1 /* 2 * 3 * Copyright (c) 2013, The Linux Foundation. All rights reserved. 4 * Not a Contribution. 5 * 6 * Copyright 2012 The Android Open Source Project 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you 9 * may not use this file except in compliance with the License. You may 10 * obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * permissions and limitations under the License. 19 * 20 */ 21 22 /****************************************************************************** 23 * 24 * Filename: hw_rome.c 25 * 26 * Description: Contains controller-specific functions, like 27 * firmware patch download 28 * low power mode operations 29 * 30 ******************************************************************************/ 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #define LOG_TAG "bt_vendor" 36 37 #include <sys/socket.h> 38 #include <utils/Log.h> 39 #include <sys/types.h> 40 #include <sys/stat.h> 41 #include <signal.h> 42 #include <time.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <dirent.h> 46 #include <ctype.h> 47 #include <cutils/properties.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <termios.h> 51 #include <stdbool.h> 52 53 #include "bt_hci_bdroid.h" 54 #include "bt_vendor_qcom.h" 55 #include "hci_uart.h" 56 #include "hw_rome.h" 57 58 #define BT_VERSION_FILEPATH "/data/misc/bluedroid/bt_fw_version.txt" 59 60 #ifdef __cplusplus 61 } 62 #endif 63 64 /****************************************************************************** 65 ** Variables 66 ******************************************************************************/ 67 FILE *file; 68 unsigned char *phdr_buffer; 69 unsigned char *pdata_buffer = NULL; 70 patch_info rampatch_patch_info; 71 int rome_ver = ROME_VER_UNKNOWN; 72 unsigned char gTlv_type; 73 unsigned char gTlv_dwndCfg; 74 static unsigned int wipower_flag = 0; 75 static unsigned int wipower_handoff_ready = 0; 76 char *rampatch_file_path; 77 char *nvm_file_path; 78 char *fw_su_info = NULL; 79 unsigned short fw_su_offset =0; 80 extern char enable_extldo; 81 unsigned char wait_vsc_evt = TRUE; 82 83 /****************************************************************************** 84 ** Extern variables 85 ******************************************************************************/ 86 extern uint8_t vnd_local_bd_addr[6]; 87 88 /***************************************************************************** 89 ** Functions 90 *****************************************************************************/ 91 int do_write(int fd, unsigned char *buf,int len) 92 { 93 int ret = 0; 94 int write_offset = 0; 95 int write_len = len; 96 do { 97 ret = write(fd,buf+write_offset,write_len); 98 if (ret < 0) 99 { 100 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno)); 101 return -1; 102 } else if (ret == 0) { 103 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno)); 104 return 0; 105 } else { 106 if (ret < write_len) { 107 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret, 108 strerror(errno)); 109 write_len = write_len - ret; 110 write_offset = ret; 111 } else { 112 ALOGV("Write successful"); 113 break; 114 } 115 } 116 } while(1); 117 return len; 118 } 119 120 int get_vs_hci_event(unsigned char *rsp) 121 { 122 int err = 0; 123 unsigned char paramlen = 0; 124 unsigned char EMBEDDED_MODE_CHECK = 0x02; 125 FILE *btversionfile = 0; 126 unsigned int soc_id = 0; 127 unsigned int productid = 0; 128 unsigned short patchversion = 0; 129 char build_label[255]; 130 int build_lbl_len; 131 132 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE)) 133 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__); 134 else { 135 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__); 136 err = -EIO; 137 goto failed; 138 } 139 140 ALOGI("%s: length 0x%x resp 0x%x type 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN], 141 rsp[CMD_RSP_OFFSET], rsp[RSP_TYPE_OFFSET]); 142 143 /* Check the status of the operation */ 144 switch ( rsp[CMD_RSP_OFFSET] ) 145 { 146 case EDL_CMD_REQ_RES_EVT: 147 ALOGV("%s: Command Request Response", __FUNCTION__); 148 switch(rsp[RSP_TYPE_OFFSET]) 149 { 150 case EDL_PATCH_VER_RES_EVT: 151 case EDL_APP_VER_RES_EVT: 152 ALOGI("\t Current Product ID\t\t: 0x%08x", 153 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 | 154 rsp[PATCH_PROD_ID_OFFSET+2] << 16 | 155 rsp[PATCH_PROD_ID_OFFSET+1] << 8 | 156 rsp[PATCH_PROD_ID_OFFSET] )); 157 158 /* Patch Version indicates FW patch version */ 159 ALOGI("\t Current Patch Version\t\t: 0x%04x", 160 (patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 | 161 rsp[PATCH_PATCH_VER_OFFSET] ))); 162 163 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */ 164 ALOGI("\t Current ROM Build Version\t: 0x%04x", rome_ver = 165 (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 | 166 rsp[PATCH_ROM_BUILD_VER_OFFSET] )); 167 168 /* In case rome 1.0/1.1, there is no SOC ID version available */ 169 if (paramlen - 10) 170 { 171 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id = 172 (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 | 173 rsp[PATCH_SOC_VER_OFFSET+2] << 16 | 174 rsp[PATCH_SOC_VER_OFFSET+1] << 8 | 175 rsp[PATCH_SOC_VER_OFFSET] )); 176 } 177 178 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "wb"))) { 179 fprintf(btversionfile, "Bluetooth Controller Product ID : 0x%08x\n", productid); 180 fprintf(btversionfile, "Bluetooth Controller Patch Version : 0x%04x\n", patchversion); 181 fprintf(btversionfile, "Bluetooth Controller Build Version : 0x%04x\n", rome_ver); 182 fprintf(btversionfile, "Bluetooth Controller SOC Version : 0x%08x\n", soc_id); 183 fclose(btversionfile); 184 }else { 185 ALOGI("Failed to dump SOC version info. Errno:%d", errno); 186 } 187 188 /* Rome Chipset Version can be decided by Patch version and SOC version, 189 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be 190 used for SOC as combination for BT host driver */ 191 rome_ver = (rome_ver << 16) | (soc_id & 0x0000ffff); 192 break; 193 case EDL_TVL_DNLD_RES_EVT: 194 case EDL_CMD_EXE_STATUS_EVT: 195 switch (err = rsp[CMD_STATUS_OFFSET]) 196 { 197 case HCI_CMD_SUCCESS: 198 ALOGI("%s: Download Packet successfully!", __FUNCTION__); 199 break; 200 case PATCH_LEN_ERROR: 201 ALOGI("%s: Invalid patch length argument passed for EDL PATCH " 202 "SET REQ cmd", __FUNCTION__); 203 break; 204 case PATCH_VER_ERROR: 205 ALOGI("%s: Invalid patch version argument passed for EDL PATCH " 206 "SET REQ cmd", __FUNCTION__); 207 break; 208 case PATCH_CRC_ERROR: 209 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__); 210 break; 211 case PATCH_NOT_FOUND: 212 ALOGI("%s: Invalid patch data!!!", __FUNCTION__); 213 break; 214 case TLV_TYPE_ERROR: 215 ALOGI("%s: TLV Type Error !!!", __FUNCTION__); 216 break; 217 default: 218 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err); 219 break; 220 } 221 break; 222 case HCI_VS_GET_BUILD_VER_EVT: 223 build_lbl_len = rsp[5]; 224 memcpy (build_label, &rsp[6], build_lbl_len); 225 *(build_label+build_lbl_len) = '\0'; 226 227 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len); 228 if (NULL != (btversionfile = fopen(BT_VERSION_FILEPATH, "a+b"))) { 229 fprintf(btversionfile, "Bluetooth Contoller SU Build info : %s\n", build_label); 230 fclose(btversionfile); 231 } else { 232 ALOGI("Failed to dump FW SU build info. Errno:%d", errno); 233 } 234 break; 235 } 236 break; 237 238 case NVM_ACCESS_CODE: 239 ALOGI("%s: NVM Access Code!!!", __FUNCTION__); 240 err = HCI_CMD_SUCCESS; 241 break; 242 case EDL_SET_BAUDRATE_RSP_EVT: 243 /* Rome 1.1 has bug with the response, so it should ignore it. */ 244 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS) 245 { 246 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__, 247 rsp[CMD_STATUS_OFFSET]); 248 err = -1; 249 } 250 break; 251 case EDL_WIP_QUERY_CHARGING_STATUS_EVT: 252 /*TODO: rsp code 00 mean no charging 253 this is going to change in FW soon*/ 254 if (rsp[4] != EMBEDDED_MODE_CHECK) 255 { 256 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__); 257 wipower_handoff_ready = rsp[4]; 258 wipower_flag = 1; 259 } 260 break; 261 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT: 262 /*TODO: rsp code 00 mean no charging 263 this is going to change in FW soon*/ 264 if (rsp[4] == NON_WIPOWER_MODE) 265 { 266 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__); 267 } 268 break; 269 case HCI_VS_GET_ADDON_FEATURES_EVENT: 270 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK)) 271 { 272 ALOGD("%s: WiPower feature supported!!", __FUNCTION__); 273 property_set("persist.bluetooth.a4wp", "true"); 274 } 275 break; 276 default: 277 ALOGE("%s: Not a valid status!!!", __FUNCTION__); 278 err = -1; 279 break; 280 } 281 282 failed: 283 return err; 284 } 285 286 287 /* 288 * Read an VS HCI event from the given file descriptor. 289 */ 290 int read_vs_hci_event(int fd, unsigned char* buf, int size) 291 { 292 int remain, r; 293 int count = 0, i; 294 295 if (size <= 0) { 296 ALOGE("Invalid size arguement!"); 297 return -1; 298 } 299 300 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__); 301 302 /* The first byte identifies the packet type. For HCI event packets, it 303 * should be 0x04, so we read until we get to the 0x04. */ 304 /* It will keep reading until find 0x04 byte */ 305 while (1) { 306 r = read(fd, buf, 1); 307 if (r <= 0) 308 return -1; 309 if (buf[0] == 0x04) 310 break; 311 } 312 count++; 313 314 /* The next two bytes are the event code and parameter total length. */ 315 while (count < 3) { 316 r = read(fd, buf + count, 3 - count); 317 if ((r <= 0) || (buf[1] != 0xFF )) { 318 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]); 319 return -1; 320 } 321 count += r; 322 } 323 324 /* Now we read the parameters. */ 325 if (buf[2] < (size - 3)) 326 remain = buf[2]; 327 else 328 remain = size - 3; 329 330 while ((count - 3) < remain) { 331 r = read(fd, buf + count, remain - (count - 3)); 332 if (r <= 0) 333 return -1; 334 count += r; 335 } 336 337 /* Check if the set patch command is successful or not */ 338 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS) 339 return -1; 340 341 return count; 342 } 343 344 /* 345 * For Hand-Off related Wipower commands, Command complete arrives first and 346 * the followd with VS event 347 * 348 */ 349 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 350 { 351 int ret = 0; 352 int err = 0; 353 354 /* Send the HCI command packet to UART for transmission */ 355 ret = do_write(fd, cmd, size); 356 if (ret != size) { 357 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret); 358 goto failed; 359 } 360 361 /* Wait for command complete event */ 362 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 363 if ( err < 0) { 364 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__); 365 goto failed; 366 } 367 368 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__); 369 failed: 370 return ret; 371 } 372 373 374 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size) 375 { 376 int ret = 0; 377 378 /* Send the HCI command packet to UART for transmission */ 379 ret = do_write(fd, cmd, size); 380 if (ret != size) { 381 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 382 goto failed; 383 } 384 385 if (wait_vsc_evt) { 386 /* Check for response from the Controller */ 387 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 388 ret = -ETIMEDOUT; 389 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 390 goto failed; 391 } 392 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 393 } 394 395 failed: 396 return ret; 397 } 398 399 void frame_hci_cmd_pkt( 400 unsigned char *cmd, 401 int edl_cmd, unsigned int p_base_addr, 402 int segtNo, int size 403 ) 404 { 405 int offset = 0; 406 hci_command_hdr *cmd_hdr; 407 408 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 409 410 cmd_hdr = (void *) (cmd + 1); 411 412 cmd[0] = HCI_COMMAND_PKT; 413 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF); 414 cmd_hdr->plen = size; 415 cmd[4] = edl_cmd; 416 417 switch (edl_cmd) 418 { 419 case EDL_PATCH_SET_REQ_CMD: 420 /* Copy the patch header info as CMD params */ 421 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN); 422 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__); 423 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 424 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 425 break; 426 case EDL_PATCH_DLD_REQ_CMD: 427 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT); 428 p_base_addr += offset; 429 cmd_hdr->plen = (size + 6); 430 cmd[5] = (size + 4); 431 cmd[6] = EXTRACT_BYTE(p_base_addr, 0); 432 cmd[7] = EXTRACT_BYTE(p_base_addr, 1); 433 cmd[8] = EXTRACT_BYTE(p_base_addr, 2); 434 cmd[9] = EXTRACT_BYTE(p_base_addr, 3); 435 memcpy(&cmd[10], (pdata_buffer + offset), size); 436 437 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes", 438 __FUNCTION__, size); 439 ALOGV("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t" 440 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2], 441 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]); 442 break; 443 case EDL_PATCH_ATCH_REQ_CMD: 444 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__); 445 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 446 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 447 break; 448 case EDL_PATCH_RST_REQ_CMD: 449 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__); 450 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 451 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 452 break; 453 case EDL_PATCH_VER_REQ_CMD: 454 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__); 455 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 456 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 457 break; 458 case EDL_PATCH_TLV_REQ_CMD: 459 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__); 460 /* Parameter Total Length */ 461 cmd[3] = size +2; 462 463 /* TLV Segment Length */ 464 cmd[5] = size; 465 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 466 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]); 467 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT); 468 memcpy(&cmd[6], (pdata_buffer + offset), size); 469 break; 470 case EDL_GET_BUILD_INFO: 471 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__); 472 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 473 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 474 break; 475 case EDL_GET_BOARD_ID: 476 ALOGD("%s: Sending EDL_GET_BOARD_ID", __FUNCTION__); 477 ALOGV("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", 478 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 479 break; 480 default: 481 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__); 482 } 483 } 484 485 void rome_extract_patch_header_info(unsigned char *buf) 486 { 487 int index; 488 489 /* Extract patch id */ 490 for (index = 0; index < 4; index++) 491 rampatch_patch_info.patch_id |= 492 (LSH(buf[index + P_ID_OFFSET], (index * 8))); 493 494 /* Extract (ROM and BUILD) version information */ 495 for (index = 0; index < 2; index++) 496 rampatch_patch_info.patch_ver.rom_version |= 497 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8))); 498 499 for (index = 0; index < 2; index++) 500 rampatch_patch_info.patch_ver.build_version |= 501 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8))); 502 503 /* Extract patch base and entry addresses */ 504 for (index = 0; index < 4; index++) 505 rampatch_patch_info.patch_base_addr |= 506 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8))); 507 508 /* Patch BASE & ENTRY addresses are same */ 509 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr; 510 511 /* Extract total length of the patch payload */ 512 for (index = 0; index < 4; index++) 513 rampatch_patch_info.patch_length |= 514 (LSH(buf[index + P_LEN_OFFSET], (index * 8))); 515 516 /* Extract the CRC checksum of the patch payload */ 517 for (index = 0; index < 4; index++) 518 rampatch_patch_info.patch_crc |= 519 (LSH(buf[index + P_CRC_OFFSET], (index * 8))); 520 521 /* Extract patch control value */ 522 for (index = 0; index < 4; index++) 523 rampatch_patch_info.patch_ctrl |= 524 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8))); 525 526 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id); 527 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version); 528 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version); 529 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length); 530 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc); 531 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl); 532 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr); 533 534 } 535 536 int rome_edl_set_patch_request(int fd) 537 { 538 int size, err; 539 unsigned char cmd[HCI_MAX_CMD_SIZE]; 540 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 541 542 /* Frame the HCI CMD to be sent to the Controller */ 543 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0, 544 -1, PATCH_HDR_LEN + 1); 545 546 /* Total length of the packet to be sent to the Controller */ 547 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 548 549 /* Send HCI Command packet to Controller */ 550 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 551 if ( err != size) { 552 ALOGE("Failed to set the patch info to the Controller!"); 553 goto error; 554 } 555 556 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 557 if ( err < 0) { 558 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 559 goto error; 560 } 561 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__); 562 error: 563 return err; 564 } 565 566 int rome_edl_patch_download_request(int fd) 567 { 568 int no_of_patch_segment; 569 int index = 1, err = 0, size = 0; 570 unsigned int p_base_addr; 571 unsigned char cmd[HCI_MAX_CMD_SIZE]; 572 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 573 574 no_of_patch_segment = (rampatch_patch_info.patch_length / 575 MAX_DATA_PER_SEGMENT); 576 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x", 577 __FUNCTION__, no_of_patch_segment, 578 rampatch_patch_info.patch_base_addr); 579 580 /* Initialize the patch base address from the one read from bin file */ 581 p_base_addr = rampatch_patch_info.patch_base_addr; 582 583 /* 584 * Depending upon size of the patch payload, download the patches in 585 * segments with a max. size of 239 bytes 586 */ 587 for (index = 1; index <= no_of_patch_segment; index++) { 588 589 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index); 590 591 /* Frame the HCI CMD PKT to be sent to Controller*/ 592 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, 593 index, MAX_DATA_PER_SEGMENT); 594 595 /* Total length of the packet to be sent to the Controller */ 596 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 597 598 /* Initialize the RSP packet everytime to 0 */ 599 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 600 601 /* Send HCI Command packet to Controller */ 602 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 603 if ( err != size) { 604 ALOGE("Failed to send the patch payload to the Controller!"); 605 goto error; 606 } 607 608 /* Read Command Complete Event */ 609 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 610 if ( err < 0) { 611 ALOGE("%s: Failed to downlaod patch segment: %d!", 612 __FUNCTION__, index); 613 goto error; 614 } 615 ALOGI("%s: Successfully downloaded patch segment: %d", 616 __FUNCTION__, index); 617 } 618 619 /* Check if any pending patch data to be sent */ 620 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ? 621 rampatch_patch_info.patch_length : 622 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT); 623 624 if (size) 625 { 626 /* Frame the HCI CMD PKT to be sent to Controller*/ 627 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size); 628 629 /* Initialize the RSP packet everytime to 0 */ 630 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 631 632 /* Total length of the packet to be sent to the Controller */ 633 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 634 635 /* Send HCI Command packet to Controller */ 636 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 637 if ( err != size) { 638 ALOGE("Failed to send the patch payload to the Controller!"); 639 goto error; 640 } 641 642 /* Read Command Complete Event */ 643 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 644 if ( err < 0) { 645 ALOGE("%s: Failed to downlaod patch segment: %d!", 646 __FUNCTION__, index); 647 goto error; 648 } 649 650 ALOGI("%s: Successfully downloaded patch segment: %d", 651 __FUNCTION__, index); 652 } 653 654 error: 655 return err; 656 } 657 658 static int rome_download_rampatch(int fd) 659 { 660 int c, tmp, size, index, ret = -1; 661 662 ALOGI("%s: ", __FUNCTION__); 663 664 /* Get handle to the RAMPATCH binary file */ 665 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH); 666 file = fopen(ROME_FW_PATH, "r"); 667 if (file == NULL) { 668 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!", 669 __FUNCTION__); 670 return -ENFILE; 671 } 672 673 /* Allocate memory for the patch headder info */ 674 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__); 675 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1); 676 if (phdr_buffer == NULL) { 677 ALOGE("%s: Failed to allocate memory for patch header", 678 __FUNCTION__); 679 goto phdr_alloc_failed; 680 } 681 for (index = 0; index < PATCH_HDR_LEN + 1; index++) 682 phdr_buffer[index] = 0x0; 683 684 /* Read 28 bytes of patch header information */ 685 ALOGI("%s: Reading patch header info", __FUNCTION__); 686 index = 0; 687 do { 688 c = fgetc (file); 689 phdr_buffer[index++] = (unsigned char)c; 690 } while (index != PATCH_HDR_LEN); 691 692 /* Save the patch header info into local structure */ 693 ALOGI("%s: Saving patch hdr. info", __FUNCTION__); 694 rome_extract_patch_header_info((unsigned char *)phdr_buffer); 695 696 /* Set the patch header info onto the Controller */ 697 ret = rome_edl_set_patch_request(fd); 698 if (ret < 0) { 699 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__); 700 goto pdata_alloc_failed; 701 } 702 703 /* Allocate memory for the patch payload */ 704 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__); 705 size = rampatch_patch_info.patch_length; 706 pdata_buffer = (unsigned char *) malloc(size+1); 707 if (pdata_buffer == NULL) { 708 ALOGE("%s: Failed to allocate memory for patch payload", 709 __FUNCTION__); 710 goto pdata_alloc_failed; 711 } 712 for (index = 0; index < size+1; index++) 713 pdata_buffer[index] = 0x0; 714 715 /* Read the patch data from Rampatch binary image */ 716 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__); 717 index = 0; 718 do { 719 c = fgetc (file); 720 pdata_buffer[index++] = (unsigned char)c; 721 } while (c != EOF); 722 723 /* Downloading patches in segments to controller */ 724 ret = rome_edl_patch_download_request(fd); 725 if (ret < 0) { 726 ALOGE("%s: Error downloading patch segments!", __FUNCTION__); 727 goto cleanup; 728 } 729 cleanup: 730 free(pdata_buffer); 731 pdata_alloc_failed: 732 free(phdr_buffer); 733 phdr_alloc_failed: 734 fclose(file); 735 error: 736 return ret; 737 } 738 739 int rome_attach_rampatch(int fd) 740 { 741 int size, err; 742 unsigned char cmd[HCI_MAX_CMD_SIZE]; 743 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 744 745 /* Frame the HCI CMD to be sent to the Controller */ 746 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0, 747 -1, EDL_PATCH_CMD_LEN); 748 749 /* Total length of the packet to be sent to the Controller */ 750 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 751 752 /* Send HCI Command packet to Controller */ 753 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 754 if ( err != size) { 755 ALOGE("Failed to attach the patch payload to the Controller!"); 756 goto error; 757 } 758 759 /* Read Command Complete Event */ 760 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 761 if ( err < 0) { 762 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__); 763 goto error; 764 } 765 error: 766 return err; 767 } 768 769 int rome_rampatch_reset(int fd) 770 { 771 int size, err = 0, flags; 772 unsigned char cmd[HCI_MAX_CMD_SIZE]; 773 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */ 774 775 /* Frame the HCI CMD to be sent to the Controller */ 776 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0, 777 -1, EDL_PATCH_CMD_LEN); 778 779 /* Total length of the packet to be sent to the Controller */ 780 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 781 782 /* Send HCI Command packet to Controller */ 783 err = do_write(fd, cmd, size); 784 if (err != size) { 785 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 786 goto error; 787 } 788 789 /* 790 * Controller doesn't sends any response for the patch reset 791 * command. HOST has to wait for 100ms before proceeding. 792 */ 793 nanosleep(&tm, NULL); 794 795 error: 796 return err; 797 } 798 799 int rome_get_tlv_file(char *file_path) 800 { 801 FILE * pFile; 802 long fileSize; 803 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i; 804 unsigned short nvm_tag_len; 805 tlv_patch_info *ptlv_header; 806 tlv_nvm_hdr *nvm_ptr; 807 unsigned char data_buf[PRINT_BUF_SIZE]={0,}; 808 unsigned char *nvm_byte_ptr; 809 810 ALOGI("File Open (%s)", file_path); 811 pFile = fopen ( file_path , "r" ); 812 if (pFile==NULL) {; 813 ALOGE("%s File Open Fail", file_path); 814 return -1; 815 } 816 817 /* Get File Size */ 818 fseek (pFile , 0 , SEEK_END); 819 fileSize = ftell (pFile); 820 rewind (pFile); 821 822 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize); 823 if (pdata_buffer == NULL) { 824 ALOGE("Allocated Memory failed"); 825 fclose (pFile); 826 return -1; 827 } 828 829 /* Copy file into allocated buffer */ 830 readSize = fread (pdata_buffer,1,fileSize,pFile); 831 832 /* File Close */ 833 fclose (pFile); 834 835 if (readSize != fileSize) { 836 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize); 837 return -1; 838 } 839 840 ptlv_header = (tlv_patch_info *) pdata_buffer; 841 842 /* To handle different event between rampatch and NVM */ 843 gTlv_type = ptlv_header->tlv_type; 844 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg; 845 846 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){ 847 ALOGI("===================================================="); 848 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 849 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) | 850 (ptlv_header->tlv_length2 << 8) | 851 (ptlv_header->tlv_length3 << 16)); 852 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len); 853 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len); 854 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver); 855 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm); 856 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg); 857 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1); 858 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id); 859 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver); 860 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver); 861 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2); 862 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr)); 863 ALOGI("===================================================="); 864 865 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) { 866 ALOGV("===================================================="); 867 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type); 868 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) | 869 (ptlv_header->tlv_length2 << 8) | 870 (ptlv_header->tlv_length3 << 16)); 871 872 if(nvm_length <= 0) 873 return readSize; 874 875 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0; 876 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr) 877 { 878 ALOGV("TAG ID\t\t\t : %d", nvm_ptr->tag_id); 879 ALOGV("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len); 880 ALOGV("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr); 881 ALOGV("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag); 882 883 /* Increase nvm_index to NVM data */ 884 nvm_index+=sizeof(tlv_nvm_hdr); 885 nvm_byte_ptr+=sizeof(tlv_nvm_hdr); 886 887 /* Write BD Address */ 888 if(nvm_ptr->tag_id == TAG_NUM_2){ 889 memcpy(nvm_byte_ptr, vnd_local_bd_addr, 6); 890 ALOGV("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x", 891 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2), 892 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5)); 893 } 894 895 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++) 896 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i)); 897 898 ALOGV("TAG Data\t\t\t : %s", data_buf); 899 900 /* Clear buffer */ 901 memset(data_buf, 0x0, PRINT_BUF_SIZE); 902 903 /* increased by tag_len */ 904 nvm_index+=nvm_ptr->tag_len; 905 nvm_byte_ptr +=nvm_ptr->tag_len; 906 } 907 908 ALOGV("===================================================="); 909 910 } else { 911 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type); 912 } 913 914 return readSize; 915 } 916 917 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt) 918 { 919 int size=0, err = -1; 920 unsigned char cmd[HCI_MAX_CMD_SIZE]; 921 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 922 923 ALOGV("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size); 924 925 /* Frame the HCI CMD PKT to be sent to Controller*/ 926 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size); 927 928 /* Total length of the packet to be sent to the Controller */ 929 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]); 930 931 /* Initialize the RSP packet everytime to 0 */ 932 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE); 933 934 /* Send HCI Command packet to Controller */ 935 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 936 if ( err != size) { 937 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err); 938 return err; 939 } 940 941 if(wait_cc_evt) { 942 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 943 if ( err < 0) { 944 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index); 945 return err; 946 } 947 } 948 949 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index); 950 return err; 951 } 952 953 int rome_tlv_dnld_req(int fd, int tlv_size) 954 { 955 int total_segment, remain_size, i, err = -1; 956 unsigned char wait_cc_evt; 957 958 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT; 959 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\ 960 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT); 961 962 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d", 963 __FUNCTION__,tlv_size, total_segment, remain_size); 964 965 if (gTlv_type == TLV_TYPE_PATCH) { 966 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event 967 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the 968 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now 969 */ 970 switch(gTlv_dwndCfg) 971 { 972 case ROME_SKIP_EVT_NONE: 973 wait_vsc_evt = TRUE; 974 wait_cc_evt = TRUE; 975 ALOGI("Event handling type: ROME_SKIP_EVT_NONE"); 976 break; 977 case ROME_SKIP_EVT_VSE_CC: 978 wait_vsc_evt = FALSE; 979 wait_cc_evt = FALSE; 980 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC"); 981 break; 982 /* Not handled for now */ 983 case ROME_SKIP_EVT_VSE: 984 case ROME_SKIP_EVT_CC: 985 default: 986 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg); 987 break; 988 } 989 } else { 990 wait_vsc_evt = TRUE; 991 wait_cc_evt = TRUE; 992 } 993 994 for(i=0;i<total_segment ;i++){ 995 if ((i+1) == total_segment) { 996 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 997 /* If the Rome version is from 1.1 to 3.1 998 * 1. No CCE for the last command segment but all other segment 999 * 2. All the command segments get VSE including the last one 1000 */ 1001 wait_cc_evt = !remain_size ? FALSE: TRUE; 1002 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1003 /* If the Rome version is 3.2 1004 * 1. None of the command segments receive CCE 1005 * 2. No command segments receive VSE except the last one 1006 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1007 * same as Rome 2.1, 2.2, 3.0 1008 */ 1009 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1010 wait_cc_evt = !remain_size ? FALSE: TRUE; 1011 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1012 wait_vsc_evt = !remain_size ? TRUE: FALSE; 1013 } 1014 } 1015 } 1016 1017 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0) 1018 goto error; 1019 } 1020 1021 if ((rome_ver >= ROME_VER_1_1) && (rome_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1022 /* If the Rome version is from 1.1 to 3.1 1023 * 1. No CCE for the last command segment but all other segment 1024 * 2. All the command segments get VSE including the last one 1025 */ 1026 wait_cc_evt = remain_size ? FALSE: TRUE; 1027 } else if ((rome_ver == ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) { 1028 /* If the Rome version is 3.2 1029 * 1. None of the command segments receive CCE 1030 * 2. No command segments receive VSE except the last one 1031 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is 1032 * same as Rome 2.1, 2.2, 3.0 1033 */ 1034 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) { 1035 wait_cc_evt = remain_size ? FALSE: TRUE; 1036 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) { 1037 wait_vsc_evt = remain_size ? TRUE: FALSE; 1038 } 1039 } 1040 1041 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt); 1042 1043 error: 1044 return err; 1045 } 1046 1047 int rome_download_tlv_file(int fd) 1048 { 1049 int tlv_size, err = -1; 1050 1051 /* Rampatch TLV file Downloading */ 1052 pdata_buffer = NULL; 1053 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0) 1054 goto error; 1055 1056 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1057 goto error; 1058 1059 if (pdata_buffer != NULL){ 1060 free (pdata_buffer); 1061 pdata_buffer = NULL; 1062 } 1063 /* NVM TLV file Downloading */ 1064 if((tlv_size = rome_get_tlv_file(nvm_file_path)) < 0) 1065 goto error; 1066 1067 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 ) 1068 goto error; 1069 1070 error: 1071 if (pdata_buffer != NULL) 1072 free (pdata_buffer); 1073 1074 return err; 1075 } 1076 1077 int rome_1_0_nvm_tag_dnld(int fd) 1078 { 1079 int i, size, err = 0; 1080 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1081 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1082 1083 #if (NVM_VERSION >= ROME_1_0_100019) 1084 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1085 { 1086 /* Tag 2 */ /* BD Address */ 1087 { /* Packet Type */HCI_COMMAND_PKT, 1088 /* Opcode */ 0x0b,0xfc, 1089 /* Total Len */ 9, 1090 /* NVM CMD */ NVM_ACCESS_SET, 1091 /* Tag Num */ 2, 1092 /* Tag Len */ 6, 1093 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 1094 }, 1095 /* Tag 6 */ /* Bluetooth Support Features */ 1096 { /* Packet Type */HCI_COMMAND_PKT, 1097 /* Opcode */ 0x0b,0xfc, 1098 /* Total Len */ 11, 1099 /* NVM CMD */ NVM_ACCESS_SET, 1100 /* Tag Num */ 6, 1101 /* Tag Len */ 8, 1102 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1103 }, 1104 /* Tag 17 */ /* HCI Transport Layer Setting */ 1105 { /* Packet Type */HCI_COMMAND_PKT, 1106 /* Opcode */ 0x0b,0xfc, 1107 /* Total Len */ 11, 1108 /* NVM CMD */ NVM_ACCESS_SET, 1109 /* Tag Num */ 17, 1110 /* Tag Len */ 8, 1111 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1112 }, 1113 /* Tag 35 */ 1114 { /* Packet Type */HCI_COMMAND_PKT, 1115 /* Opcode */ 0x0b,0xfc, 1116 /* Total Len */ 58, 1117 /* NVM CMD */ NVM_ACCESS_SET, 1118 /* Tag Num */ 35, 1119 /* Tag Len */ 55, 1120 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59, 1121 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1122 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F, 1123 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1124 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80, 1125 0x1B, 0x14, 0x01, 0x04, 0x48 1126 }, 1127 /* Tag 36 */ 1128 { /* Packet Type */HCI_COMMAND_PKT, 1129 /* Opcode */ 0x0b,0xfc, 1130 /* Total Len */ 15, 1131 /* NVM CMD */ NVM_ACCESS_SET, 1132 /* Tag Num */ 36, 1133 /* Tag Len */ 12, 1134 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1135 }, 1136 /* Tag 39 */ 1137 { /* Packet Type */HCI_COMMAND_PKT, 1138 /* Opcode */ 0x0b,0xfc, 1139 /* Total Len */ 7, 1140 /* NVM CMD */ NVM_ACCESS_SET, 1141 /* Tag Num */ 39, 1142 /* Tag Len */ 4, 1143 /* Tag Value */ 0x12,0x00,0x00,0x00 1144 }, 1145 /* Tag 41 */ 1146 { /* Packet Type */HCI_COMMAND_PKT, 1147 /* Opcode */ 0x0b,0xfc, 1148 /* Total Len */ 91, 1149 /* NVM CMD */ NVM_ACCESS_SET, 1150 /* Tag Num */ 41, 1151 /* Tag Len */ 88, 1152 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00, 1153 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00, 1154 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00, 1155 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00, 1156 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01, 1157 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00, 1158 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01, 1159 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00, 1160 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00 1161 }, 1162 /* Tag 42 */ 1163 { /* Packet Type */HCI_COMMAND_PKT, 1164 /* Opcode */ 0x0b,0xfc, 1165 /* Total Len */ 63, 1166 /* NVM CMD */ NVM_ACCESS_SET, 1167 /* Tag Num */ 42, 1168 /* Tag Len */ 60, 1169 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47, 1170 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01, 1171 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01, 1172 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A, 1173 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00, 1174 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01 1175 }, 1176 /* Tag 84 */ 1177 { /* Packet Type */HCI_COMMAND_PKT, 1178 /* Opcode */ 0x0b,0xfc, 1179 /* Total Len */ 153, 1180 /* NVM CMD */ NVM_ACCESS_SET, 1181 /* Tag Num */ 84, 1182 /* Tag Len */ 150, 1183 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28, 1184 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28, 1185 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28, 1186 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18, 1187 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 1188 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13, 1189 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12, 1190 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01, 1191 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D, 1192 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D, 1193 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00, 1194 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40, 1195 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00, 1196 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00, 1197 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D 1198 }, 1199 /* Tag 85 */ 1200 { /* Packet Type */HCI_COMMAND_PKT, 1201 /* Opcode */ 0x0b,0xfc, 1202 /* Total Len */ 119, 1203 /* NVM CMD */ NVM_ACCESS_SET, 1204 /* Tag Num */ 85, 1205 /* Tag Len */ 116, 1206 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59, 1207 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E, 1208 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02, 1209 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02, 1210 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00, 1211 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F, 1212 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C, 1213 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02, 1214 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00, 1215 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00, 1216 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00, 1217 0x12, 0x04, 0x04, 0x01, 0x04, 0x03 1218 }, 1219 {TAG_END} 1220 }; 1221 #elif (NVM_VERSION == ROME_1_0_6002) 1222 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] = 1223 { 1224 /* Tag 2 */ 1225 { /* Packet Type */HCI_COMMAND_PKT, 1226 /* Opcode */ 0x0b,0xfc, 1227 /* Total Len */ 9, 1228 /* NVM CMD */ NVM_ACCESS_SET, 1229 /* Tag Num */ 2, 1230 /* Tag Len */ 6, 1231 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */ 1232 }, 1233 /* Tag 6 */ 1234 { /* Packet Type */HCI_COMMAND_PKT, 1235 /* Opcode */ 0x0b,0xfc, 1236 /* Total Len */ 11, 1237 /* NVM CMD */ NVM_ACCESS_SET, 1238 /* Tag Num */ 6, 1239 /* Tag Len */ 8, 1240 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B 1241 }, 1242 /* Tag 17 */ 1243 { /* Packet Type */HCI_COMMAND_PKT, 1244 /* Opcode */ 0x0b,0xfc, 1245 /* Total Len */ 11, 1246 /* NVM CMD */ NVM_ACCESS_SET, 1247 /* Tag Num */ 17, 1248 /* Tag Len */ 8, 1249 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00 1250 }, 1251 /* Tag 36 */ 1252 { /* Packet Type */HCI_COMMAND_PKT, 1253 /* Opcode */ 0x0b,0xfc, 1254 /* Total Len */ 15, 1255 /* NVM CMD */ NVM_ACCESS_SET, 1256 /* Tag Num */ 36, 1257 /* Tag Len */ 12, 1258 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00 1259 }, 1260 1261 /* Tag 39 */ 1262 { /* Packet Type */HCI_COMMAND_PKT, 1263 /* Opcode */ 0x0b,0xfc, 1264 /* Total Len */ 7, 1265 /* NVM CMD */ NVM_ACCESS_SET, 1266 /* Tag Num */ 39, 1267 /* Tag Len */ 4, 1268 /* Tag Value */ 0x12,0x00,0x00,0x00 1269 }, 1270 1271 /* Tag 41 */ 1272 { /* Packet Type */HCI_COMMAND_PKT, 1273 /* Opcode */ 0x0b,0xfc, 1274 /* Total Len */ 199, 1275 /* NVM CMD */ NVM_ACCESS_SET, 1276 /* Tag Num */ 41, 1277 /* Tag Len */ 196, 1278 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00, 1279 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00, 1280 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00, 1281 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00, 1282 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00, 1283 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00, 1284 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00, 1285 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00, 1286 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00, 1287 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00, 1288 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00, 1289 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00, 1290 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00, 1291 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00, 1292 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00, 1293 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00, 1294 0x0B,0x01,0x03,0x00 1295 }, 1296 1297 /* Tag 44 */ 1298 { /* Packet Type */HCI_COMMAND_PKT, 1299 /* Opcode */ 0x0b,0xfc, 1300 /* Total Len */ 44, 1301 /* NVM CMD */ NVM_ACCESS_SET, 1302 /* Tag Num */ 44, 1303 /* Tag Len */ 41, 1304 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02, 1305 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01, 1306 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01, 1307 0x00,0x14,0x01,0x02,0x03 1308 }, 1309 {TAG_END} 1310 }; 1311 #endif 1312 1313 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION); 1314 1315 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++) 1316 { 1317 /* Write BD Address */ 1318 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){ 1319 memcpy(&cmds[i][TAG_BDADDR_OFFSET], vnd_local_bd_addr, 6); 1320 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x", 1321 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1], 1322 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3], 1323 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]); 1324 } 1325 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1; 1326 /* Send HCI Command packet to Controller */ 1327 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size); 1328 if ( err != size) { 1329 ALOGE("Failed to attach the patch payload to the Controller!"); 1330 goto error; 1331 } 1332 1333 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1334 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1335 if ( err < 0) { 1336 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1337 goto error; 1338 } 1339 } 1340 1341 error: 1342 return err; 1343 } 1344 1345 1346 1347 int rome_patch_ver_req(int fd) 1348 { 1349 int size, err = 0; 1350 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1351 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1352 1353 /* Frame the HCI CMD to be sent to the Controller */ 1354 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0, 1355 -1, EDL_PATCH_CMD_LEN); 1356 1357 /* Total length of the packet to be sent to the Controller */ 1358 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1359 1360 /* Send HCI Command packet to Controller */ 1361 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1362 if ( err != size) { 1363 ALOGE("Failed to attach the patch payload to the Controller!"); 1364 goto error; 1365 } 1366 1367 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1368 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1369 if ( err < 0) { 1370 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__); 1371 goto error; 1372 } 1373 error: 1374 return err; 1375 1376 } 1377 1378 int rome_get_build_info_req(int fd) 1379 { 1380 int size, err = 0; 1381 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1382 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1383 1384 /* Frame the HCI CMD to be sent to the Controller */ 1385 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0, 1386 -1, EDL_PATCH_CMD_LEN); 1387 1388 /* Total length of the packet to be sent to the Controller */ 1389 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1390 1391 /* Send HCI Command packet to Controller */ 1392 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1393 if ( err != size) { 1394 ALOGE("Failed to send get build info cmd to the SoC!"); 1395 goto error; 1396 } 1397 1398 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1399 if ( err < 0) { 1400 ALOGE("%s: Failed to get build info", __FUNCTION__); 1401 goto error; 1402 } 1403 error: 1404 return err; 1405 1406 } 1407 1408 1409 int rome_set_baudrate_req(int fd) 1410 { 1411 int size, err = 0; 1412 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1413 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1414 hci_command_hdr *cmd_hdr; 1415 int flags; 1416 1417 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1418 1419 cmd_hdr = (void *) (cmd + 1); 1420 cmd[0] = HCI_COMMAND_PKT; 1421 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF); 1422 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN; 1423 cmd[4] = BAUDRATE_3000000; 1424 1425 /* Total length of the packet to be sent to the Controller */ 1426 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN); 1427 tcflush(fd,TCIOFLUSH); 1428 /* Flow off during baudrate change */ 1429 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1430 { 1431 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1432 goto error; 1433 } 1434 1435 /* Send the HCI command packet to UART for transmission */ 1436 err = do_write(fd, cmd, size); 1437 if (err != size) { 1438 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1439 goto error; 1440 } 1441 1442 /* Change Local UART baudrate to high speed UART */ 1443 userial_vendor_set_baud(USERIAL_BAUD_3M); 1444 1445 /* Flow on after changing local uart baudrate */ 1446 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1447 { 1448 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1449 return err; 1450 } 1451 1452 /* Check for response from the Controller */ 1453 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) { 1454 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__); 1455 goto error; 1456 } 1457 1458 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__); 1459 1460 /* Wait for command complete event */ 1461 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1462 if ( err < 0) { 1463 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1464 goto error; 1465 } 1466 1467 error: 1468 return err; 1469 1470 } 1471 1472 1473 int rome_hci_reset_req(int fd) 1474 { 1475 int size, err = 0; 1476 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1477 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1478 hci_command_hdr *cmd_hdr; 1479 int flags; 1480 1481 ALOGI("%s: HCI RESET ", __FUNCTION__); 1482 1483 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1484 1485 cmd_hdr = (void *) (cmd + 1); 1486 cmd[0] = HCI_COMMAND_PKT; 1487 cmd_hdr->opcode = HCI_RESET; 1488 cmd_hdr->plen = 0; 1489 1490 /* Total length of the packet to be sent to the Controller */ 1491 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1492 1493 /* Flow off during baudrate change */ 1494 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0) 1495 { 1496 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err); 1497 goto error; 1498 } 1499 1500 /* Send the HCI command packet to UART for transmission */ 1501 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]); 1502 err = do_write(fd, cmd, size); 1503 if (err != size) { 1504 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1505 goto error; 1506 } 1507 1508 /* Change Local UART baudrate to high speed UART */ 1509 userial_vendor_set_baud(USERIAL_BAUD_3M); 1510 1511 /* Flow on after changing local uart baudrate */ 1512 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0) 1513 { 1514 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err); 1515 return err; 1516 } 1517 1518 /* Wait for command complete event */ 1519 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1520 if ( err < 0) { 1521 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1522 goto error; 1523 } 1524 1525 error: 1526 return err; 1527 1528 } 1529 1530 1531 int rome_hci_reset(int fd) 1532 { 1533 int size, err = 0; 1534 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1535 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1536 hci_command_hdr *cmd_hdr; 1537 int flags; 1538 1539 ALOGI("%s: HCI RESET ", __FUNCTION__); 1540 1541 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1542 1543 cmd_hdr = (void *) (cmd + 1); 1544 cmd[0] = HCI_COMMAND_PKT; 1545 cmd_hdr->opcode = HCI_RESET; 1546 cmd_hdr->plen = 0; 1547 1548 /* Total length of the packet to be sent to the Controller */ 1549 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1550 err = do_write(fd, cmd, size); 1551 if (err != size) { 1552 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err); 1553 err = -1; 1554 goto error; 1555 } 1556 1557 /* Wait for command complete event */ 1558 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1559 if ( err < 0) { 1560 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__); 1561 goto error; 1562 } 1563 1564 error: 1565 return err; 1566 1567 } 1568 1569 int rome_wipower_current_charging_status_req(int fd) 1570 { 1571 int size, err = 0; 1572 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1573 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1574 hci_command_hdr *cmd_hdr; 1575 int flags; 1576 1577 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1578 1579 cmd_hdr = (void *) (cmd + 1); 1580 cmd[0] = HCI_COMMAND_PKT; 1581 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1582 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN; 1583 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD; 1584 1585 /* Total length of the packet to be sent to the Controller */ 1586 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN); 1587 1588 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__); 1589 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1590 1591 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1592 if ( err != size) { 1593 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!"); 1594 goto error; 1595 } 1596 1597 /* Check for response from the Controller */ 1598 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1599 err = -ETIMEDOUT; 1600 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1601 goto error; 1602 } 1603 1604 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */ 1605 if (rsp[4] >= NON_WIPOWER_MODE) { 1606 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1607 if (err < 0) { 1608 ALOGE("%s: Failed to get charging status", __FUNCTION__); 1609 goto error; 1610 } 1611 } 1612 1613 error: 1614 return err; 1615 } 1616 1617 int addon_feature_req(int fd) 1618 { 1619 int size, err = 0; 1620 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1621 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1622 hci_command_hdr *cmd_hdr; 1623 int flags; 1624 1625 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1626 1627 cmd_hdr = (void *) (cmd + 1); 1628 cmd[0] = HCI_COMMAND_PKT; 1629 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT); 1630 cmd_hdr->plen = 0x00; 1631 1632 /* Total length of the packet to be sent to the Controller */ 1633 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE); 1634 1635 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__); 1636 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]); 1637 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1638 if ( err != size) { 1639 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!"); 1640 goto error; 1641 } 1642 1643 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1644 if (err < 0) { 1645 ALOGE("%s: Failed to get feature request", __FUNCTION__); 1646 goto error; 1647 } 1648 error: 1649 return err; 1650 } 1651 1652 1653 int check_embedded_mode(int fd) { 1654 int err = 0; 1655 1656 wipower_flag = 0; 1657 /* Get current wipower charging status */ 1658 if ((err = rome_wipower_current_charging_status_req(fd)) < 0) 1659 { 1660 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err); 1661 } 1662 usleep(500); 1663 1664 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag); 1665 1666 return wipower_flag; 1667 } 1668 1669 int rome_get_addon_feature_list(int fd) { 1670 int err = 0; 1671 1672 /* Get addon features that are supported by FW */ 1673 if ((err = addon_feature_req(fd)) < 0) 1674 { 1675 ALOGE("%s: failed (0x%x)", __FUNCTION__, err); 1676 } 1677 return err; 1678 } 1679 1680 int rome_wipower_forward_handoff_req(int fd) 1681 { 1682 int size, err = 0; 1683 unsigned char cmd[HCI_MAX_CMD_SIZE]; 1684 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1685 hci_command_hdr *cmd_hdr; 1686 int flags; 1687 1688 memset(cmd, 0x0, HCI_MAX_CMD_SIZE); 1689 1690 cmd_hdr = (void *) (cmd + 1); 1691 cmd[0] = HCI_COMMAND_PKT; 1692 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF); 1693 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN; 1694 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD; 1695 1696 /* Total length of the packet to be sent to the Controller */ 1697 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN); 1698 1699 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__); 1700 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]); 1701 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size); 1702 if ( err != size) { 1703 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!"); 1704 goto error; 1705 } 1706 1707 /* Check for response from the Controller */ 1708 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) { 1709 err = -ETIMEDOUT; 1710 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__); 1711 goto error; 1712 } 1713 1714 error: 1715 return err; 1716 } 1717 1718 1719 void enable_controller_log (int fd) 1720 { 1721 int ret = 0; 1722 /* VS command to enable controller logging to the HOST. By default it is disabled */ 1723 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00}; 1724 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1725 char value[PROPERTY_VALUE_MAX] = {'\0'}; 1726 1727 property_get("persist.service.bdroid.soclog", value, "false"); 1728 1729 // value at cmd[5]: 1 - to enable, 0 - to disable 1730 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0; 1731 ALOGI("%s: %d", __func__, ret); 1732 1733 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6); 1734 if (ret != 6) { 1735 ALOGE("%s: command failed", __func__); 1736 } 1737 } 1738 1739 1740 static int disable_internal_ldo(int fd) 1741 { 1742 int ret = 0; 1743 if (enable_extldo) { 1744 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32}; 1745 unsigned char rsp[HCI_MAX_EVENT_SIZE]; 1746 1747 ALOGI(" %s ", __FUNCTION__); 1748 ret = do_write(fd, cmd, 5); 1749 if (ret != 5) { 1750 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret); 1751 ret = -1; 1752 } else { 1753 /* Wait for command complete event */ 1754 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE); 1755 if ( ret < 0) { 1756 ALOGE("%s: Failed to get response from controller", __FUNCTION__); 1757 } 1758 } 1759 } 1760 return ret; 1761 } 1762 1763 int rome_soc_init(int fd, char *bdaddr) 1764 { 1765 int err = -1, size = 0; 1766 1767 ALOGI(" %s ", __FUNCTION__); 1768 1769 /* If wipower charging is going on in embedded mode then start hand off req */ 1770 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE) 1771 { 1772 wipower_flag = 0; 1773 wipower_handoff_ready = 0; 1774 if ((err = rome_wipower_forward_handoff_req(fd)) < 0) 1775 { 1776 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err); 1777 } 1778 } 1779 1780 /* Get Rome version information */ 1781 if((err = rome_patch_ver_req(fd)) <0){ 1782 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err); 1783 goto error; 1784 } 1785 1786 ALOGI("%s: Rome Version (0x%08x)", __FUNCTION__, rome_ver); 1787 1788 switch (rome_ver){ 1789 case ROME_VER_1_0: 1790 { 1791 /* Set and Download the RAMPATCH */ 1792 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__); 1793 err = rome_download_rampatch(fd); 1794 if (err < 0) { 1795 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__); 1796 goto error; 1797 } 1798 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__); 1799 1800 /* Attach the RAMPATCH */ 1801 ALOGI("%s: Attaching the patches", __FUNCTION__); 1802 err = rome_attach_rampatch(fd); 1803 if (err < 0) { 1804 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__); 1805 goto error; 1806 } 1807 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__); 1808 1809 /* Send Reset */ 1810 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN); 1811 err = rome_rampatch_reset(fd); 1812 if ( err < 0 ) { 1813 ALOGE("Failed to RESET after RAMPATCH upgrade!"); 1814 goto error; 1815 } 1816 1817 /* NVM download */ 1818 ALOGI("%s: Downloading NVM", __FUNCTION__); 1819 err = rome_1_0_nvm_tag_dnld(fd); 1820 if ( err <0 ) { 1821 ALOGE("Downloading NVM Failed !!"); 1822 goto error; 1823 } 1824 1825 /* Change baud rate 115.2 kbps to 3Mbps*/ 1826 err = rome_hci_reset_req(fd); 1827 if (err < 0) { 1828 ALOGE("HCI Reset Failed !!"); 1829 goto error; 1830 } 1831 1832 ALOGI("HCI Reset is done\n"); 1833 } 1834 break; 1835 case ROME_VER_1_1: 1836 rampatch_file_path = ROME_RAMPATCH_TLV_PATH; 1837 nvm_file_path = ROME_NVM_TLV_PATH; 1838 goto download; 1839 case ROME_VER_1_3: 1840 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH; 1841 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH; 1842 goto download; 1843 case ROME_VER_2_1: 1844 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH; 1845 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH; 1846 goto download; 1847 case ROME_VER_3_0: 1848 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH; 1849 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH; 1850 fw_su_info = ROME_3_1_FW_SU; 1851 fw_su_offset = ROME_3_1_FW_SW_OFFSET; 1852 goto download; 1853 case ROME_VER_3_2: 1854 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH; 1855 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH; 1856 fw_su_info = ROME_3_2_FW_SU; 1857 fw_su_offset = ROME_3_2_FW_SW_OFFSET; 1858 1859 download: 1860 /* Change baud rate 115.2 kbps to 3Mbps*/ 1861 err = rome_set_baudrate_req(fd); 1862 if (err < 0) { 1863 ALOGE("%s: Baud rate change failed!", __FUNCTION__); 1864 goto error; 1865 } 1866 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__); 1867 /* Donwload TLV files (rampatch, NVM) */ 1868 err = rome_download_tlv_file(fd); 1869 if (err < 0) { 1870 ALOGE("%s: Download TLV file failed!", __FUNCTION__); 1871 goto error; 1872 } 1873 ALOGI("%s: Download TLV file successfully ", __FUNCTION__); 1874 1875 /* Get SU FM label information */ 1876 if((err = rome_get_build_info_req(fd)) <0){ 1877 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err); 1878 //Ignore the failure of ROME FW SU label information 1879 err = 0; 1880 } 1881 1882 /* Disable internal LDO to use external LDO instead*/ 1883 err = disable_internal_ldo(fd); 1884 1885 /* Send HCI Reset */ 1886 err = rome_hci_reset(fd); 1887 if ( err <0 ) { 1888 ALOGE("HCI Reset Failed !!"); 1889 goto error; 1890 } 1891 1892 ALOGI("HCI Reset is done\n"); 1893 1894 break; 1895 case ROME_VER_UNKNOWN: 1896 default: 1897 ALOGI("%s: Detected unknown ROME version", __FUNCTION__); 1898 err = -1; 1899 break; 1900 } 1901 1902 error: 1903 return err; 1904 } 1905