("%s: Failed to get charging status", __FUNCTION__); 1630 goto error; 1631 } 1632 } 1633 1634 error: 1635 return err; 1636 } 1637 1638 int addon_feature_req(int fd) 1639 { 1640 int size, err = 0; 1641 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1642 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1643 hci_command_hdr *cmd_hdr; 1644 int flags; 1645 1646 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1647 1648 cmd_hdr = (void *) (cmd + 1); 1649 cmd[0] = HCI_COMMAND_PKT; 1650 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT); 1651 cmd_hdr->plen = 0x00; 1652 1653 /* Total length of the packet to be sent to the Controller */ 1654 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1655 1656 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__); 1657 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]); 1658 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1659 if ( err != size) { 1660 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!"); 1661 goto error; 1662 } 1663 1664 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1665 if (err < 0) { 1666 ALOGE("%s: Failed to get feature request", __FUNCTION__); 1667 goto error; 1668 } 1669 error: 1670 return err; 1671 } 1672 1673 1674 int check_embedded_mode(int fd) { 1675 int err = 0; 1676 1677 wipower_flag = 0; 1678 /* Get current wipower charging status */ 1679 if ((err = rome_wipower_current_charging_status_req(fd)) < 0) 1680 { 1681 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err); 1682 } 1683 usleep(500); 1684 1685 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag); 1686 1687 return wipower_flag; 1688 } 1689 1690 int rome_get_addon_feature_list(fd) { 1691 int err = 0; 1692 1693 /* Get addon features that are supported by FW */ 1694 if ((err = addon_feature_req(fd)) < 0) 1695 { 1696 ALOGE("%s: failed (0x%x)", __FUNCTION__, err); 1697 } 1698 return err; 1699 } 1700 1701 int rome_wipower_forward_handoff_req(int fd) 1702 { 1703 int size, err = 0; 1704 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1705 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1706 hci_command_hdr *cmd_hdr; 1707 int flags; 1708 1709 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1710 1711 cmd_hdr = (void *) (cmd + 1); 1712 cmd[0] = HCI_COMMAND_PKT; 1713 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1714 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN; 1715 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD; 1716 1717 /* Total length of the packet to be sent to the Controller */ 1718 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN); 1719 1720 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__); 1721 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1722 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1723 if ( err != size) { 1724 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!"); 1725 goto error; 1726 } 1727 1728 /* Check for response from the Controller */ 1729 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1730 err = -ETIMEDOUT; 1731 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1732 goto error; 1733 } 1734 1735 error: 1736 return err; 1737 } 1738 1739 1740 void enable_controller_log (int fd, unsigned char wait_for_evt) 1741 { 1742 int ret = 0; 1743 /* VS command to enable controller logging to the HOST. By default it is disabled */ 1744 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00}; 1745 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1746 char value[PROPERTY_VALUE_MAX] = {'\0'}; 1747 1748 property_get("persist.service.bdroid.soclog", value, "false"); 1749 1750 // value at cmd[5]: 1 - to enable, 0 - to disable 1751 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0; 1752 ALOGI("%s: %d", __func__, ret); 1753 /* Ignore vsc evt if wait_for_evt is true */ 1754 if (wait_for_evt) wait_vsc_evt = FALSE; 1755 1756 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6); 1757 if (ret != 6) { 1758 ALOGE("%s: command failed", __func__); 1759 } 1760 /*Ignore hci_event if wait_for_evt is true*/ 1761 if (wait_for_evt) 1762 goto end; 1763 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1764 if (ret < 0) { 1765 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__); 1766 } 1767 end: 1768 wait_vsc_evt = TRUE; 1769 return; 1770 } 1771 1772 1773 static int disable_internal_ldo(int fd) 1774 { 1775 int ret = 0; 1776 if (enable_extldo) { 1777 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32}; 1778 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1779 1780 ALOGI(" %s ", __FUNCTION__); 1781 ret = do_write(fd, cmd, 5); 1782 if (ret != 5) { 1783 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 1784 ret = -1; 1785 } else { 1786 /* Wait for command complete event */ 1787 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1788 if ( ret < 0) { 1789 ALOGE("%s: Failed to get response from controller", __FUNCTION__); 1790 } 1791 } 1792 } 1793 return ret; 1794 } 1795 1796 int rome_soc_init(int fd, char *bdaddr) 1797 { 1798 int err = -1, size = 0; 1799 dnld_fd = fd; 1800 ALOGI(" %s ", __FUNCTION__); 1801 1802 /* If wipower charging is going on in embedded mode then start hand off req */ 1803 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE) 1804 { 1805 wipower_flag = 0; 1806 wipower_handoff_ready = 0; 1807 if ((err = rome_wipower_forward_handoff_req(fd)) < 0) 1808 { 1809 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err); 1810 } 1811 } 1812 1813 /* Get Rome version information */ 1814 if((err = rome_patch_ver_req(fd)) <0){ 1815 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err); 1816 goto error; 1817 } 1818 1819 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver); 1820 1821 switch (rome_ver){ 1822 case ROME_VER_1_0: 1823 { 1824 /* Set and Download the RAMPATCH */ 1825 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__); 1826 err = rome_download_rampatch(fd); 1827 if (err < 0) { 1828 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__); 1829 goto error; 1830 } 1831 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__); 1832 1833 /* Attach the RAMPATCH */ 1834 ALOGI("%s: Attaching the patches", __FUNCTION__); 1835 err = rome_attach_rampatch(fd); 1836 if (err < 0) { 1837 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__); 1838 goto error; 1839 } 1840 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__); 1841 1842 /* Send Reset */ 1843 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1844 err = rome_rampatch_reset(fd); 1845 if ( err < 0 ) { 1846 ALOGE("Failed to RESET after RAMPATCH upgrade!"); 1847 goto error; 1848 } 1849 1850 /* NVM download */ 1851 ALOGI("%s: Downloading NVM", __FUNCTION__); 1852 err = rome_1_0_nvm_tag_dnld(fd); 1853 if ( err <0 ) { 1854 ALOGE("Downloading NVM Failed !!"); 1855 goto error; 1856 } 1857 1858 /* Change baud rate 115.2 kbps to 3Mbps*/ 1859 err = rome_hci_reset_req(fd); 1860 if (err < 0) { 1861 ALOGE("HCI Reset Failed !!"); 1862 goto error; 1863 } 1864 1865 ALOGI("HCI Reset is done\n"); 1866 } 1867 break; 1868 case ROME_VER_1_1: 1869 rampatch_file_path = ROME_RAMPATCH_TLV_PATH; 1870 nvm_file_path = ROME_NVM_TLV_PATH; 1871 goto download; 1872 case ROME_VER_1_3: 1873 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH; 1874 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH; 1875 goto download; 1876 case ROME_VER_2_1: 1877 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH; 1878 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH; 1879 goto download; 1880 case ROME_VER_3_0: 1881 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH; 1882 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH; 1883 fw_su_info = ROME_3_1_FW_SU; 1884 fw_su_offset = ROME_3_1_FW_SW_OFFSET; 1885 goto download; 1886 case ROME_VER_3_2: 1887 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH; 1888 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH; 1889 fw_su_info = ROME_3_2_FW_SU; 1890 fw_su_offset = ROME_3_2_FW_SW_OFFSET; 1891 1892 download: 1893 /* Change baud rate 115.2 kbps to 3Mbps*/ 1894 err = rome_set_baudrate_req(fd); 1895 if (err < 0) { 1896 ALOGE("%s: Baud rate change failed!", __FUNCTION__); 1897 goto error; 1898 } 1899 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__); 1900 /* Donwload TLV files (rampatch, NVM) */ 1901 err = rome_download_tlv_file(fd); 1902 if (err < 0) { 1903 ALOGE("%s: Download TLV file failed!", __FUNCTION__); 1904 goto error; 1905 } 1906 ALOGI("%s: Download TLV file successfully ", __FUNCTION__); 1907 1908 /* Get SU FM label information */ 1909 if((err = rome_get_build_info_req(fd)) <0){ 1910 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err); 1911 //Ignore the failure of ROME FW SU label information 1912 err = 0; 1913 } 1914 1915 /* Disable internal LDO to use external LDO instead*/ 1916 err = disable_internal_ldo(fd); 1917 1918 /* Send HCI Reset */ 1919 err = rome_hci_reset(fd); 1920 if ( err <0 ) { 1921 ALOGE("HCI Reset Failed !!"); 1922 goto error; 1923 } 1924 1925 ALOGI("HCI Reset is done\n"); 1926 1927 break; 1928 case ROME_VER_UNKNOWN: 1929 default: 1930 ALOGI("%s: Detected unknown ROME version", __FUNCTION__); 1931 err = -1; 1932 break; 1933 } 1934 1935 error: 1936 dnld_fd = -1; 1937 return err; 1938 } 1939
