1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20#include <linux/module.h>
21#include <linux/firmware.h>
22
23#include <net/bluetooth/bluetooth.h>
24#include <net/bluetooth/hci_core.h>
25
26#include "btqca.h"
27
28#define VERSION "0.1"
29
30static int rome_patch_ver_req(struct hci_dev *hdev, u32 *rome_version)
31{
32 struct sk_buff *skb;
33 struct edl_event_hdr *edl;
34 struct rome_version *ver;
35 char cmd;
36 int err = 0;
37
38 BT_DBG("%s: ROME Patch Version Request", hdev->name);
39
40 cmd = EDL_PATCH_VER_REQ_CMD;
41 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
42 &cmd, HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
43 if (IS_ERR(skb)) {
44 err = PTR_ERR(skb);
45 BT_ERR("%s: Failed to read version of ROME (%d)", hdev->name,
46 err);
47 return err;
48 }
49
50 if (skb->len != sizeof(*edl) + sizeof(*ver)) {
51 BT_ERR("%s: Version size mismatch len %d", hdev->name,
52 skb->len);
53 err = -EILSEQ;
54 goto out;
55 }
56
57 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) {
59 BT_ERR("%s: TLV with no header", hdev->name);
60 err = -EILSEQ;
61 goto out;
62 }
63
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != EDL_APP_VER_RES_EVT) {
66 BT_ERR("%s: Wrong packet received %d %d", hdev->name,
67 edl->cresp, edl->rtype);
68 err = -EIO;
69 goto out;
70 }
71
72 ver = (struct rome_version *)(edl->data);
73
74 BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
75 BT_DBG("%s: Patch :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
76 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
77 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
78
79
80
81
82
83 *rome_version = (le32_to_cpu(ver->soc_id) << 16) |
84 (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
85
86out:
87 kfree_skb(skb);
88
89 return err;
90}
91
92static int rome_reset(struct hci_dev *hdev)
93{
94 struct sk_buff *skb;
95 int err;
96
97 BT_DBG("%s: ROME HCI_RESET", hdev->name);
98
99 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
100 if (IS_ERR(skb)) {
101 err = PTR_ERR(skb);
102 BT_ERR("%s: Reset failed (%d)", hdev->name, err);
103 return err;
104 }
105
106 kfree_skb(skb);
107
108 return 0;
109}
110
111static void rome_tlv_check_data(struct rome_config *config,
112 const struct firmware *fw)
113{
114 const u8 *data;
115 u32 type_len;
116 u16 tag_id, tag_len;
117 int idx, length;
118 struct tlv_type_hdr *tlv;
119 struct tlv_type_patch *tlv_patch;
120 struct tlv_type_nvm *tlv_nvm;
121
122 tlv = (struct tlv_type_hdr *)fw->data;
123
124 type_len = le32_to_cpu(tlv->type_len);
125 length = (type_len >> 8) & 0x00ffffff;
126
127 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
128 BT_DBG("Length\t\t : %d bytes", length);
129
130 config->dnld_mode = ROME_SKIP_EVT_NONE;
131
132 switch (config->type) {
133 case TLV_TYPE_PATCH:
134 tlv_patch = (struct tlv_type_patch *)tlv->data;
135
136
137
138
139
140
141
142 config->dnld_mode = tlv_patch->download_mode;
143
144 BT_DBG("Total Length : %d bytes",
145 le32_to_cpu(tlv_patch->total_size));
146 BT_DBG("Patch Data Length : %d bytes",
147 le32_to_cpu(tlv_patch->data_length));
148 BT_DBG("Signing Format Version : 0x%x",
149 tlv_patch->format_version);
150 BT_DBG("Signature Algorithm : 0x%x",
151 tlv_patch->signature);
152 BT_DBG("Download mode : 0x%x",
153 tlv_patch->download_mode);
154 BT_DBG("Reserved : 0x%x",
155 tlv_patch->reserved1);
156 BT_DBG("Product ID : 0x%04x",
157 le16_to_cpu(tlv_patch->product_id));
158 BT_DBG("Rom Build Version : 0x%04x",
159 le16_to_cpu(tlv_patch->rom_build));
160 BT_DBG("Patch Version : 0x%04x",
161 le16_to_cpu(tlv_patch->patch_version));
162 BT_DBG("Reserved : 0x%x",
163 le16_to_cpu(tlv_patch->reserved2));
164 BT_DBG("Patch Entry Address : 0x%x",
165 le32_to_cpu(tlv_patch->entry));
166 break;
167
168 case TLV_TYPE_NVM:
169 idx = 0;
170 data = tlv->data;
171 while (idx < length) {
172 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
173
174 tag_id = le16_to_cpu(tlv_nvm->tag_id);
175 tag_len = le16_to_cpu(tlv_nvm->tag_len);
176
177
178 switch (tag_id) {
179 case EDL_TAG_ID_HCI:
180
181
182
183
184 tlv_nvm->data[0] |= 0x80;
185
186
187 tlv_nvm->data[2] = config->user_baud_rate;
188
189 break;
190
191 case EDL_TAG_ID_DEEP_SLEEP:
192
193
194
195 tlv_nvm->data[0] |= 0x01;
196
197 break;
198 }
199
200 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
201 }
202 break;
203
204 default:
205 BT_ERR("Unknown TLV type %d", config->type);
206 break;
207 }
208}
209
210static int rome_tlv_send_segment(struct hci_dev *hdev, int seg_size,
211 const u8 *data, enum rome_tlv_dnld_mode mode)
212{
213 struct sk_buff *skb;
214 struct edl_event_hdr *edl;
215 struct tlv_seg_resp *tlv_resp;
216 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
217 int err = 0;
218
219 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
220 cmd[1] = seg_size;
221 memcpy(cmd + 2, data, seg_size);
222
223 if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE)
224 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
225 cmd);
226
227 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
228 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
229 if (IS_ERR(skb)) {
230 err = PTR_ERR(skb);
231 BT_ERR("%s: Failed to send TLV segment (%d)", hdev->name, err);
232 return err;
233 }
234
235 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
236 BT_ERR("%s: TLV response size mismatch", hdev->name);
237 err = -EILSEQ;
238 goto out;
239 }
240
241 edl = (struct edl_event_hdr *)(skb->data);
242 if (!edl) {
243 BT_ERR("%s: TLV with no header", hdev->name);
244 err = -EILSEQ;
245 goto out;
246 }
247
248 tlv_resp = (struct tlv_seg_resp *)(edl->data);
249
250 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
251 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
252 BT_ERR("%s: TLV with error stat 0x%x rtype 0x%x (0x%x)",
253 hdev->name, edl->cresp, edl->rtype, tlv_resp->result);
254 err = -EIO;
255 }
256
257out:
258 kfree_skb(skb);
259
260 return err;
261}
262
263static int rome_download_firmware(struct hci_dev *hdev,
264 struct rome_config *config)
265{
266 const struct firmware *fw;
267 const u8 *segment;
268 int ret, remain, i = 0;
269
270 bt_dev_info(hdev, "ROME Downloading %s", config->fwname);
271
272 ret = request_firmware(&fw, config->fwname, &hdev->dev);
273 if (ret) {
274 BT_ERR("%s: Failed to request file: %s (%d)", hdev->name,
275 config->fwname, ret);
276 return ret;
277 }
278
279 rome_tlv_check_data(config, fw);
280
281 segment = fw->data;
282 remain = fw->size;
283 while (remain > 0) {
284 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
285
286 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
287
288 remain -= segsize;
289
290 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
291 config->dnld_mode = ROME_SKIP_EVT_NONE;
292
293 ret = rome_tlv_send_segment(hdev, segsize, segment,
294 config->dnld_mode);
295 if (ret)
296 break;
297
298 segment += segsize;
299 }
300
301 release_firmware(fw);
302
303 return ret;
304}
305
306int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
307{
308 struct sk_buff *skb;
309 u8 cmd[9];
310 int err;
311
312 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
313 cmd[1] = 0x02;
314 cmd[2] = sizeof(bdaddr_t);
315 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
316 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
317 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
318 if (IS_ERR(skb)) {
319 err = PTR_ERR(skb);
320 BT_ERR("%s: Change address command failed (%d)",
321 hdev->name, err);
322 return err;
323 }
324
325 kfree_skb(skb);
326
327 return 0;
328}
329EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
330
331int qca_uart_setup_rome(struct hci_dev *hdev, uint8_t baudrate)
332{
333 u32 rome_ver = 0;
334 struct rome_config config;
335 int err;
336
337 BT_DBG("%s: ROME setup on UART", hdev->name);
338
339 config.user_baud_rate = baudrate;
340
341
342 err = rome_patch_ver_req(hdev, &rome_ver);
343 if (err < 0 || rome_ver == 0) {
344 BT_ERR("%s: Failed to get version 0x%x", hdev->name, err);
345 return err;
346 }
347
348 bt_dev_info(hdev, "ROME controller version 0x%08x", rome_ver);
349
350
351 config.type = TLV_TYPE_PATCH;
352 snprintf(config.fwname, sizeof(config.fwname), "qca/rampatch_%08x.bin",
353 rome_ver);
354 err = rome_download_firmware(hdev, &config);
355 if (err < 0) {
356 BT_ERR("%s: Failed to download patch (%d)", hdev->name, err);
357 return err;
358 }
359
360
361 config.type = TLV_TYPE_NVM;
362 snprintf(config.fwname, sizeof(config.fwname), "qca/nvm_%08x.bin",
363 rome_ver);
364 err = rome_download_firmware(hdev, &config);
365 if (err < 0) {
366 BT_ERR("%s: Failed to download NVM (%d)", hdev->name, err);
367 return err;
368 }
369
370
371 err = rome_reset(hdev);
372 if (err < 0) {
373 BT_ERR("%s: Failed to run HCI_RESET (%d)", hdev->name, err);
374 return err;
375 }
376
377 bt_dev_info(hdev, "ROME setup on UART is completed");
378
379 return 0;
380}
381EXPORT_SYMBOL_GPL(qca_uart_setup_rome);
382
383MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
384MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
385MODULE_VERSION(VERSION);
386MODULE_LICENSE("GPL");
387
