Commit | Line | Data |
---|---|---|
1a59d1b8 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
48f0ed1b MH |
2 | /* |
3 | * | |
4 | * Bluetooth support for Intel devices | |
5 | * | |
6 | * Copyright (C) 2015 Intel Corporation | |
48f0ed1b MH |
7 | */ |
8 | ||
9 | #include <linux/module.h> | |
145f2368 | 10 | #include <linux/firmware.h> |
d06f107b | 11 | #include <linux/regmap.h> |
c585a92b | 12 | #include <linux/acpi.h> |
fbbe83c5 | 13 | #include <asm/unaligned.h> |
48f0ed1b MH |
14 | |
15 | #include <net/bluetooth/bluetooth.h> | |
16 | #include <net/bluetooth/hci_core.h> | |
17 | ||
18 | #include "btintel.h" | |
19 | ||
20 | #define VERSION "0.1" | |
21 | ||
81ebea53 K |
22 | #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) |
23 | #define RSA_HEADER_LEN 644 | |
24 | #define CSS_HEADER_OFFSET 8 | |
25 | #define ECDSA_OFFSET 644 | |
26 | #define ECDSA_HEADER_LEN 320 | |
48f0ed1b | 27 | |
c585a92b | 28 | #define BTINTEL_PPAG_NAME "PPAG" |
294d749b K |
29 | |
30 | /* structure to store the PPAG data read from ACPI table */ | |
31 | struct btintel_ppag { | |
32 | u32 domain; | |
33 | u32 mode; | |
34 | acpi_status status; | |
35 | struct hci_dev *hdev; | |
36 | }; | |
c585a92b | 37 | |
ac056546 LAD |
38 | #define CMD_WRITE_BOOT_PARAMS 0xfc0e |
39 | struct cmd_write_boot_params { | |
069ab3f9 | 40 | __le32 boot_addr; |
ac056546 LAD |
41 | u8 fw_build_num; |
42 | u8 fw_build_ww; | |
43 | u8 fw_build_yy; | |
44 | } __packed; | |
45 | ||
48f0ed1b MH |
46 | int btintel_check_bdaddr(struct hci_dev *hdev) |
47 | { | |
48 | struct hci_rp_read_bd_addr *bda; | |
49 | struct sk_buff *skb; | |
50 | ||
51 | skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, | |
52 | HCI_INIT_TIMEOUT); | |
53 | if (IS_ERR(skb)) { | |
54 | int err = PTR_ERR(skb); | |
2064ee33 MH |
55 | bt_dev_err(hdev, "Reading Intel device address failed (%d)", |
56 | err); | |
48f0ed1b MH |
57 | return err; |
58 | } | |
59 | ||
60 | if (skb->len != sizeof(*bda)) { | |
2064ee33 | 61 | bt_dev_err(hdev, "Intel device address length mismatch"); |
48f0ed1b MH |
62 | kfree_skb(skb); |
63 | return -EIO; | |
64 | } | |
65 | ||
66 | bda = (struct hci_rp_read_bd_addr *)skb->data; | |
48f0ed1b MH |
67 | |
68 | /* For some Intel based controllers, the default Bluetooth device | |
69 | * address 00:03:19:9E:8B:00 can be found. These controllers are | |
70 | * fully operational, but have the danger of duplicate addresses | |
71 | * and that in turn can cause problems with Bluetooth operation. | |
72 | */ | |
73 | if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { | |
2064ee33 MH |
74 | bt_dev_err(hdev, "Found Intel default device address (%pMR)", |
75 | &bda->bdaddr); | |
48f0ed1b MH |
76 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); |
77 | } | |
78 | ||
79 | kfree_skb(skb); | |
80 | ||
81 | return 0; | |
82 | } | |
83 | EXPORT_SYMBOL_GPL(btintel_check_bdaddr); | |
84 | ||
28dc4b92 LP |
85 | int btintel_enter_mfg(struct hci_dev *hdev) |
86 | { | |
948c7ca0 | 87 | static const u8 param[] = { 0x01, 0x00 }; |
28dc4b92 LP |
88 | struct sk_buff *skb; |
89 | ||
90 | skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); | |
91 | if (IS_ERR(skb)) { | |
92 | bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)", | |
93 | PTR_ERR(skb)); | |
94 | return PTR_ERR(skb); | |
95 | } | |
96 | kfree_skb(skb); | |
97 | ||
98 | return 0; | |
99 | } | |
100 | EXPORT_SYMBOL_GPL(btintel_enter_mfg); | |
101 | ||
102 | int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched) | |
103 | { | |
104 | u8 param[] = { 0x00, 0x00 }; | |
105 | struct sk_buff *skb; | |
106 | ||
107 | /* The 2nd command parameter specifies the manufacturing exit method: | |
108 | * 0x00: Just disable the manufacturing mode (0x00). | |
109 | * 0x01: Disable manufacturing mode and reset with patches deactivated. | |
110 | * 0x02: Disable manufacturing mode and reset with patches activated. | |
111 | */ | |
112 | if (reset) | |
113 | param[1] |= patched ? 0x02 : 0x01; | |
114 | ||
115 | skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); | |
116 | if (IS_ERR(skb)) { | |
117 | bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)", | |
118 | PTR_ERR(skb)); | |
119 | return PTR_ERR(skb); | |
120 | } | |
121 | kfree_skb(skb); | |
122 | ||
123 | return 0; | |
124 | } | |
125 | EXPORT_SYMBOL_GPL(btintel_exit_mfg); | |
126 | ||
48f0ed1b MH |
127 | int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) |
128 | { | |
129 | struct sk_buff *skb; | |
130 | int err; | |
131 | ||
132 | skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); | |
133 | if (IS_ERR(skb)) { | |
134 | err = PTR_ERR(skb); | |
2064ee33 MH |
135 | bt_dev_err(hdev, "Changing Intel device address failed (%d)", |
136 | err); | |
48f0ed1b MH |
137 | return err; |
138 | } | |
139 | kfree_skb(skb); | |
140 | ||
141 | return 0; | |
142 | } | |
143 | EXPORT_SYMBOL_GPL(btintel_set_bdaddr); | |
144 | ||
0d8603b4 THJA |
145 | static int btintel_set_event_mask(struct hci_dev *hdev, bool debug) |
146 | { | |
147 | u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; | |
148 | struct sk_buff *skb; | |
149 | int err; | |
150 | ||
151 | if (debug) | |
152 | mask[1] |= 0x62; | |
153 | ||
154 | skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); | |
155 | if (IS_ERR(skb)) { | |
156 | err = PTR_ERR(skb); | |
157 | bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err); | |
158 | return err; | |
159 | } | |
160 | kfree_skb(skb); | |
161 | ||
162 | return 0; | |
163 | } | |
164 | ||
6d2e50d2 MH |
165 | int btintel_set_diag(struct hci_dev *hdev, bool enable) |
166 | { | |
167 | struct sk_buff *skb; | |
168 | u8 param[3]; | |
169 | int err; | |
170 | ||
6d2e50d2 MH |
171 | if (enable) { |
172 | param[0] = 0x03; | |
173 | param[1] = 0x03; | |
174 | param[2] = 0x03; | |
175 | } else { | |
176 | param[0] = 0x00; | |
177 | param[1] = 0x00; | |
178 | param[2] = 0x00; | |
179 | } | |
180 | ||
181 | skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); | |
182 | if (IS_ERR(skb)) { | |
183 | err = PTR_ERR(skb); | |
d8270fbb | 184 | if (err == -ENODATA) |
213445b2 | 185 | goto done; |
2064ee33 MH |
186 | bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)", |
187 | err); | |
6d2e50d2 MH |
188 | return err; |
189 | } | |
190 | kfree_skb(skb); | |
191 | ||
213445b2 MH |
192 | done: |
193 | btintel_set_event_mask(hdev, enable); | |
6d2e50d2 MH |
194 | return 0; |
195 | } | |
196 | EXPORT_SYMBOL_GPL(btintel_set_diag); | |
197 | ||
83f2dafe | 198 | static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) |
3e24767b | 199 | { |
28dc4b92 | 200 | int err, ret; |
3e24767b | 201 | |
28dc4b92 LP |
202 | err = btintel_enter_mfg(hdev); |
203 | if (err) | |
204 | return err; | |
3e24767b | 205 | |
28dc4b92 | 206 | ret = btintel_set_diag(hdev, enable); |
3e24767b | 207 | |
28dc4b92 LP |
208 | err = btintel_exit_mfg(hdev, false, false); |
209 | if (err) | |
210 | return err; | |
3e24767b | 211 | |
28dc4b92 | 212 | return ret; |
3e24767b | 213 | } |
3e24767b | 214 | |
55380714 THJA |
215 | static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable) |
216 | { | |
217 | int ret; | |
218 | ||
219 | /* Legacy ROM device needs to be in the manufacturer mode to apply | |
220 | * diagnostic setting | |
221 | * | |
222 | * This flag is set after reading the Intel version. | |
223 | */ | |
224 | if (btintel_test_flag(hdev, INTEL_ROM_LEGACY)) | |
225 | ret = btintel_set_diag_mfg(hdev, enable); | |
226 | else | |
227 | ret = btintel_set_diag(hdev, enable); | |
228 | ||
229 | return ret; | |
230 | } | |
231 | ||
0d8603b4 | 232 | static void btintel_hw_error(struct hci_dev *hdev, u8 code) |
973bb97e MH |
233 | { |
234 | struct sk_buff *skb; | |
235 | u8 type = 0x00; | |
236 | ||
2064ee33 | 237 | bt_dev_err(hdev, "Hardware error 0x%2.2x", code); |
973bb97e MH |
238 | |
239 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
240 | if (IS_ERR(skb)) { | |
2064ee33 MH |
241 | bt_dev_err(hdev, "Reset after hardware error failed (%ld)", |
242 | PTR_ERR(skb)); | |
973bb97e MH |
243 | return; |
244 | } | |
245 | kfree_skb(skb); | |
246 | ||
247 | skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); | |
248 | if (IS_ERR(skb)) { | |
2064ee33 MH |
249 | bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)", |
250 | PTR_ERR(skb)); | |
973bb97e MH |
251 | return; |
252 | } | |
253 | ||
254 | if (skb->len != 13) { | |
2064ee33 | 255 | bt_dev_err(hdev, "Exception info size mismatch"); |
973bb97e MH |
256 | kfree_skb(skb); |
257 | return; | |
258 | } | |
259 | ||
2064ee33 | 260 | bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1)); |
973bb97e MH |
261 | |
262 | kfree_skb(skb); | |
263 | } | |
973bb97e | 264 | |
d68903da | 265 | int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) |
7feb99e1 MH |
266 | { |
267 | const char *variant; | |
268 | ||
d68903da LAD |
269 | /* The hardware platform number has a fixed value of 0x37 and |
270 | * for now only accept this single value. | |
271 | */ | |
272 | if (ver->hw_platform != 0x37) { | |
273 | bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", | |
274 | ver->hw_platform); | |
275 | return -EINVAL; | |
276 | } | |
277 | ||
278 | /* Check for supported iBT hardware variants of this firmware | |
279 | * loading method. | |
280 | * | |
281 | * This check has been put in place to ensure correct forward | |
282 | * compatibility options when newer hardware variants come along. | |
283 | */ | |
284 | switch (ver->hw_variant) { | |
ca5425e1 THJA |
285 | case 0x07: /* WP - Legacy ROM */ |
286 | case 0x08: /* StP - Legacy ROM */ | |
d68903da LAD |
287 | case 0x0b: /* SfP */ |
288 | case 0x0c: /* WsP */ | |
289 | case 0x11: /* JfP */ | |
290 | case 0x12: /* ThP */ | |
291 | case 0x13: /* HrP */ | |
292 | case 0x14: /* CcP */ | |
293 | break; | |
294 | default: | |
295 | bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", | |
296 | ver->hw_variant); | |
297 | return -EINVAL; | |
298 | } | |
299 | ||
7feb99e1 | 300 | switch (ver->fw_variant) { |
ca5425e1 THJA |
301 | case 0x01: |
302 | variant = "Legacy ROM 2.5"; | |
303 | break; | |
7feb99e1 MH |
304 | case 0x06: |
305 | variant = "Bootloader"; | |
306 | break; | |
ca5425e1 THJA |
307 | case 0x22: |
308 | variant = "Legacy ROM 2.x"; | |
309 | break; | |
7feb99e1 MH |
310 | case 0x23: |
311 | variant = "Firmware"; | |
312 | break; | |
313 | default: | |
d68903da LAD |
314 | bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant); |
315 | return -EINVAL; | |
7feb99e1 MH |
316 | } |
317 | ||
2064ee33 MH |
318 | bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u", |
319 | variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, | |
320 | ver->fw_build_num, ver->fw_build_ww, | |
321 | 2000 + ver->fw_build_yy); | |
d68903da LAD |
322 | |
323 | return 0; | |
7feb99e1 MH |
324 | } |
325 | EXPORT_SYMBOL_GPL(btintel_version_info); | |
326 | ||
0d8603b4 THJA |
327 | static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, |
328 | const void *param) | |
09df123d MH |
329 | { |
330 | while (plen > 0) { | |
331 | struct sk_buff *skb; | |
332 | u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; | |
333 | ||
334 | cmd_param[0] = fragment_type; | |
335 | memcpy(cmd_param + 1, param, fragment_len); | |
336 | ||
337 | skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, | |
338 | cmd_param, HCI_INIT_TIMEOUT); | |
339 | if (IS_ERR(skb)) | |
340 | return PTR_ERR(skb); | |
341 | ||
342 | kfree_skb(skb); | |
343 | ||
344 | plen -= fragment_len; | |
345 | param += fragment_len; | |
346 | } | |
347 | ||
348 | return 0; | |
349 | } | |
09df123d | 350 | |
145f2368 LP |
351 | int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) |
352 | { | |
353 | const struct firmware *fw; | |
354 | struct sk_buff *skb; | |
355 | const u8 *fw_ptr; | |
356 | int err; | |
357 | ||
358 | err = request_firmware_direct(&fw, ddc_name, &hdev->dev); | |
359 | if (err < 0) { | |
360 | bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", | |
361 | ddc_name, err); | |
362 | return err; | |
363 | } | |
364 | ||
365 | bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); | |
366 | ||
367 | fw_ptr = fw->data; | |
368 | ||
369 | /* DDC file contains one or more DDC structure which has | |
370 | * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). | |
371 | */ | |
372 | while (fw->size > fw_ptr - fw->data) { | |
373 | u8 cmd_plen = fw_ptr[0] + sizeof(u8); | |
374 | ||
375 | skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, | |
376 | HCI_INIT_TIMEOUT); | |
377 | if (IS_ERR(skb)) { | |
378 | bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", | |
379 | PTR_ERR(skb)); | |
380 | release_firmware(fw); | |
381 | return PTR_ERR(skb); | |
382 | } | |
383 | ||
384 | fw_ptr += cmd_plen; | |
385 | kfree_skb(skb); | |
386 | } | |
387 | ||
388 | release_firmware(fw); | |
389 | ||
390 | bt_dev_info(hdev, "Applying Intel DDC parameters completed"); | |
391 | ||
392 | return 0; | |
393 | } | |
394 | EXPORT_SYMBOL_GPL(btintel_load_ddc_config); | |
395 | ||
213445b2 MH |
396 | int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) |
397 | { | |
28dc4b92 | 398 | int err, ret; |
213445b2 | 399 | |
28dc4b92 LP |
400 | err = btintel_enter_mfg(hdev); |
401 | if (err) | |
402 | return err; | |
213445b2 | 403 | |
28dc4b92 | 404 | ret = btintel_set_event_mask(hdev, debug); |
213445b2 | 405 | |
28dc4b92 LP |
406 | err = btintel_exit_mfg(hdev, false, false); |
407 | if (err) | |
408 | return err; | |
213445b2 | 409 | |
28dc4b92 | 410 | return ret; |
213445b2 MH |
411 | } |
412 | EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); | |
413 | ||
6c483de1 LP |
414 | int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver) |
415 | { | |
416 | struct sk_buff *skb; | |
417 | ||
418 | skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); | |
419 | if (IS_ERR(skb)) { | |
420 | bt_dev_err(hdev, "Reading Intel version information failed (%ld)", | |
421 | PTR_ERR(skb)); | |
422 | return PTR_ERR(skb); | |
423 | } | |
424 | ||
425 | if (skb->len != sizeof(*ver)) { | |
426 | bt_dev_err(hdev, "Intel version event size mismatch"); | |
427 | kfree_skb(skb); | |
428 | return -EILSEQ; | |
429 | } | |
430 | ||
431 | memcpy(ver, skb->data, sizeof(*ver)); | |
432 | ||
433 | kfree_skb(skb); | |
434 | ||
435 | return 0; | |
436 | } | |
437 | EXPORT_SYMBOL_GPL(btintel_read_version); | |
438 | ||
0d8603b4 THJA |
439 | static int btintel_version_info_tlv(struct hci_dev *hdev, |
440 | struct intel_version_tlv *version) | |
57375bee K |
441 | { |
442 | const char *variant; | |
443 | ||
0a460d8f LAD |
444 | /* The hardware platform number has a fixed value of 0x37 and |
445 | * for now only accept this single value. | |
446 | */ | |
447 | if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) { | |
448 | bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", | |
449 | INTEL_HW_PLATFORM(version->cnvi_bt)); | |
450 | return -EINVAL; | |
451 | } | |
452 | ||
453 | /* Check for supported iBT hardware variants of this firmware | |
454 | * loading method. | |
455 | * | |
456 | * This check has been put in place to ensure correct forward | |
457 | * compatibility options when newer hardware variants come along. | |
458 | */ | |
459 | switch (INTEL_HW_VARIANT(version->cnvi_bt)) { | |
460 | case 0x17: /* TyP */ | |
461 | case 0x18: /* Slr */ | |
462 | case 0x19: /* Slr-F */ | |
b43331b4 | 463 | case 0x1b: /* Mgr */ |
0a460d8f LAD |
464 | break; |
465 | default: | |
466 | bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)", | |
467 | INTEL_HW_VARIANT(version->cnvi_bt)); | |
468 | return -EINVAL; | |
469 | } | |
470 | ||
57375bee K |
471 | switch (version->img_type) { |
472 | case 0x01: | |
473 | variant = "Bootloader"; | |
7de3a42c LS |
474 | /* It is required that every single firmware fragment is acknowledged |
475 | * with a command complete event. If the boot parameters indicate | |
476 | * that this bootloader does not send them, then abort the setup. | |
477 | */ | |
478 | if (version->limited_cce != 0x00) { | |
479 | bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)", | |
480 | version->limited_cce); | |
481 | return -EINVAL; | |
482 | } | |
483 | ||
484 | /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */ | |
485 | if (version->sbe_type > 0x01) { | |
486 | bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)", | |
487 | version->sbe_type); | |
488 | return -EINVAL; | |
489 | } | |
490 | ||
57375bee K |
491 | bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id); |
492 | bt_dev_info(hdev, "Secure boot is %s", | |
493 | version->secure_boot ? "enabled" : "disabled"); | |
494 | bt_dev_info(hdev, "OTP lock is %s", | |
495 | version->otp_lock ? "enabled" : "disabled"); | |
496 | bt_dev_info(hdev, "API lock is %s", | |
497 | version->api_lock ? "enabled" : "disabled"); | |
498 | bt_dev_info(hdev, "Debug lock is %s", | |
499 | version->debug_lock ? "enabled" : "disabled"); | |
500 | bt_dev_info(hdev, "Minimum firmware build %u week %u %u", | |
501 | version->min_fw_build_nn, version->min_fw_build_cw, | |
502 | 2000 + version->min_fw_build_yy); | |
503 | break; | |
504 | case 0x03: | |
505 | variant = "Firmware"; | |
506 | break; | |
507 | default: | |
508 | bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type); | |
0a460d8f | 509 | return -EINVAL; |
57375bee K |
510 | } |
511 | ||
512 | bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant, | |
513 | 2000 + (version->timestamp >> 8), version->timestamp & 0xff, | |
514 | version->build_type, version->build_num); | |
515 | ||
0a460d8f | 516 | return 0; |
57375bee | 517 | } |
57375bee | 518 | |
ca5425e1 THJA |
519 | static int btintel_parse_version_tlv(struct hci_dev *hdev, |
520 | struct intel_version_tlv *version, | |
521 | struct sk_buff *skb) | |
522 | { | |
523 | /* Consume Command Complete Status field */ | |
524 | skb_pull(skb, 1); | |
525 | ||
526 | /* Event parameters contatin multiple TLVs. Read each of them | |
527 | * and only keep the required data. Also, it use existing legacy | |
528 | * version field like hw_platform, hw_variant, and fw_variant | |
529 | * to keep the existing setup flow | |
530 | */ | |
531 | while (skb->len) { | |
532 | struct intel_tlv *tlv; | |
533 | ||
534 | /* Make sure skb has a minimum length of the header */ | |
535 | if (skb->len < sizeof(*tlv)) | |
536 | return -EINVAL; | |
537 | ||
538 | tlv = (struct intel_tlv *)skb->data; | |
539 | ||
540 | /* Make sure skb has a enough data */ | |
541 | if (skb->len < tlv->len + sizeof(*tlv)) | |
542 | return -EINVAL; | |
543 | ||
544 | switch (tlv->type) { | |
545 | case INTEL_TLV_CNVI_TOP: | |
546 | version->cnvi_top = get_unaligned_le32(tlv->val); | |
547 | break; | |
548 | case INTEL_TLV_CNVR_TOP: | |
549 | version->cnvr_top = get_unaligned_le32(tlv->val); | |
550 | break; | |
551 | case INTEL_TLV_CNVI_BT: | |
552 | version->cnvi_bt = get_unaligned_le32(tlv->val); | |
553 | break; | |
554 | case INTEL_TLV_CNVR_BT: | |
555 | version->cnvr_bt = get_unaligned_le32(tlv->val); | |
556 | break; | |
557 | case INTEL_TLV_DEV_REV_ID: | |
558 | version->dev_rev_id = get_unaligned_le16(tlv->val); | |
559 | break; | |
560 | case INTEL_TLV_IMAGE_TYPE: | |
561 | version->img_type = tlv->val[0]; | |
562 | break; | |
563 | case INTEL_TLV_TIME_STAMP: | |
564 | /* If image type is Operational firmware (0x03), then | |
565 | * running FW Calendar Week and Year information can | |
566 | * be extracted from Timestamp information | |
567 | */ | |
568 | version->min_fw_build_cw = tlv->val[0]; | |
569 | version->min_fw_build_yy = tlv->val[1]; | |
570 | version->timestamp = get_unaligned_le16(tlv->val); | |
571 | break; | |
572 | case INTEL_TLV_BUILD_TYPE: | |
573 | version->build_type = tlv->val[0]; | |
574 | break; | |
575 | case INTEL_TLV_BUILD_NUM: | |
576 | /* If image type is Operational firmware (0x03), then | |
577 | * running FW build number can be extracted from the | |
578 | * Build information | |
579 | */ | |
580 | version->min_fw_build_nn = tlv->val[0]; | |
581 | version->build_num = get_unaligned_le32(tlv->val); | |
582 | break; | |
583 | case INTEL_TLV_SECURE_BOOT: | |
584 | version->secure_boot = tlv->val[0]; | |
585 | break; | |
586 | case INTEL_TLV_OTP_LOCK: | |
587 | version->otp_lock = tlv->val[0]; | |
588 | break; | |
589 | case INTEL_TLV_API_LOCK: | |
590 | version->api_lock = tlv->val[0]; | |
591 | break; | |
592 | case INTEL_TLV_DEBUG_LOCK: | |
593 | version->debug_lock = tlv->val[0]; | |
594 | break; | |
595 | case INTEL_TLV_MIN_FW: | |
596 | version->min_fw_build_nn = tlv->val[0]; | |
597 | version->min_fw_build_cw = tlv->val[1]; | |
598 | version->min_fw_build_yy = tlv->val[2]; | |
599 | break; | |
600 | case INTEL_TLV_LIMITED_CCE: | |
601 | version->limited_cce = tlv->val[0]; | |
602 | break; | |
603 | case INTEL_TLV_SBE_TYPE: | |
604 | version->sbe_type = tlv->val[0]; | |
605 | break; | |
606 | case INTEL_TLV_OTP_BDADDR: | |
607 | memcpy(&version->otp_bd_addr, tlv->val, | |
608 | sizeof(bdaddr_t)); | |
609 | break; | |
610 | default: | |
611 | /* Ignore rest of information */ | |
612 | break; | |
613 | } | |
614 | /* consume the current tlv and move to next*/ | |
615 | skb_pull(skb, tlv->len + sizeof(*tlv)); | |
616 | } | |
617 | ||
618 | return 0; | |
619 | } | |
620 | ||
0d8603b4 THJA |
621 | static int btintel_read_version_tlv(struct hci_dev *hdev, |
622 | struct intel_version_tlv *version) | |
57375bee K |
623 | { |
624 | struct sk_buff *skb; | |
625 | const u8 param[1] = { 0xFF }; | |
626 | ||
627 | if (!version) | |
628 | return -EINVAL; | |
629 | ||
630 | skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); | |
631 | if (IS_ERR(skb)) { | |
632 | bt_dev_err(hdev, "Reading Intel version information failed (%ld)", | |
633 | PTR_ERR(skb)); | |
634 | return PTR_ERR(skb); | |
635 | } | |
636 | ||
637 | if (skb->data[0]) { | |
638 | bt_dev_err(hdev, "Intel Read Version command failed (%02x)", | |
639 | skb->data[0]); | |
640 | kfree_skb(skb); | |
641 | return -EIO; | |
642 | } | |
643 | ||
019a1caa | 644 | btintel_parse_version_tlv(hdev, version, skb); |
57375bee K |
645 | |
646 | kfree_skb(skb); | |
647 | return 0; | |
648 | } | |
57375bee | 649 | |
d06f107b LP |
650 | /* ------- REGMAP IBT SUPPORT ------- */ |
651 | ||
652 | #define IBT_REG_MODE_8BIT 0x00 | |
653 | #define IBT_REG_MODE_16BIT 0x01 | |
654 | #define IBT_REG_MODE_32BIT 0x02 | |
655 | ||
656 | struct regmap_ibt_context { | |
657 | struct hci_dev *hdev; | |
658 | __u16 op_write; | |
659 | __u16 op_read; | |
660 | }; | |
661 | ||
662 | struct ibt_cp_reg_access { | |
663 | __le32 addr; | |
664 | __u8 mode; | |
665 | __u8 len; | |
683cc86d | 666 | __u8 data[]; |
d06f107b LP |
667 | } __packed; |
668 | ||
669 | struct ibt_rp_reg_access { | |
670 | __u8 status; | |
671 | __le32 addr; | |
683cc86d | 672 | __u8 data[]; |
d06f107b LP |
673 | } __packed; |
674 | ||
675 | static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, | |
676 | void *val, size_t val_size) | |
677 | { | |
678 | struct regmap_ibt_context *ctx = context; | |
679 | struct ibt_cp_reg_access cp; | |
680 | struct ibt_rp_reg_access *rp; | |
681 | struct sk_buff *skb; | |
682 | int err = 0; | |
683 | ||
684 | if (reg_size != sizeof(__le32)) | |
685 | return -EINVAL; | |
686 | ||
687 | switch (val_size) { | |
688 | case 1: | |
689 | cp.mode = IBT_REG_MODE_8BIT; | |
690 | break; | |
691 | case 2: | |
692 | cp.mode = IBT_REG_MODE_16BIT; | |
693 | break; | |
694 | case 4: | |
695 | cp.mode = IBT_REG_MODE_32BIT; | |
696 | break; | |
697 | default: | |
698 | return -EINVAL; | |
699 | } | |
700 | ||
701 | /* regmap provides a little-endian formatted addr */ | |
702 | cp.addr = *(__le32 *)addr; | |
703 | cp.len = val_size; | |
704 | ||
705 | bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); | |
706 | ||
707 | skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, | |
708 | HCI_CMD_TIMEOUT); | |
709 | if (IS_ERR(skb)) { | |
710 | err = PTR_ERR(skb); | |
711 | bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", | |
712 | le32_to_cpu(cp.addr), err); | |
713 | return err; | |
714 | } | |
715 | ||
716 | if (skb->len != sizeof(*rp) + val_size) { | |
717 | bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", | |
718 | le32_to_cpu(cp.addr)); | |
719 | err = -EINVAL; | |
720 | goto done; | |
721 | } | |
722 | ||
723 | rp = (struct ibt_rp_reg_access *)skb->data; | |
724 | ||
725 | if (rp->addr != cp.addr) { | |
726 | bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", | |
727 | le32_to_cpu(rp->addr)); | |
728 | err = -EINVAL; | |
729 | goto done; | |
730 | } | |
731 | ||
732 | memcpy(val, rp->data, val_size); | |
733 | ||
734 | done: | |
735 | kfree_skb(skb); | |
736 | return err; | |
737 | } | |
738 | ||
739 | static int regmap_ibt_gather_write(void *context, | |
740 | const void *addr, size_t reg_size, | |
741 | const void *val, size_t val_size) | |
742 | { | |
743 | struct regmap_ibt_context *ctx = context; | |
744 | struct ibt_cp_reg_access *cp; | |
745 | struct sk_buff *skb; | |
746 | int plen = sizeof(*cp) + val_size; | |
747 | u8 mode; | |
748 | int err = 0; | |
749 | ||
750 | if (reg_size != sizeof(__le32)) | |
751 | return -EINVAL; | |
752 | ||
753 | switch (val_size) { | |
754 | case 1: | |
755 | mode = IBT_REG_MODE_8BIT; | |
756 | break; | |
757 | case 2: | |
758 | mode = IBT_REG_MODE_16BIT; | |
759 | break; | |
760 | case 4: | |
761 | mode = IBT_REG_MODE_32BIT; | |
762 | break; | |
763 | default: | |
764 | return -EINVAL; | |
765 | } | |
766 | ||
767 | cp = kmalloc(plen, GFP_KERNEL); | |
768 | if (!cp) | |
769 | return -ENOMEM; | |
770 | ||
771 | /* regmap provides a little-endian formatted addr/value */ | |
772 | cp->addr = *(__le32 *)addr; | |
773 | cp->mode = mode; | |
774 | cp->len = val_size; | |
775 | memcpy(&cp->data, val, val_size); | |
776 | ||
777 | bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); | |
778 | ||
779 | skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); | |
780 | if (IS_ERR(skb)) { | |
781 | err = PTR_ERR(skb); | |
782 | bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", | |
783 | le32_to_cpu(cp->addr), err); | |
784 | goto done; | |
785 | } | |
786 | kfree_skb(skb); | |
787 | ||
788 | done: | |
789 | kfree(cp); | |
790 | return err; | |
791 | } | |
792 | ||
793 | static int regmap_ibt_write(void *context, const void *data, size_t count) | |
794 | { | |
795 | /* data contains register+value, since we only support 32bit addr, | |
796 | * minimum data size is 4 bytes. | |
797 | */ | |
798 | if (WARN_ONCE(count < 4, "Invalid register access")) | |
799 | return -EINVAL; | |
800 | ||
801 | return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); | |
802 | } | |
803 | ||
804 | static void regmap_ibt_free_context(void *context) | |
805 | { | |
806 | kfree(context); | |
807 | } | |
808 | ||
bf7380e2 | 809 | static const struct regmap_bus regmap_ibt = { |
d06f107b LP |
810 | .read = regmap_ibt_read, |
811 | .write = regmap_ibt_write, | |
812 | .gather_write = regmap_ibt_gather_write, | |
813 | .free_context = regmap_ibt_free_context, | |
814 | .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, | |
815 | .val_format_endian_default = REGMAP_ENDIAN_LITTLE, | |
816 | }; | |
817 | ||
818 | /* Config is the same for all register regions */ | |
819 | static const struct regmap_config regmap_ibt_cfg = { | |
820 | .name = "btintel_regmap", | |
821 | .reg_bits = 32, | |
822 | .val_bits = 32, | |
823 | }; | |
824 | ||
825 | struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, | |
826 | u16 opcode_write) | |
827 | { | |
828 | struct regmap_ibt_context *ctx; | |
829 | ||
830 | bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, | |
831 | opcode_write); | |
832 | ||
833 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | |
834 | if (!ctx) | |
835 | return ERR_PTR(-ENOMEM); | |
836 | ||
837 | ctx->op_read = opcode_read; | |
838 | ctx->op_write = opcode_write; | |
839 | ctx->hdev = hdev; | |
840 | ||
841 | return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); | |
842 | } | |
843 | EXPORT_SYMBOL_GPL(btintel_regmap_init); | |
844 | ||
e5889af6 THJA |
845 | int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param) |
846 | { | |
847 | struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 }; | |
848 | struct sk_buff *skb; | |
849 | ||
850 | params.boot_param = cpu_to_le32(boot_param); | |
851 | ||
852 | skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms, | |
853 | HCI_INIT_TIMEOUT); | |
854 | if (IS_ERR(skb)) { | |
855 | bt_dev_err(hdev, "Failed to send Intel Reset command"); | |
856 | return PTR_ERR(skb); | |
857 | } | |
858 | ||
859 | kfree_skb(skb); | |
860 | ||
861 | return 0; | |
862 | } | |
863 | EXPORT_SYMBOL_GPL(btintel_send_intel_reset); | |
864 | ||
faf174d2 THJA |
865 | int btintel_read_boot_params(struct hci_dev *hdev, |
866 | struct intel_boot_params *params) | |
867 | { | |
868 | struct sk_buff *skb; | |
869 | ||
870 | skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); | |
871 | if (IS_ERR(skb)) { | |
872 | bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", | |
873 | PTR_ERR(skb)); | |
874 | return PTR_ERR(skb); | |
875 | } | |
876 | ||
877 | if (skb->len != sizeof(*params)) { | |
878 | bt_dev_err(hdev, "Intel boot parameters size mismatch"); | |
879 | kfree_skb(skb); | |
880 | return -EILSEQ; | |
881 | } | |
882 | ||
883 | memcpy(params, skb->data, sizeof(*params)); | |
884 | ||
885 | kfree_skb(skb); | |
886 | ||
887 | if (params->status) { | |
888 | bt_dev_err(hdev, "Intel boot parameters command failed (%02x)", | |
889 | params->status); | |
890 | return -bt_to_errno(params->status); | |
891 | } | |
892 | ||
893 | bt_dev_info(hdev, "Device revision is %u", | |
894 | le16_to_cpu(params->dev_revid)); | |
895 | ||
896 | bt_dev_info(hdev, "Secure boot is %s", | |
897 | params->secure_boot ? "enabled" : "disabled"); | |
898 | ||
899 | bt_dev_info(hdev, "OTP lock is %s", | |
900 | params->otp_lock ? "enabled" : "disabled"); | |
901 | ||
902 | bt_dev_info(hdev, "API lock is %s", | |
903 | params->api_lock ? "enabled" : "disabled"); | |
904 | ||
905 | bt_dev_info(hdev, "Debug lock is %s", | |
906 | params->debug_lock ? "enabled" : "disabled"); | |
907 | ||
908 | bt_dev_info(hdev, "Minimum firmware build %u week %u %u", | |
909 | params->min_fw_build_nn, params->min_fw_build_cw, | |
910 | 2000 + params->min_fw_build_yy); | |
911 | ||
912 | return 0; | |
913 | } | |
914 | EXPORT_SYMBOL_GPL(btintel_read_boot_params); | |
915 | ||
e9117215 K |
916 | static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev, |
917 | const struct firmware *fw) | |
fbbe83c5 THJA |
918 | { |
919 | int err; | |
fbbe83c5 THJA |
920 | |
921 | /* Start the firmware download transaction with the Init fragment | |
922 | * represented by the 128 bytes of CSS header. | |
923 | */ | |
924 | err = btintel_secure_send(hdev, 0x00, 128, fw->data); | |
925 | if (err < 0) { | |
926 | bt_dev_err(hdev, "Failed to send firmware header (%d)", err); | |
927 | goto done; | |
928 | } | |
929 | ||
930 | /* Send the 256 bytes of public key information from the firmware | |
931 | * as the PKey fragment. | |
932 | */ | |
933 | err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); | |
934 | if (err < 0) { | |
935 | bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); | |
936 | goto done; | |
937 | } | |
938 | ||
939 | /* Send the 256 bytes of signature information from the firmware | |
940 | * as the Sign fragment. | |
941 | */ | |
942 | err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); | |
943 | if (err < 0) { | |
944 | bt_dev_err(hdev, "Failed to send firmware signature (%d)", err); | |
945 | goto done; | |
946 | } | |
947 | ||
e9117215 K |
948 | done: |
949 | return err; | |
950 | } | |
951 | ||
81ebea53 K |
952 | static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev, |
953 | const struct firmware *fw) | |
954 | { | |
955 | int err; | |
956 | ||
957 | /* Start the firmware download transaction with the Init fragment | |
958 | * represented by the 128 bytes of CSS header. | |
959 | */ | |
960 | err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644); | |
961 | if (err < 0) { | |
962 | bt_dev_err(hdev, "Failed to send firmware header (%d)", err); | |
963 | return err; | |
964 | } | |
965 | ||
966 | /* Send the 96 bytes of public key information from the firmware | |
967 | * as the PKey fragment. | |
968 | */ | |
969 | err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128); | |
970 | if (err < 0) { | |
971 | bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); | |
972 | return err; | |
973 | } | |
974 | ||
975 | /* Send the 96 bytes of signature information from the firmware | |
976 | * as the Sign fragment | |
977 | */ | |
978 | err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224); | |
979 | if (err < 0) { | |
980 | bt_dev_err(hdev, "Failed to send firmware signature (%d)", | |
981 | err); | |
982 | return err; | |
983 | } | |
984 | return 0; | |
985 | } | |
986 | ||
e9117215 K |
987 | static int btintel_download_firmware_payload(struct hci_dev *hdev, |
988 | const struct firmware *fw, | |
ac056546 | 989 | size_t offset) |
e9117215 K |
990 | { |
991 | int err; | |
992 | const u8 *fw_ptr; | |
993 | u32 frag_len; | |
994 | ||
995 | fw_ptr = fw->data + offset; | |
fbbe83c5 | 996 | frag_len = 0; |
e9117215 | 997 | err = -EINVAL; |
fbbe83c5 THJA |
998 | |
999 | while (fw_ptr - fw->data < fw->size) { | |
1000 | struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); | |
1001 | ||
fbbe83c5 THJA |
1002 | frag_len += sizeof(*cmd) + cmd->plen; |
1003 | ||
1004 | /* The parameter length of the secure send command requires | |
1005 | * a 4 byte alignment. It happens so that the firmware file | |
1006 | * contains proper Intel_NOP commands to align the fragments | |
1007 | * as needed. | |
1008 | * | |
1009 | * Send set of commands with 4 byte alignment from the | |
1010 | * firmware data buffer as a single Data fragement. | |
1011 | */ | |
1012 | if (!(frag_len % 4)) { | |
1013 | err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); | |
1014 | if (err < 0) { | |
1015 | bt_dev_err(hdev, | |
1016 | "Failed to send firmware data (%d)", | |
1017 | err); | |
1018 | goto done; | |
1019 | } | |
1020 | ||
1021 | fw_ptr += frag_len; | |
1022 | frag_len = 0; | |
1023 | } | |
1024 | } | |
1025 | ||
1026 | done: | |
1027 | return err; | |
1028 | } | |
e9117215 | 1029 | |
ac056546 LAD |
1030 | static bool btintel_firmware_version(struct hci_dev *hdev, |
1031 | u8 num, u8 ww, u8 yy, | |
1032 | const struct firmware *fw, | |
1033 | u32 *boot_addr) | |
1034 | { | |
1035 | const u8 *fw_ptr; | |
1036 | ||
1037 | fw_ptr = fw->data; | |
1038 | ||
1039 | while (fw_ptr - fw->data < fw->size) { | |
1040 | struct hci_command_hdr *cmd = (void *)(fw_ptr); | |
1041 | ||
1042 | /* Each SKU has a different reset parameter to use in the | |
1043 | * HCI_Intel_Reset command and it is embedded in the firmware | |
1044 | * data. So, instead of using static value per SKU, check | |
1045 | * the firmware data and save it for later use. | |
1046 | */ | |
1047 | if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) { | |
1048 | struct cmd_write_boot_params *params; | |
1049 | ||
1050 | params = (void *)(fw_ptr + sizeof(*cmd)); | |
1051 | ||
15a91f91 K |
1052 | *boot_addr = le32_to_cpu(params->boot_addr); |
1053 | ||
1054 | bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr); | |
ac056546 LAD |
1055 | |
1056 | bt_dev_info(hdev, "Firmware Version: %u-%u.%u", | |
1057 | params->fw_build_num, params->fw_build_ww, | |
1058 | params->fw_build_yy); | |
1059 | ||
1060 | return (num == params->fw_build_num && | |
1061 | ww == params->fw_build_ww && | |
1062 | yy == params->fw_build_yy); | |
1063 | } | |
1064 | ||
1065 | fw_ptr += sizeof(*cmd) + cmd->plen; | |
1066 | } | |
1067 | ||
1068 | return false; | |
1069 | } | |
1070 | ||
e9117215 | 1071 | int btintel_download_firmware(struct hci_dev *hdev, |
ac056546 | 1072 | struct intel_version *ver, |
e9117215 K |
1073 | const struct firmware *fw, |
1074 | u32 *boot_param) | |
1075 | { | |
1076 | int err; | |
1077 | ||
ac056546 LAD |
1078 | /* SfP and WsP don't seem to update the firmware version on file |
1079 | * so version checking is currently not possible. | |
1080 | */ | |
1081 | switch (ver->hw_variant) { | |
1082 | case 0x0b: /* SfP */ | |
1083 | case 0x0c: /* WsP */ | |
1084 | /* Skip version checking */ | |
1085 | break; | |
1086 | default: | |
1f4ec585 | 1087 | |
ac056546 LAD |
1088 | /* Skip download if firmware has the same version */ |
1089 | if (btintel_firmware_version(hdev, ver->fw_build_num, | |
1090 | ver->fw_build_ww, ver->fw_build_yy, | |
1091 | fw, boot_param)) { | |
1092 | bt_dev_info(hdev, "Firmware already loaded"); | |
1093 | /* Return -EALREADY to indicate that the firmware has | |
1094 | * already been loaded. | |
1095 | */ | |
1096 | return -EALREADY; | |
1097 | } | |
1098 | } | |
1099 | ||
9b16bfbf LAD |
1100 | /* The firmware variant determines if the device is in bootloader |
1101 | * mode or is running operational firmware. The value 0x06 identifies | |
1102 | * the bootloader and the value 0x23 identifies the operational | |
1103 | * firmware. | |
1104 | * | |
1105 | * If the firmware version has changed that means it needs to be reset | |
1106 | * to bootloader when operational so the new firmware can be loaded. | |
1107 | */ | |
1108 | if (ver->fw_variant == 0x23) | |
1109 | return -EINVAL; | |
1110 | ||
e9117215 K |
1111 | err = btintel_sfi_rsa_header_secure_send(hdev, fw); |
1112 | if (err) | |
1113 | return err; | |
1114 | ||
ac056546 | 1115 | return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); |
e9117215 | 1116 | } |
fbbe83c5 THJA |
1117 | EXPORT_SYMBOL_GPL(btintel_download_firmware); |
1118 | ||
019a1caa THJA |
1119 | static int btintel_download_fw_tlv(struct hci_dev *hdev, |
1120 | struct intel_version_tlv *ver, | |
1121 | const struct firmware *fw, u32 *boot_param, | |
1122 | u8 hw_variant, u8 sbe_type) | |
81ebea53 K |
1123 | { |
1124 | int err; | |
1125 | u32 css_header_ver; | |
1126 | ||
35191a0f K |
1127 | /* Skip download if firmware has the same version */ |
1128 | if (btintel_firmware_version(hdev, ver->min_fw_build_nn, | |
1129 | ver->min_fw_build_cw, | |
1130 | ver->min_fw_build_yy, | |
1131 | fw, boot_param)) { | |
1132 | bt_dev_info(hdev, "Firmware already loaded"); | |
1133 | /* Return -EALREADY to indicate that firmware has | |
1134 | * already been loaded. | |
1135 | */ | |
1136 | return -EALREADY; | |
ac056546 LAD |
1137 | } |
1138 | ||
9b16bfbf LAD |
1139 | /* The firmware variant determines if the device is in bootloader |
1140 | * mode or is running operational firmware. The value 0x01 identifies | |
1141 | * the bootloader and the value 0x03 identifies the operational | |
1142 | * firmware. | |
1143 | * | |
1144 | * If the firmware version has changed that means it needs to be reset | |
1145 | * to bootloader when operational so the new firmware can be loaded. | |
1146 | */ | |
1147 | if (ver->img_type == 0x03) | |
1148 | return -EINVAL; | |
1149 | ||
81ebea53 K |
1150 | /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support |
1151 | * only RSA secure boot engine. Hence, the corresponding sfi file will | |
1152 | * have RSA header of 644 bytes followed by Command Buffer. | |
1153 | * | |
1154 | * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA | |
1155 | * secure boot engine. As a result, the corresponding sfi file will | |
1156 | * have RSA header of 644, ECDSA header of 320 bytes followed by | |
1157 | * Command Buffer. | |
1158 | * | |
1159 | * CSS Header byte positions 0x08 to 0x0B represent the CSS Header | |
1160 | * version: RSA(0x00010000) , ECDSA (0x00020000) | |
1161 | */ | |
1162 | css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET); | |
1163 | if (css_header_ver != 0x00010000) { | |
1164 | bt_dev_err(hdev, "Invalid CSS Header version"); | |
1165 | return -EINVAL; | |
1166 | } | |
1167 | ||
1168 | if (hw_variant <= 0x14) { | |
1169 | if (sbe_type != 0x00) { | |
1170 | bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)", | |
1171 | hw_variant); | |
1172 | return -EINVAL; | |
1173 | } | |
1174 | ||
1175 | err = btintel_sfi_rsa_header_secure_send(hdev, fw); | |
1176 | if (err) | |
1177 | return err; | |
1178 | ||
ac056546 | 1179 | err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); |
81ebea53 K |
1180 | if (err) |
1181 | return err; | |
1182 | } else if (hw_variant >= 0x17) { | |
1183 | /* Check if CSS header for ECDSA follows the RSA header */ | |
1184 | if (fw->data[ECDSA_OFFSET] != 0x06) | |
1185 | return -EINVAL; | |
1186 | ||
1187 | /* Check if the CSS Header version is ECDSA(0x00020000) */ | |
1188 | css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET); | |
1189 | if (css_header_ver != 0x00020000) { | |
1190 | bt_dev_err(hdev, "Invalid CSS Header version"); | |
1191 | return -EINVAL; | |
1192 | } | |
1193 | ||
1194 | if (sbe_type == 0x00) { | |
1195 | err = btintel_sfi_rsa_header_secure_send(hdev, fw); | |
1196 | if (err) | |
1197 | return err; | |
1198 | ||
1199 | err = btintel_download_firmware_payload(hdev, fw, | |
81ebea53 K |
1200 | RSA_HEADER_LEN + ECDSA_HEADER_LEN); |
1201 | if (err) | |
1202 | return err; | |
1203 | } else if (sbe_type == 0x01) { | |
1204 | err = btintel_sfi_ecdsa_header_secure_send(hdev, fw); | |
1205 | if (err) | |
1206 | return err; | |
1207 | ||
1208 | err = btintel_download_firmware_payload(hdev, fw, | |
81ebea53 K |
1209 | RSA_HEADER_LEN + ECDSA_HEADER_LEN); |
1210 | if (err) | |
1211 | return err; | |
1212 | } | |
1213 | } | |
1214 | return 0; | |
1215 | } | |
81ebea53 | 1216 | |
0d8603b4 | 1217 | static void btintel_reset_to_bootloader(struct hci_dev *hdev) |
b9a2562f AB |
1218 | { |
1219 | struct intel_reset params; | |
1220 | struct sk_buff *skb; | |
1221 | ||
1222 | /* Send Intel Reset command. This will result in | |
1223 | * re-enumeration of BT controller. | |
1224 | * | |
1225 | * Intel Reset parameter description: | |
1226 | * reset_type : 0x00 (Soft reset), | |
1227 | * 0x01 (Hard reset) | |
1228 | * patch_enable : 0x00 (Do not enable), | |
1229 | * 0x01 (Enable) | |
1230 | * ddc_reload : 0x00 (Do not reload), | |
1231 | * 0x01 (Reload) | |
1232 | * boot_option: 0x00 (Current image), | |
1233 | * 0x01 (Specified boot address) | |
1234 | * boot_param: Boot address | |
1235 | * | |
1236 | */ | |
1237 | params.reset_type = 0x01; | |
1238 | params.patch_enable = 0x01; | |
1239 | params.ddc_reload = 0x01; | |
1240 | params.boot_option = 0x00; | |
1241 | params.boot_param = cpu_to_le32(0x00000000); | |
1242 | ||
1243 | skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), | |
1244 | ¶ms, HCI_INIT_TIMEOUT); | |
1245 | if (IS_ERR(skb)) { | |
1246 | bt_dev_err(hdev, "FW download error recovery failed (%ld)", | |
1247 | PTR_ERR(skb)); | |
1248 | return; | |
1249 | } | |
1250 | bt_dev_info(hdev, "Intel reset sent to retry FW download"); | |
1251 | kfree_skb(skb); | |
1252 | ||
1253 | /* Current Intel BT controllers(ThP/JfP) hold the USB reset | |
1254 | * lines for 2ms when it receives Intel Reset in bootloader mode. | |
1255 | * Whereas, the upcoming Intel BT controllers will hold USB reset | |
1256 | * for 150ms. To keep the delay generic, 150ms is chosen here. | |
1257 | */ | |
1258 | msleep(150); | |
1259 | } | |
b9a2562f | 1260 | |
0d8603b4 THJA |
1261 | static int btintel_read_debug_features(struct hci_dev *hdev, |
1262 | struct intel_debug_features *features) | |
d74abe21 C |
1263 | { |
1264 | struct sk_buff *skb; | |
1265 | u8 page_no = 1; | |
1266 | ||
1267 | /* Intel controller supports two pages, each page is of 128-bit | |
1268 | * feature bit mask. And each bit defines specific feature support | |
1269 | */ | |
1270 | skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no, | |
1271 | HCI_INIT_TIMEOUT); | |
1272 | if (IS_ERR(skb)) { | |
1273 | bt_dev_err(hdev, "Reading supported features failed (%ld)", | |
1274 | PTR_ERR(skb)); | |
1275 | return PTR_ERR(skb); | |
1276 | } | |
1277 | ||
1278 | if (skb->len != (sizeof(features->page1) + 3)) { | |
1279 | bt_dev_err(hdev, "Supported features event size mismatch"); | |
1280 | kfree_skb(skb); | |
1281 | return -EILSEQ; | |
1282 | } | |
1283 | ||
1284 | memcpy(features->page1, skb->data + 3, sizeof(features->page1)); | |
1285 | ||
1286 | /* Read the supported features page2 if required in future. | |
1287 | */ | |
1288 | kfree_skb(skb); | |
1289 | return 0; | |
1290 | } | |
d74abe21 | 1291 | |
c585a92b SS |
1292 | static acpi_status btintel_ppag_callback(acpi_handle handle, u32 lvl, void *data, |
1293 | void **ret) | |
1294 | { | |
1295 | acpi_status status; | |
1296 | size_t len; | |
1297 | struct btintel_ppag *ppag = data; | |
1298 | union acpi_object *p, *elements; | |
1299 | struct acpi_buffer string = {ACPI_ALLOCATE_BUFFER, NULL}; | |
1300 | struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL}; | |
1301 | struct hci_dev *hdev = ppag->hdev; | |
1302 | ||
1303 | status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &string); | |
1304 | if (ACPI_FAILURE(status)) { | |
294d749b | 1305 | bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); |
c585a92b SS |
1306 | return status; |
1307 | } | |
1308 | ||
294d749b K |
1309 | len = strlen(string.pointer); |
1310 | if (len < strlen(BTINTEL_PPAG_NAME)) { | |
c585a92b SS |
1311 | kfree(string.pointer); |
1312 | return AE_OK; | |
1313 | } | |
1314 | ||
c585a92b SS |
1315 | if (strncmp((char *)string.pointer + len - 4, BTINTEL_PPAG_NAME, 4)) { |
1316 | kfree(string.pointer); | |
1317 | return AE_OK; | |
1318 | } | |
1319 | kfree(string.pointer); | |
1320 | ||
1321 | status = acpi_evaluate_object(handle, NULL, NULL, &buffer); | |
1322 | if (ACPI_FAILURE(status)) { | |
294d749b K |
1323 | ppag->status = status; |
1324 | bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); | |
c585a92b SS |
1325 | return status; |
1326 | } | |
1327 | ||
1328 | p = buffer.pointer; | |
1329 | ppag = (struct btintel_ppag *)data; | |
1330 | ||
1331 | if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) { | |
1332 | kfree(buffer.pointer); | |
294d749b | 1333 | bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d", |
c585a92b | 1334 | p->type, p->package.count); |
294d749b | 1335 | ppag->status = AE_ERROR; |
c585a92b SS |
1336 | return AE_ERROR; |
1337 | } | |
1338 | ||
1339 | elements = p->package.elements; | |
1340 | ||
1341 | /* PPAG table is located at element[1] */ | |
1342 | p = &elements[1]; | |
1343 | ||
1344 | ppag->domain = (u32)p->package.elements[0].integer.value; | |
1345 | ppag->mode = (u32)p->package.elements[1].integer.value; | |
294d749b | 1346 | ppag->status = AE_OK; |
c585a92b SS |
1347 | kfree(buffer.pointer); |
1348 | return AE_CTRL_TERMINATE; | |
1349 | } | |
1350 | ||
0d8603b4 | 1351 | static int btintel_set_debug_features(struct hci_dev *hdev, |
c453b10c C |
1352 | const struct intel_debug_features *features) |
1353 | { | |
76a56bbd | 1354 | u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00, |
c453b10c | 1355 | 0x00, 0x00, 0x00 }; |
76a56bbd C |
1356 | u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 }; |
1357 | u8 trace_enable = 0x02; | |
c453b10c C |
1358 | struct sk_buff *skb; |
1359 | ||
927ac8da JH |
1360 | if (!features) { |
1361 | bt_dev_warn(hdev, "Debug features not read"); | |
c453b10c | 1362 | return -EINVAL; |
927ac8da | 1363 | } |
c453b10c C |
1364 | |
1365 | if (!(features->page1[0] & 0x3f)) { | |
1366 | bt_dev_info(hdev, "Telemetry exception format not supported"); | |
1367 | return 0; | |
1368 | } | |
1369 | ||
1370 | skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); | |
1371 | if (IS_ERR(skb)) { | |
1372 | bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", | |
1373 | PTR_ERR(skb)); | |
1374 | return PTR_ERR(skb); | |
1375 | } | |
76a56bbd C |
1376 | kfree_skb(skb); |
1377 | ||
1378 | skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT); | |
1379 | if (IS_ERR(skb)) { | |
1380 | bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)", | |
1381 | PTR_ERR(skb)); | |
1382 | return PTR_ERR(skb); | |
1383 | } | |
1384 | kfree_skb(skb); | |
c453b10c | 1385 | |
76a56bbd C |
1386 | skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); |
1387 | if (IS_ERR(skb)) { | |
1388 | bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)", | |
1389 | PTR_ERR(skb)); | |
1390 | return PTR_ERR(skb); | |
1391 | } | |
c453b10c | 1392 | kfree_skb(skb); |
76a56bbd | 1393 | |
927ac8da JH |
1394 | bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x", |
1395 | trace_enable, mask[3]); | |
1396 | ||
c453b10c C |
1397 | return 0; |
1398 | } | |
c453b10c | 1399 | |
927ac8da JH |
1400 | static int btintel_reset_debug_features(struct hci_dev *hdev, |
1401 | const struct intel_debug_features *features) | |
1402 | { | |
1403 | u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1404 | 0x00, 0x00, 0x00 }; | |
1405 | u8 trace_enable = 0x00; | |
1406 | struct sk_buff *skb; | |
1407 | ||
1408 | if (!features) { | |
1409 | bt_dev_warn(hdev, "Debug features not read"); | |
1410 | return -EINVAL; | |
1411 | } | |
1412 | ||
1413 | if (!(features->page1[0] & 0x3f)) { | |
1414 | bt_dev_info(hdev, "Telemetry exception format not supported"); | |
1415 | return 0; | |
1416 | } | |
1417 | ||
1418 | /* Should stop the trace before writing ddc event mask. */ | |
1419 | skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); | |
1420 | if (IS_ERR(skb)) { | |
1421 | bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)", | |
1422 | PTR_ERR(skb)); | |
1423 | return PTR_ERR(skb); | |
1424 | } | |
1425 | kfree_skb(skb); | |
1426 | ||
1427 | skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); | |
1428 | if (IS_ERR(skb)) { | |
1429 | bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", | |
1430 | PTR_ERR(skb)); | |
1431 | return PTR_ERR(skb); | |
1432 | } | |
1433 | kfree_skb(skb); | |
1434 | ||
1435 | bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x", | |
1436 | trace_enable, mask[3]); | |
1437 | ||
1438 | return 0; | |
1439 | } | |
1440 | ||
1441 | int btintel_set_quality_report(struct hci_dev *hdev, bool enable) | |
1442 | { | |
1443 | struct intel_debug_features features; | |
1444 | int err; | |
1445 | ||
1446 | bt_dev_dbg(hdev, "enable %d", enable); | |
1447 | ||
1448 | /* Read the Intel supported features and if new exception formats | |
1449 | * supported, need to load the additional DDC config to enable. | |
1450 | */ | |
1451 | err = btintel_read_debug_features(hdev, &features); | |
1452 | if (err) | |
1453 | return err; | |
1454 | ||
1455 | /* Set or reset the debug features. */ | |
1456 | if (enable) | |
1457 | err = btintel_set_debug_features(hdev, &features); | |
1458 | else | |
1459 | err = btintel_reset_debug_features(hdev, &features); | |
1460 | ||
1461 | return err; | |
1462 | } | |
1463 | EXPORT_SYMBOL_GPL(btintel_set_quality_report); | |
1464 | ||
83f2dafe THJA |
1465 | static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev, |
1466 | struct intel_version *ver) | |
1467 | { | |
1468 | const struct firmware *fw; | |
1469 | char fwname[64]; | |
1470 | int ret; | |
1471 | ||
1472 | snprintf(fwname, sizeof(fwname), | |
1473 | "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", | |
1474 | ver->hw_platform, ver->hw_variant, ver->hw_revision, | |
1475 | ver->fw_variant, ver->fw_revision, ver->fw_build_num, | |
1476 | ver->fw_build_ww, ver->fw_build_yy); | |
1477 | ||
1478 | ret = request_firmware(&fw, fwname, &hdev->dev); | |
1479 | if (ret < 0) { | |
1480 | if (ret == -EINVAL) { | |
1481 | bt_dev_err(hdev, "Intel firmware file request failed (%d)", | |
1482 | ret); | |
1483 | return NULL; | |
1484 | } | |
1485 | ||
1486 | bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)", | |
1487 | fwname, ret); | |
1488 | ||
1489 | /* If the correct firmware patch file is not found, use the | |
1490 | * default firmware patch file instead | |
1491 | */ | |
1492 | snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", | |
1493 | ver->hw_platform, ver->hw_variant); | |
1494 | if (request_firmware(&fw, fwname, &hdev->dev) < 0) { | |
1495 | bt_dev_err(hdev, "failed to open default fw file: %s", | |
1496 | fwname); | |
1497 | return NULL; | |
1498 | } | |
1499 | } | |
1500 | ||
1501 | bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); | |
1502 | ||
1503 | return fw; | |
1504 | } | |
1505 | ||
1506 | static int btintel_legacy_rom_patching(struct hci_dev *hdev, | |
1507 | const struct firmware *fw, | |
1508 | const u8 **fw_ptr, int *disable_patch) | |
1509 | { | |
1510 | struct sk_buff *skb; | |
1511 | struct hci_command_hdr *cmd; | |
1512 | const u8 *cmd_param; | |
1513 | struct hci_event_hdr *evt = NULL; | |
1514 | const u8 *evt_param = NULL; | |
1515 | int remain = fw->size - (*fw_ptr - fw->data); | |
1516 | ||
1517 | /* The first byte indicates the types of the patch command or event. | |
1518 | * 0x01 means HCI command and 0x02 is HCI event. If the first bytes | |
1519 | * in the current firmware buffer doesn't start with 0x01 or | |
1520 | * the size of remain buffer is smaller than HCI command header, | |
1521 | * the firmware file is corrupted and it should stop the patching | |
1522 | * process. | |
1523 | */ | |
1524 | if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { | |
1525 | bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read"); | |
1526 | return -EINVAL; | |
1527 | } | |
1528 | (*fw_ptr)++; | |
1529 | remain--; | |
1530 | ||
1531 | cmd = (struct hci_command_hdr *)(*fw_ptr); | |
1532 | *fw_ptr += sizeof(*cmd); | |
1533 | remain -= sizeof(*cmd); | |
1534 | ||
1535 | /* Ensure that the remain firmware data is long enough than the length | |
1536 | * of command parameter. If not, the firmware file is corrupted. | |
1537 | */ | |
1538 | if (remain < cmd->plen) { | |
1539 | bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len"); | |
1540 | return -EFAULT; | |
1541 | } | |
1542 | ||
1543 | /* If there is a command that loads a patch in the firmware | |
1544 | * file, then enable the patch upon success, otherwise just | |
1545 | * disable the manufacturer mode, for example patch activation | |
1546 | * is not required when the default firmware patch file is used | |
1547 | * because there are no patch data to load. | |
1548 | */ | |
1549 | if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) | |
1550 | *disable_patch = 0; | |
1551 | ||
1552 | cmd_param = *fw_ptr; | |
1553 | *fw_ptr += cmd->plen; | |
1554 | remain -= cmd->plen; | |
1555 | ||
1556 | /* This reads the expected events when the above command is sent to the | |
1557 | * device. Some vendor commands expects more than one events, for | |
1558 | * example command status event followed by vendor specific event. | |
1559 | * For this case, it only keeps the last expected event. so the command | |
1560 | * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of | |
1561 | * last expected event. | |
1562 | */ | |
1563 | while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { | |
1564 | (*fw_ptr)++; | |
1565 | remain--; | |
1566 | ||
1567 | evt = (struct hci_event_hdr *)(*fw_ptr); | |
1568 | *fw_ptr += sizeof(*evt); | |
1569 | remain -= sizeof(*evt); | |
1570 | ||
1571 | if (remain < evt->plen) { | |
1572 | bt_dev_err(hdev, "Intel fw corrupted: invalid evt len"); | |
1573 | return -EFAULT; | |
1574 | } | |
1575 | ||
1576 | evt_param = *fw_ptr; | |
1577 | *fw_ptr += evt->plen; | |
1578 | remain -= evt->plen; | |
1579 | } | |
1580 | ||
1581 | /* Every HCI commands in the firmware file has its correspond event. | |
1582 | * If event is not found or remain is smaller than zero, the firmware | |
1583 | * file is corrupted. | |
1584 | */ | |
1585 | if (!evt || !evt_param || remain < 0) { | |
1586 | bt_dev_err(hdev, "Intel fw corrupted: invalid evt read"); | |
1587 | return -EFAULT; | |
1588 | } | |
1589 | ||
1590 | skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, | |
1591 | cmd_param, evt->evt, HCI_INIT_TIMEOUT); | |
1592 | if (IS_ERR(skb)) { | |
1593 | bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)", | |
1594 | cmd->opcode, PTR_ERR(skb)); | |
1595 | return PTR_ERR(skb); | |
1596 | } | |
1597 | ||
1598 | /* It ensures that the returned event matches the event data read from | |
1599 | * the firmware file. At fist, it checks the length and then | |
1600 | * the contents of the event. | |
1601 | */ | |
1602 | if (skb->len != evt->plen) { | |
1603 | bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)", | |
1604 | le16_to_cpu(cmd->opcode)); | |
1605 | kfree_skb(skb); | |
1606 | return -EFAULT; | |
1607 | } | |
1608 | ||
1609 | if (memcmp(skb->data, evt_param, evt->plen)) { | |
1610 | bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)", | |
1611 | le16_to_cpu(cmd->opcode)); | |
1612 | kfree_skb(skb); | |
1613 | return -EFAULT; | |
1614 | } | |
1615 | kfree_skb(skb); | |
1616 | ||
1617 | return 0; | |
1618 | } | |
1619 | ||
1620 | static int btintel_legacy_rom_setup(struct hci_dev *hdev, | |
1621 | struct intel_version *ver) | |
1622 | { | |
1623 | const struct firmware *fw; | |
1624 | const u8 *fw_ptr; | |
1625 | int disable_patch, err; | |
1626 | struct intel_version new_ver; | |
1627 | ||
1628 | BT_DBG("%s", hdev->name); | |
1629 | ||
1630 | /* fw_patch_num indicates the version of patch the device currently | |
1631 | * have. If there is no patch data in the device, it is always 0x00. | |
1632 | * So, if it is other than 0x00, no need to patch the device again. | |
1633 | */ | |
1634 | if (ver->fw_patch_num) { | |
1635 | bt_dev_info(hdev, | |
1636 | "Intel device is already patched. patch num: %02x", | |
1637 | ver->fw_patch_num); | |
1638 | goto complete; | |
1639 | } | |
1640 | ||
1641 | /* Opens the firmware patch file based on the firmware version read | |
1642 | * from the controller. If it fails to open the matching firmware | |
1643 | * patch file, it tries to open the default firmware patch file. | |
1644 | * If no patch file is found, allow the device to operate without | |
1645 | * a patch. | |
1646 | */ | |
1647 | fw = btintel_legacy_rom_get_fw(hdev, ver); | |
1648 | if (!fw) | |
1649 | goto complete; | |
1650 | fw_ptr = fw->data; | |
1651 | ||
1652 | /* Enable the manufacturer mode of the controller. | |
1653 | * Only while this mode is enabled, the driver can download the | |
1654 | * firmware patch data and configuration parameters. | |
1655 | */ | |
1656 | err = btintel_enter_mfg(hdev); | |
1657 | if (err) { | |
1658 | release_firmware(fw); | |
1659 | return err; | |
1660 | } | |
1661 | ||
1662 | disable_patch = 1; | |
1663 | ||
1664 | /* The firmware data file consists of list of Intel specific HCI | |
1665 | * commands and its expected events. The first byte indicates the | |
1666 | * type of the message, either HCI command or HCI event. | |
1667 | * | |
1668 | * It reads the command and its expected event from the firmware file, | |
1669 | * and send to the controller. Once __hci_cmd_sync_ev() returns, | |
1670 | * the returned event is compared with the event read from the firmware | |
1671 | * file and it will continue until all the messages are downloaded to | |
1672 | * the controller. | |
1673 | * | |
1674 | * Once the firmware patching is completed successfully, | |
1675 | * the manufacturer mode is disabled with reset and activating the | |
1676 | * downloaded patch. | |
1677 | * | |
1678 | * If the firmware patching fails, the manufacturer mode is | |
1679 | * disabled with reset and deactivating the patch. | |
1680 | * | |
1681 | * If the default patch file is used, no reset is done when disabling | |
1682 | * the manufacturer. | |
1683 | */ | |
1684 | while (fw->size > fw_ptr - fw->data) { | |
1685 | int ret; | |
1686 | ||
1687 | ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr, | |
1688 | &disable_patch); | |
1689 | if (ret < 0) | |
1690 | goto exit_mfg_deactivate; | |
1691 | } | |
1692 | ||
1693 | release_firmware(fw); | |
1694 | ||
1695 | if (disable_patch) | |
1696 | goto exit_mfg_disable; | |
1697 | ||
1698 | /* Patching completed successfully and disable the manufacturer mode | |
1699 | * with reset and activate the downloaded firmware patches. | |
1700 | */ | |
1701 | err = btintel_exit_mfg(hdev, true, true); | |
1702 | if (err) | |
1703 | return err; | |
1704 | ||
1705 | /* Need build number for downloaded fw patches in | |
1706 | * every power-on boot | |
1707 | */ | |
1708 | err = btintel_read_version(hdev, &new_ver); | |
1709 | if (err) | |
1710 | return err; | |
1711 | ||
1712 | bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated", | |
1713 | new_ver.fw_patch_num); | |
1714 | ||
1715 | goto complete; | |
1716 | ||
1717 | exit_mfg_disable: | |
1718 | /* Disable the manufacturer mode without reset */ | |
1719 | err = btintel_exit_mfg(hdev, false, false); | |
1720 | if (err) | |
1721 | return err; | |
1722 | ||
1723 | bt_dev_info(hdev, "Intel firmware patch completed"); | |
1724 | ||
1725 | goto complete; | |
1726 | ||
1727 | exit_mfg_deactivate: | |
1728 | release_firmware(fw); | |
1729 | ||
1730 | /* Patching failed. Disable the manufacturer mode with reset and | |
1731 | * deactivate the downloaded firmware patches. | |
1732 | */ | |
1733 | err = btintel_exit_mfg(hdev, true, false); | |
1734 | if (err) | |
1735 | return err; | |
1736 | ||
1737 | bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); | |
1738 | ||
1739 | complete: | |
1740 | /* Set the event mask for Intel specific vendor events. This enables | |
1741 | * a few extra events that are useful during general operation. | |
1742 | */ | |
1743 | btintel_set_event_mask_mfg(hdev, false); | |
1744 | ||
1745 | btintel_check_bdaddr(hdev); | |
1746 | ||
1747 | return 0; | |
1748 | } | |
1749 | ||
019a1caa THJA |
1750 | static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec) |
1751 | { | |
1752 | ktime_t delta, rettime; | |
1753 | unsigned long long duration; | |
1754 | int err; | |
1755 | ||
1756 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
1757 | ||
1758 | bt_dev_info(hdev, "Waiting for firmware download to complete"); | |
1759 | ||
1760 | err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING, | |
1761 | TASK_INTERRUPTIBLE, | |
1762 | msecs_to_jiffies(msec)); | |
1763 | if (err == -EINTR) { | |
1764 | bt_dev_err(hdev, "Firmware loading interrupted"); | |
1765 | return err; | |
1766 | } | |
1767 | ||
1768 | if (err) { | |
1769 | bt_dev_err(hdev, "Firmware loading timeout"); | |
1770 | return -ETIMEDOUT; | |
1771 | } | |
1772 | ||
1773 | if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) { | |
1774 | bt_dev_err(hdev, "Firmware loading failed"); | |
1775 | return -ENOEXEC; | |
1776 | } | |
1777 | ||
1778 | rettime = ktime_get(); | |
1779 | delta = ktime_sub(rettime, calltime); | |
1780 | duration = (unsigned long long)ktime_to_ns(delta) >> 10; | |
1781 | ||
1782 | bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); | |
1783 | ||
1784 | return 0; | |
1785 | } | |
1786 | ||
1787 | static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec) | |
1788 | { | |
1789 | ktime_t delta, rettime; | |
1790 | unsigned long long duration; | |
1791 | int err; | |
1792 | ||
1793 | bt_dev_info(hdev, "Waiting for device to boot"); | |
1794 | ||
1795 | err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING, | |
1796 | TASK_INTERRUPTIBLE, | |
1797 | msecs_to_jiffies(msec)); | |
1798 | if (err == -EINTR) { | |
1799 | bt_dev_err(hdev, "Device boot interrupted"); | |
1800 | return -EINTR; | |
1801 | } | |
1802 | ||
1803 | if (err) { | |
1804 | bt_dev_err(hdev, "Device boot timeout"); | |
1805 | return -ETIMEDOUT; | |
1806 | } | |
1807 | ||
1808 | rettime = ktime_get(); | |
1809 | delta = ktime_sub(rettime, calltime); | |
1810 | duration = (unsigned long long) ktime_to_ns(delta) >> 10; | |
1811 | ||
1812 | bt_dev_info(hdev, "Device booted in %llu usecs", duration); | |
1813 | ||
1814 | return 0; | |
1815 | } | |
1816 | ||
1817 | static int btintel_boot(struct hci_dev *hdev, u32 boot_addr) | |
1818 | { | |
1819 | ktime_t calltime; | |
1820 | int err; | |
1821 | ||
1822 | calltime = ktime_get(); | |
1823 | ||
1824 | btintel_set_flag(hdev, INTEL_BOOTING); | |
1825 | ||
1826 | err = btintel_send_intel_reset(hdev, boot_addr); | |
1827 | if (err) { | |
1828 | bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err); | |
1829 | btintel_reset_to_bootloader(hdev); | |
1830 | return err; | |
1831 | } | |
1832 | ||
1833 | /* The bootloader will not indicate when the device is ready. This | |
1834 | * is done by the operational firmware sending bootup notification. | |
1835 | * | |
1836 | * Booting into operational firmware should not take longer than | |
1837 | * 1 second. However if that happens, then just fail the setup | |
1838 | * since something went wrong. | |
1839 | */ | |
1840 | err = btintel_boot_wait(hdev, calltime, 1000); | |
1841 | if (err == -ETIMEDOUT) | |
1842 | btintel_reset_to_bootloader(hdev); | |
1843 | ||
1844 | return err; | |
1845 | } | |
1846 | ||
1847 | static int btintel_get_fw_name(struct intel_version *ver, | |
1848 | struct intel_boot_params *params, | |
1849 | char *fw_name, size_t len, | |
1850 | const char *suffix) | |
1851 | { | |
1852 | switch (ver->hw_variant) { | |
1853 | case 0x0b: /* SfP */ | |
1854 | case 0x0c: /* WsP */ | |
1855 | snprintf(fw_name, len, "intel/ibt-%u-%u.%s", | |
069ab3f9 LAD |
1856 | ver->hw_variant, |
1857 | le16_to_cpu(params->dev_revid), | |
1858 | suffix); | |
019a1caa THJA |
1859 | break; |
1860 | case 0x11: /* JfP */ | |
1861 | case 0x12: /* ThP */ | |
1862 | case 0x13: /* HrP */ | |
1863 | case 0x14: /* CcP */ | |
1864 | snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s", | |
069ab3f9 LAD |
1865 | ver->hw_variant, |
1866 | ver->hw_revision, | |
1867 | ver->fw_revision, | |
1868 | suffix); | |
019a1caa THJA |
1869 | break; |
1870 | default: | |
1871 | return -EINVAL; | |
1872 | } | |
1873 | ||
1874 | return 0; | |
1875 | } | |
1876 | ||
1877 | static int btintel_download_fw(struct hci_dev *hdev, | |
1878 | struct intel_version *ver, | |
1879 | struct intel_boot_params *params, | |
1880 | u32 *boot_param) | |
1881 | { | |
1882 | const struct firmware *fw; | |
1883 | char fwname[64]; | |
1884 | int err; | |
1885 | ktime_t calltime; | |
1886 | ||
1887 | if (!ver || !params) | |
1888 | return -EINVAL; | |
1889 | ||
1890 | /* The firmware variant determines if the device is in bootloader | |
1891 | * mode or is running operational firmware. The value 0x06 identifies | |
1892 | * the bootloader and the value 0x23 identifies the operational | |
1893 | * firmware. | |
1894 | * | |
1895 | * When the operational firmware is already present, then only | |
1896 | * the check for valid Bluetooth device address is needed. This | |
1897 | * determines if the device will be added as configured or | |
1898 | * unconfigured controller. | |
1899 | * | |
1900 | * It is not possible to use the Secure Boot Parameters in this | |
1901 | * case since that command is only available in bootloader mode. | |
1902 | */ | |
1903 | if (ver->fw_variant == 0x23) { | |
1904 | btintel_clear_flag(hdev, INTEL_BOOTLOADER); | |
1905 | btintel_check_bdaddr(hdev); | |
1906 | ||
1907 | /* SfP and WsP don't seem to update the firmware version on file | |
1908 | * so version checking is currently possible. | |
1909 | */ | |
1910 | switch (ver->hw_variant) { | |
1911 | case 0x0b: /* SfP */ | |
1912 | case 0x0c: /* WsP */ | |
1913 | return 0; | |
1914 | } | |
1915 | ||
1916 | /* Proceed to download to check if the version matches */ | |
1917 | goto download; | |
1918 | } | |
1919 | ||
1920 | /* Read the secure boot parameters to identify the operating | |
1921 | * details of the bootloader. | |
1922 | */ | |
1923 | err = btintel_read_boot_params(hdev, params); | |
1924 | if (err) | |
1925 | return err; | |
1926 | ||
1927 | /* It is required that every single firmware fragment is acknowledged | |
1928 | * with a command complete event. If the boot parameters indicate | |
1929 | * that this bootloader does not send them, then abort the setup. | |
1930 | */ | |
1931 | if (params->limited_cce != 0x00) { | |
1932 | bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", | |
1933 | params->limited_cce); | |
1934 | return -EINVAL; | |
1935 | } | |
1936 | ||
1937 | /* If the OTP has no valid Bluetooth device address, then there will | |
1938 | * also be no valid address for the operational firmware. | |
1939 | */ | |
1940 | if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { | |
1941 | bt_dev_info(hdev, "No device address configured"); | |
1942 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); | |
1943 | } | |
1944 | ||
1945 | download: | |
1946 | /* With this Intel bootloader only the hardware variant and device | |
1947 | * revision information are used to select the right firmware for SfP | |
1948 | * and WsP. | |
1949 | * | |
1950 | * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. | |
1951 | * | |
1952 | * Currently the supported hardware variants are: | |
1953 | * 11 (0x0b) for iBT3.0 (LnP/SfP) | |
1954 | * 12 (0x0c) for iBT3.5 (WsP) | |
1955 | * | |
1956 | * For ThP/JfP and for future SKU's, the FW name varies based on HW | |
1957 | * variant, HW revision and FW revision, as these are dependent on CNVi | |
1958 | * and RF Combination. | |
1959 | * | |
1960 | * 17 (0x11) for iBT3.5 (JfP) | |
1961 | * 18 (0x12) for iBT3.5 (ThP) | |
1962 | * | |
1963 | * The firmware file name for these will be | |
1964 | * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. | |
1965 | * | |
1966 | */ | |
1967 | err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi"); | |
1968 | if (err < 0) { | |
1969 | if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { | |
1970 | /* Firmware has already been loaded */ | |
1971 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
1972 | return 0; | |
1973 | } | |
1974 | ||
1975 | bt_dev_err(hdev, "Unsupported Intel firmware naming"); | |
1976 | return -EINVAL; | |
1977 | } | |
1978 | ||
1979 | err = firmware_request_nowarn(&fw, fwname, &hdev->dev); | |
1980 | if (err < 0) { | |
1981 | if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { | |
1982 | /* Firmware has already been loaded */ | |
1983 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
1984 | return 0; | |
1985 | } | |
1986 | ||
1987 | bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", | |
1988 | fwname, err); | |
1989 | return err; | |
1990 | } | |
1991 | ||
1992 | bt_dev_info(hdev, "Found device firmware: %s", fwname); | |
1993 | ||
1994 | if (fw->size < 644) { | |
1995 | bt_dev_err(hdev, "Invalid size of firmware file (%zu)", | |
1996 | fw->size); | |
1997 | err = -EBADF; | |
1998 | goto done; | |
1999 | } | |
2000 | ||
2001 | calltime = ktime_get(); | |
2002 | ||
2003 | btintel_set_flag(hdev, INTEL_DOWNLOADING); | |
2004 | ||
2005 | /* Start firmware downloading and get boot parameter */ | |
2006 | err = btintel_download_firmware(hdev, ver, fw, boot_param); | |
2007 | if (err < 0) { | |
2008 | if (err == -EALREADY) { | |
2009 | /* Firmware has already been loaded */ | |
2010 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
2011 | err = 0; | |
2012 | goto done; | |
2013 | } | |
2014 | ||
2015 | /* When FW download fails, send Intel Reset to retry | |
2016 | * FW download. | |
2017 | */ | |
2018 | btintel_reset_to_bootloader(hdev); | |
2019 | goto done; | |
2020 | } | |
2021 | ||
2022 | /* Before switching the device into operational mode and with that | |
2023 | * booting the loaded firmware, wait for the bootloader notification | |
2024 | * that all fragments have been successfully received. | |
2025 | * | |
2026 | * When the event processing receives the notification, then the | |
2027 | * INTEL_DOWNLOADING flag will be cleared. | |
2028 | * | |
2029 | * The firmware loading should not take longer than 5 seconds | |
2030 | * and thus just timeout if that happens and fail the setup | |
2031 | * of this device. | |
2032 | */ | |
2033 | err = btintel_download_wait(hdev, calltime, 5000); | |
2034 | if (err == -ETIMEDOUT) | |
2035 | btintel_reset_to_bootloader(hdev); | |
2036 | ||
2037 | done: | |
2038 | release_firmware(fw); | |
2039 | return err; | |
2040 | } | |
2041 | ||
2042 | static int btintel_bootloader_setup(struct hci_dev *hdev, | |
2043 | struct intel_version *ver) | |
2044 | { | |
2045 | struct intel_version new_ver; | |
2046 | struct intel_boot_params params; | |
2047 | u32 boot_param; | |
2048 | char ddcname[64]; | |
2049 | int err; | |
019a1caa THJA |
2050 | |
2051 | BT_DBG("%s", hdev->name); | |
2052 | ||
2053 | /* Set the default boot parameter to 0x0 and it is updated to | |
2054 | * SKU specific boot parameter after reading Intel_Write_Boot_Params | |
2055 | * command while downloading the firmware. | |
2056 | */ | |
2057 | boot_param = 0x00000000; | |
2058 | ||
2059 | btintel_set_flag(hdev, INTEL_BOOTLOADER); | |
2060 | ||
2061 | err = btintel_download_fw(hdev, ver, ¶ms, &boot_param); | |
2062 | if (err) | |
2063 | return err; | |
2064 | ||
2065 | /* controller is already having an operational firmware */ | |
2066 | if (ver->fw_variant == 0x23) | |
2067 | goto finish; | |
2068 | ||
2069 | err = btintel_boot(hdev, boot_param); | |
2070 | if (err) | |
2071 | return err; | |
2072 | ||
2073 | btintel_clear_flag(hdev, INTEL_BOOTLOADER); | |
2074 | ||
2075 | err = btintel_get_fw_name(ver, ¶ms, ddcname, | |
2076 | sizeof(ddcname), "ddc"); | |
2077 | ||
2078 | if (err < 0) { | |
2079 | bt_dev_err(hdev, "Unsupported Intel firmware naming"); | |
2080 | } else { | |
2081 | /* Once the device is running in operational mode, it needs to | |
2082 | * apply the device configuration (DDC) parameters. | |
2083 | * | |
2084 | * The device can work without DDC parameters, so even if it | |
2085 | * fails to load the file, no need to fail the setup. | |
2086 | */ | |
2087 | btintel_load_ddc_config(hdev, ddcname); | |
2088 | } | |
2089 | ||
927ac8da JH |
2090 | hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); |
2091 | ||
019a1caa THJA |
2092 | /* Read the Intel version information after loading the FW */ |
2093 | err = btintel_read_version(hdev, &new_ver); | |
2094 | if (err) | |
2095 | return err; | |
2096 | ||
2097 | btintel_version_info(hdev, &new_ver); | |
2098 | ||
2099 | finish: | |
019a1caa THJA |
2100 | /* Set the event mask for Intel specific vendor events. This enables |
2101 | * a few extra events that are useful during general operation. It | |
2102 | * does not enable any debugging related events. | |
2103 | * | |
2104 | * The device will function correctly without these events enabled | |
2105 | * and thus no need to fail the setup. | |
2106 | */ | |
2107 | btintel_set_event_mask(hdev, false); | |
2108 | ||
2109 | return 0; | |
2110 | } | |
2111 | ||
2112 | static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver, | |
2113 | char *fw_name, size_t len, | |
2114 | const char *suffix) | |
2115 | { | |
2116 | /* The firmware file name for new generation controllers will be | |
2117 | * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step> | |
2118 | */ | |
2119 | snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s", | |
2120 | INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top), | |
2121 | INTEL_CNVX_TOP_STEP(ver->cnvi_top)), | |
2122 | INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top), | |
2123 | INTEL_CNVX_TOP_STEP(ver->cnvr_top)), | |
2124 | suffix); | |
2125 | } | |
2126 | ||
2127 | static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev, | |
2128 | struct intel_version_tlv *ver, | |
2129 | u32 *boot_param) | |
2130 | { | |
2131 | const struct firmware *fw; | |
2132 | char fwname[64]; | |
2133 | int err; | |
2134 | ktime_t calltime; | |
2135 | ||
2136 | if (!ver || !boot_param) | |
2137 | return -EINVAL; | |
2138 | ||
2139 | /* The firmware variant determines if the device is in bootloader | |
2140 | * mode or is running operational firmware. The value 0x03 identifies | |
2141 | * the bootloader and the value 0x23 identifies the operational | |
2142 | * firmware. | |
2143 | * | |
2144 | * When the operational firmware is already present, then only | |
2145 | * the check for valid Bluetooth device address is needed. This | |
2146 | * determines if the device will be added as configured or | |
2147 | * unconfigured controller. | |
2148 | * | |
2149 | * It is not possible to use the Secure Boot Parameters in this | |
2150 | * case since that command is only available in bootloader mode. | |
2151 | */ | |
2152 | if (ver->img_type == 0x03) { | |
2153 | btintel_clear_flag(hdev, INTEL_BOOTLOADER); | |
2154 | btintel_check_bdaddr(hdev); | |
89350531 K |
2155 | } else { |
2156 | /* | |
2157 | * Check for valid bd address in boot loader mode. Device | |
2158 | * will be marked as unconfigured if empty bd address is | |
2159 | * found. | |
2160 | */ | |
2161 | if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) { | |
2162 | bt_dev_info(hdev, "No device address configured"); | |
2163 | set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); | |
2164 | } | |
019a1caa THJA |
2165 | } |
2166 | ||
2167 | btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi"); | |
2168 | err = firmware_request_nowarn(&fw, fwname, &hdev->dev); | |
2169 | if (err < 0) { | |
2170 | if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { | |
2171 | /* Firmware has already been loaded */ | |
2172 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
2173 | return 0; | |
2174 | } | |
2175 | ||
2176 | bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", | |
2177 | fwname, err); | |
2178 | ||
2179 | return err; | |
2180 | } | |
2181 | ||
2182 | bt_dev_info(hdev, "Found device firmware: %s", fwname); | |
2183 | ||
2184 | if (fw->size < 644) { | |
2185 | bt_dev_err(hdev, "Invalid size of firmware file (%zu)", | |
2186 | fw->size); | |
2187 | err = -EBADF; | |
2188 | goto done; | |
2189 | } | |
2190 | ||
2191 | calltime = ktime_get(); | |
2192 | ||
2193 | btintel_set_flag(hdev, INTEL_DOWNLOADING); | |
2194 | ||
2195 | /* Start firmware downloading and get boot parameter */ | |
2196 | err = btintel_download_fw_tlv(hdev, ver, fw, boot_param, | |
2197 | INTEL_HW_VARIANT(ver->cnvi_bt), | |
2198 | ver->sbe_type); | |
2199 | if (err < 0) { | |
2200 | if (err == -EALREADY) { | |
2201 | /* Firmware has already been loaded */ | |
2202 | btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); | |
2203 | err = 0; | |
2204 | goto done; | |
2205 | } | |
2206 | ||
2207 | /* When FW download fails, send Intel Reset to retry | |
2208 | * FW download. | |
2209 | */ | |
2210 | btintel_reset_to_bootloader(hdev); | |
2211 | goto done; | |
2212 | } | |
2213 | ||
2214 | /* Before switching the device into operational mode and with that | |
2215 | * booting the loaded firmware, wait for the bootloader notification | |
2216 | * that all fragments have been successfully received. | |
2217 | * | |
2218 | * When the event processing receives the notification, then the | |
2219 | * BTUSB_DOWNLOADING flag will be cleared. | |
2220 | * | |
2221 | * The firmware loading should not take longer than 5 seconds | |
2222 | * and thus just timeout if that happens and fail the setup | |
2223 | * of this device. | |
2224 | */ | |
2225 | err = btintel_download_wait(hdev, calltime, 5000); | |
2226 | if (err == -ETIMEDOUT) | |
2227 | btintel_reset_to_bootloader(hdev); | |
2228 | ||
2229 | done: | |
2230 | release_firmware(fw); | |
2231 | return err; | |
2232 | } | |
2233 | ||
70dd9789 K |
2234 | static int btintel_get_codec_config_data(struct hci_dev *hdev, |
2235 | __u8 link, struct bt_codec *codec, | |
2236 | __u8 *ven_len, __u8 **ven_data) | |
2237 | { | |
2238 | int err = 0; | |
2239 | ||
2240 | if (!ven_data || !ven_len) | |
2241 | return -EINVAL; | |
2242 | ||
2243 | *ven_len = 0; | |
2244 | *ven_data = NULL; | |
2245 | ||
2246 | if (link != ESCO_LINK) { | |
2247 | bt_dev_err(hdev, "Invalid link type(%u)", link); | |
2248 | return -EINVAL; | |
2249 | } | |
2250 | ||
2251 | *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL); | |
8bba13b1 | 2252 | if (!*ven_data) { |
70dd9789 K |
2253 | err = -ENOMEM; |
2254 | goto error; | |
2255 | } | |
2256 | ||
2257 | /* supports only CVSD and mSBC offload codecs */ | |
2258 | switch (codec->id) { | |
2259 | case 0x02: | |
2260 | **ven_data = 0x00; | |
2261 | break; | |
2262 | case 0x05: | |
2263 | **ven_data = 0x01; | |
2264 | break; | |
2265 | default: | |
2266 | err = -EINVAL; | |
2267 | bt_dev_err(hdev, "Invalid codec id(%u)", codec->id); | |
2268 | goto error; | |
2269 | } | |
2270 | /* codec and its capabilities are pre-defined to ids | |
2271 | * preset id = 0x00 represents CVSD codec with sampling rate 8K | |
2272 | * preset id = 0x01 represents mSBC codec with sampling rate 16K | |
2273 | */ | |
2274 | *ven_len = sizeof(__u8); | |
2275 | return err; | |
2276 | ||
2277 | error: | |
2278 | kfree(*ven_data); | |
2279 | *ven_data = NULL; | |
2280 | return err; | |
2281 | } | |
2282 | ||
d586029c K |
2283 | static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id) |
2284 | { | |
2285 | /* Intel uses 1 as data path id for all the usecases */ | |
2286 | *data_path_id = 1; | |
2287 | return 0; | |
2288 | } | |
2289 | ||
a358ef86 K |
2290 | static int btintel_configure_offload(struct hci_dev *hdev) |
2291 | { | |
2292 | struct sk_buff *skb; | |
2293 | int err = 0; | |
2294 | struct intel_offload_use_cases *use_cases; | |
2295 | ||
2296 | skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT); | |
2297 | if (IS_ERR(skb)) { | |
2298 | bt_dev_err(hdev, "Reading offload use cases failed (%ld)", | |
2299 | PTR_ERR(skb)); | |
2300 | return PTR_ERR(skb); | |
2301 | } | |
2302 | ||
2303 | if (skb->len < sizeof(*use_cases)) { | |
2304 | err = -EIO; | |
2305 | goto error; | |
2306 | } | |
2307 | ||
2308 | use_cases = (void *)skb->data; | |
2309 | ||
2310 | if (use_cases->status) { | |
2311 | err = -bt_to_errno(skb->data[0]); | |
2312 | goto error; | |
2313 | } | |
d586029c | 2314 | |
70dd9789 | 2315 | if (use_cases->preset[0] & 0x03) { |
d586029c | 2316 | hdev->get_data_path_id = btintel_get_data_path_id; |
70dd9789 K |
2317 | hdev->get_codec_config_data = btintel_get_codec_config_data; |
2318 | } | |
a358ef86 K |
2319 | error: |
2320 | kfree_skb(skb); | |
2321 | return err; | |
2322 | } | |
2323 | ||
c585a92b SS |
2324 | static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver) |
2325 | { | |
c585a92b SS |
2326 | struct btintel_ppag ppag; |
2327 | struct sk_buff *skb; | |
2328 | struct btintel_loc_aware_reg ppag_cmd; | |
902160cd | 2329 | acpi_handle handle; |
c585a92b | 2330 | |
294d749b | 2331 | /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */ |
c585a92b SS |
2332 | switch (ver->cnvr_top & 0xFFF) { |
2333 | case 0x504: /* Hrp2 */ | |
2334 | case 0x202: /* Jfp2 */ | |
2335 | case 0x201: /* Jfp1 */ | |
2336 | return; | |
2337 | } | |
2338 | ||
902160cd K |
2339 | handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev)); |
2340 | if (!handle) { | |
2341 | bt_dev_info(hdev, "No support for BT device in ACPI firmware"); | |
2342 | return; | |
2343 | } | |
2344 | ||
c585a92b SS |
2345 | memset(&ppag, 0, sizeof(ppag)); |
2346 | ||
2347 | ppag.hdev = hdev; | |
294d749b | 2348 | ppag.status = AE_NOT_FOUND; |
902160cd K |
2349 | acpi_walk_namespace(ACPI_TYPE_PACKAGE, handle, 1, NULL, |
2350 | btintel_ppag_callback, &ppag, NULL); | |
c585a92b | 2351 | |
294d749b K |
2352 | if (ACPI_FAILURE(ppag.status)) { |
2353 | if (ppag.status == AE_NOT_FOUND) { | |
2354 | bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found"); | |
c585a92b | 2355 | return; |
294d749b | 2356 | } |
c585a92b SS |
2357 | return; |
2358 | } | |
2359 | ||
2360 | if (ppag.domain != 0x12) { | |
294d749b | 2361 | bt_dev_warn(hdev, "PPAG-BT: domain is not bluetooth"); |
c585a92b SS |
2362 | return; |
2363 | } | |
2364 | ||
2365 | /* PPAG mode, BIT0 = 0 Disabled, BIT0 = 1 Enabled */ | |
2366 | if (!(ppag.mode & BIT(0))) { | |
294d749b | 2367 | bt_dev_dbg(hdev, "PPAG-BT: disabled"); |
c585a92b SS |
2368 | return; |
2369 | } | |
2370 | ||
2371 | ppag_cmd.mcc = cpu_to_le32(0); | |
2372 | ppag_cmd.sel = cpu_to_le32(0); /* 0 - Enable , 1 - Disable, 2 - Testing mode */ | |
2373 | ppag_cmd.delta = cpu_to_le32(0); | |
2374 | skb = __hci_cmd_sync(hdev, 0xfe19, sizeof(ppag_cmd), &ppag_cmd, HCI_CMD_TIMEOUT); | |
2375 | if (IS_ERR(skb)) { | |
2376 | bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb)); | |
2377 | return; | |
2378 | } | |
2379 | kfree_skb(skb); | |
2380 | } | |
2381 | ||
019a1caa THJA |
2382 | static int btintel_bootloader_setup_tlv(struct hci_dev *hdev, |
2383 | struct intel_version_tlv *ver) | |
2384 | { | |
2385 | u32 boot_param; | |
2386 | char ddcname[64]; | |
2387 | int err; | |
019a1caa THJA |
2388 | struct intel_version_tlv new_ver; |
2389 | ||
2390 | bt_dev_dbg(hdev, ""); | |
2391 | ||
2392 | /* Set the default boot parameter to 0x0 and it is updated to | |
2393 | * SKU specific boot parameter after reading Intel_Write_Boot_Params | |
2394 | * command while downloading the firmware. | |
2395 | */ | |
2396 | boot_param = 0x00000000; | |
2397 | ||
2398 | btintel_set_flag(hdev, INTEL_BOOTLOADER); | |
2399 | ||
2400 | err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param); | |
2401 | if (err) | |
2402 | return err; | |
2403 | ||
2404 | /* check if controller is already having an operational firmware */ | |
2405 | if (ver->img_type == 0x03) | |
2406 | goto finish; | |
2407 | ||
2408 | err = btintel_boot(hdev, boot_param); | |
2409 | if (err) | |
2410 | return err; | |
2411 | ||
2412 | btintel_clear_flag(hdev, INTEL_BOOTLOADER); | |
2413 | ||
2414 | btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc"); | |
2415 | /* Once the device is running in operational mode, it needs to | |
2416 | * apply the device configuration (DDC) parameters. | |
2417 | * | |
2418 | * The device can work without DDC parameters, so even if it | |
2419 | * fails to load the file, no need to fail the setup. | |
2420 | */ | |
2421 | btintel_load_ddc_config(hdev, ddcname); | |
2422 | ||
a358ef86 K |
2423 | /* Read supported use cases and set callbacks to fetch datapath id */ |
2424 | btintel_configure_offload(hdev); | |
2425 | ||
927ac8da JH |
2426 | hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); |
2427 | ||
c585a92b SS |
2428 | /* Set PPAG feature */ |
2429 | btintel_set_ppag(hdev, ver); | |
2430 | ||
019a1caa THJA |
2431 | /* Read the Intel version information after loading the FW */ |
2432 | err = btintel_read_version_tlv(hdev, &new_ver); | |
2433 | if (err) | |
2434 | return err; | |
2435 | ||
2436 | btintel_version_info_tlv(hdev, &new_ver); | |
2437 | ||
2438 | finish: | |
2439 | /* Set the event mask for Intel specific vendor events. This enables | |
2440 | * a few extra events that are useful during general operation. It | |
2441 | * does not enable any debugging related events. | |
2442 | * | |
2443 | * The device will function correctly without these events enabled | |
2444 | * and thus no need to fail the setup. | |
2445 | */ | |
2446 | btintel_set_event_mask(hdev, false); | |
2447 | ||
2448 | return 0; | |
2449 | } | |
2450 | ||
1804fdf6 THJA |
2451 | static void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant) |
2452 | { | |
2453 | switch (hw_variant) { | |
2454 | /* Legacy bootloader devices that supports MSFT Extension */ | |
2455 | case 0x11: /* JfP */ | |
2456 | case 0x12: /* ThP */ | |
2457 | case 0x13: /* HrP */ | |
2458 | case 0x14: /* CcP */ | |
2459 | /* All Intel new genration controllers support the Microsoft vendor | |
2460 | * extension are using 0xFC1E for VsMsftOpCode. | |
2461 | */ | |
2462 | case 0x17: | |
2463 | case 0x18: | |
2464 | case 0x19: | |
b43331b4 | 2465 | case 0x1b: |
1804fdf6 THJA |
2466 | hci_set_msft_opcode(hdev, 0xFC1E); |
2467 | break; | |
2468 | default: | |
2469 | /* Not supported */ | |
2470 | break; | |
2471 | } | |
2472 | } | |
2473 | ||
ca5425e1 THJA |
2474 | static int btintel_setup_combined(struct hci_dev *hdev) |
2475 | { | |
2476 | const u8 param[1] = { 0xFF }; | |
2477 | struct intel_version ver; | |
2478 | struct intel_version_tlv ver_tlv; | |
2479 | struct sk_buff *skb; | |
2480 | int err; | |
2481 | ||
2482 | BT_DBG("%s", hdev->name); | |
2483 | ||
ea7c4c0e THJA |
2484 | /* The some controllers have a bug with the first HCI command sent to it |
2485 | * returning number of completed commands as zero. This would stall the | |
2486 | * command processing in the Bluetooth core. | |
2487 | * | |
2488 | * As a workaround, send HCI Reset command first which will reset the | |
2489 | * number of completed commands and allow normal command processing | |
2490 | * from now on. | |
95655456 THJA |
2491 | * |
2492 | * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe | |
2493 | * in the SW_RFKILL ON state as a workaround of fixing LED issue during | |
2494 | * the shutdown() procedure, and once the device is in SW_RFKILL ON | |
2495 | * state, the only way to exit out of it is sending the HCI_Reset | |
2496 | * command. | |
ea7c4c0e | 2497 | */ |
95655456 THJA |
2498 | if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) || |
2499 | btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { | |
ea7c4c0e THJA |
2500 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, |
2501 | HCI_INIT_TIMEOUT); | |
2502 | if (IS_ERR(skb)) { | |
2503 | bt_dev_err(hdev, | |
2504 | "sending initial HCI reset failed (%ld)", | |
2505 | PTR_ERR(skb)); | |
2506 | return PTR_ERR(skb); | |
2507 | } | |
2508 | kfree_skb(skb); | |
2509 | } | |
2510 | ||
ca5425e1 THJA |
2511 | /* Starting from TyP device, the command parameter and response are |
2512 | * changed even though the OCF for HCI_Intel_Read_Version command | |
2513 | * remains same. The legacy devices can handle even if the | |
2514 | * command has a parameter and returns a correct version information. | |
2515 | * So, it uses new format to support both legacy and new format. | |
2516 | */ | |
2517 | skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); | |
2518 | if (IS_ERR(skb)) { | |
2519 | bt_dev_err(hdev, "Reading Intel version command failed (%ld)", | |
2520 | PTR_ERR(skb)); | |
2521 | return PTR_ERR(skb); | |
2522 | } | |
2523 | ||
2524 | /* Check the status */ | |
2525 | if (skb->data[0]) { | |
2526 | bt_dev_err(hdev, "Intel Read Version command failed (%02x)", | |
2527 | skb->data[0]); | |
2528 | err = -EIO; | |
2529 | goto exit_error; | |
2530 | } | |
2531 | ||
3df4dfbe THJA |
2532 | /* Apply the common HCI quirks for Intel device */ |
2533 | set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); | |
2534 | set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); | |
2535 | set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); | |
2536 | ||
927ac8da JH |
2537 | /* Set up the quality report callback for Intel devices */ |
2538 | hdev->set_quality_report = btintel_set_quality_report; | |
2539 | ||
ca5425e1 THJA |
2540 | /* For Legacy device, check the HW platform value and size */ |
2541 | if (skb->len == sizeof(ver) && skb->data[1] == 0x37) { | |
2542 | bt_dev_dbg(hdev, "Read the legacy Intel version information"); | |
2543 | ||
2544 | memcpy(&ver, skb->data, sizeof(ver)); | |
2545 | ||
2546 | /* Display version information */ | |
2547 | btintel_version_info(hdev, &ver); | |
2548 | ||
2549 | /* Check for supported iBT hardware variants of this firmware | |
2550 | * loading method. | |
2551 | * | |
2552 | * This check has been put in place to ensure correct forward | |
2553 | * compatibility options when newer hardware variants come | |
2554 | * along. | |
2555 | */ | |
2556 | switch (ver.hw_variant) { | |
2557 | case 0x07: /* WP */ | |
2558 | case 0x08: /* StP */ | |
2559 | /* Legacy ROM product */ | |
55380714 | 2560 | btintel_set_flag(hdev, INTEL_ROM_LEGACY); |
ffcba827 | 2561 | |
3df4dfbe THJA |
2562 | /* Apply the device specific HCI quirks |
2563 | * | |
55235304 THJA |
2564 | * WBS for SdP - For the Legacy ROM products, only SdP |
2565 | * supports the WBS. But the version information is not | |
2566 | * enough to use here because the StP2 and SdP have same | |
2567 | * hw_variant and fw_variant. So, this flag is set by | |
2568 | * the transport driver (btusb) based on the HW info | |
2569 | * (idProduct) | |
3df4dfbe | 2570 | */ |
55235304 THJA |
2571 | if (!btintel_test_flag(hdev, |
2572 | INTEL_ROM_LEGACY_NO_WBS_SUPPORT)) | |
3df4dfbe THJA |
2573 | set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, |
2574 | &hdev->quirks); | |
dd0a1794 K |
2575 | if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22) |
2576 | set_bit(HCI_QUIRK_VALID_LE_STATES, | |
2577 | &hdev->quirks); | |
3df4dfbe | 2578 | |
83f2dafe | 2579 | err = btintel_legacy_rom_setup(hdev, &ver); |
ca5425e1 THJA |
2580 | break; |
2581 | case 0x0b: /* SfP */ | |
ca5425e1 THJA |
2582 | case 0x11: /* JfP */ |
2583 | case 0x12: /* ThP */ | |
2584 | case 0x13: /* HrP */ | |
2585 | case 0x14: /* CcP */ | |
dd0a1794 K |
2586 | set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); |
2587 | fallthrough; | |
2588 | case 0x0c: /* WsP */ | |
3df4dfbe THJA |
2589 | /* Apply the device specific HCI quirks |
2590 | * | |
2591 | * All Legacy bootloader devices support WBS | |
2592 | */ | |
2593 | set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, | |
2594 | &hdev->quirks); | |
2595 | ||
1804fdf6 THJA |
2596 | /* Setup MSFT Extension support */ |
2597 | btintel_set_msft_opcode(hdev, ver.hw_variant); | |
2598 | ||
019a1caa | 2599 | err = btintel_bootloader_setup(hdev, &ver); |
ca5425e1 THJA |
2600 | break; |
2601 | default: | |
2602 | bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", | |
2603 | ver.hw_variant); | |
2604 | err = -EINVAL; | |
2605 | } | |
2606 | ||
2607 | goto exit_error; | |
2608 | } | |
2609 | ||
89350531 K |
2610 | /* memset ver_tlv to start with clean state as few fields are exclusive |
2611 | * to bootloader mode and are not populated in operational mode | |
2612 | */ | |
2613 | memset(&ver_tlv, 0, sizeof(ver_tlv)); | |
ca5425e1 THJA |
2614 | /* For TLV type device, parse the tlv data */ |
2615 | err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); | |
2616 | if (err) { | |
2617 | bt_dev_err(hdev, "Failed to parse TLV version information"); | |
2618 | goto exit_error; | |
2619 | } | |
2620 | ||
2621 | if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) { | |
2622 | bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", | |
2623 | INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); | |
2624 | err = -EINVAL; | |
2625 | goto exit_error; | |
2626 | } | |
2627 | ||
019a1caa THJA |
2628 | /* Check for supported iBT hardware variants of this firmware |
2629 | * loading method. | |
2630 | * | |
2631 | * This check has been put in place to ensure correct forward | |
2632 | * compatibility options when newer hardware variants come | |
2633 | * along. | |
2634 | */ | |
2635 | switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { | |
c86c7285 THJA |
2636 | case 0x11: /* JfP */ |
2637 | case 0x12: /* ThP */ | |
2638 | case 0x13: /* HrP */ | |
2639 | case 0x14: /* CcP */ | |
3547a008 THJA |
2640 | /* Some legacy bootloader devices starting from JfP, |
2641 | * the operational firmware supports both old and TLV based | |
2642 | * HCI_Intel_Read_Version command based on the command | |
2643 | * parameter. | |
2644 | * | |
2645 | * For upgrading firmware case, the TLV based version cannot | |
2646 | * be used because the firmware filename for legacy bootloader | |
2647 | * is based on the old format. | |
c86c7285 THJA |
2648 | * |
2649 | * Also, it is not easy to convert TLV based version from the | |
2650 | * legacy version format. | |
2651 | * | |
2652 | * So, as a workaround for those devices, use the legacy | |
2653 | * HCI_Intel_Read_Version to get the version information and | |
2654 | * run the legacy bootloader setup. | |
2655 | */ | |
2656 | err = btintel_read_version(hdev, &ver); | |
2657 | if (err) | |
cee50ce8 | 2658 | break; |
3547a008 THJA |
2659 | |
2660 | /* Apply the device specific HCI quirks | |
2661 | * | |
2662 | * All Legacy bootloader devices support WBS | |
2663 | */ | |
2664 | set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); | |
2665 | ||
dd0a1794 K |
2666 | /* Set Valid LE States quirk */ |
2667 | set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); | |
3547a008 THJA |
2668 | |
2669 | /* Setup MSFT Extension support */ | |
2670 | btintel_set_msft_opcode(hdev, ver.hw_variant); | |
2671 | ||
c86c7285 THJA |
2672 | err = btintel_bootloader_setup(hdev, &ver); |
2673 | break; | |
019a1caa THJA |
2674 | case 0x17: |
2675 | case 0x18: | |
2676 | case 0x19: | |
b43331b4 | 2677 | case 0x1b: |
019a1caa THJA |
2678 | /* Display version information of TLV type */ |
2679 | btintel_version_info_tlv(hdev, &ver_tlv); | |
2680 | ||
3df4dfbe THJA |
2681 | /* Apply the device specific HCI quirks for TLV based devices |
2682 | * | |
2683 | * All TLV based devices support WBS | |
2684 | */ | |
2685 | set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); | |
2686 | ||
2687 | /* Valid LE States quirk for GfP */ | |
2688 | if (INTEL_HW_VARIANT(ver_tlv.cnvi_bt) == 0x18) | |
2689 | set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); | |
2690 | ||
1804fdf6 THJA |
2691 | /* Setup MSFT Extension support */ |
2692 | btintel_set_msft_opcode(hdev, | |
2693 | INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); | |
2694 | ||
019a1caa THJA |
2695 | err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); |
2696 | break; | |
2697 | default: | |
2698 | bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", | |
2699 | INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); | |
cee50ce8 WS |
2700 | err = -EINVAL; |
2701 | break; | |
019a1caa | 2702 | } |
ca5425e1 THJA |
2703 | |
2704 | exit_error: | |
2705 | kfree_skb(skb); | |
2706 | ||
2707 | return err; | |
2708 | } | |
2709 | ||
2710 | static int btintel_shutdown_combined(struct hci_dev *hdev) | |
2711 | { | |
2712 | struct sk_buff *skb; | |
ffcba827 | 2713 | int ret; |
ca5425e1 THJA |
2714 | |
2715 | /* Send HCI Reset to the controller to stop any BT activity which | |
2716 | * were triggered. This will help to save power and maintain the | |
2717 | * sync b/w Host and controller | |
2718 | */ | |
2719 | skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); | |
2720 | if (IS_ERR(skb)) { | |
2721 | bt_dev_err(hdev, "HCI reset during shutdown failed"); | |
2722 | return PTR_ERR(skb); | |
2723 | } | |
2724 | kfree_skb(skb); | |
2725 | ||
ffcba827 THJA |
2726 | |
2727 | /* Some platforms have an issue with BT LED when the interface is | |
2728 | * down or BT radio is turned off, which takes 5 seconds to BT LED | |
95655456 THJA |
2729 | * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the |
2730 | * device in the RFKILL ON state which turns off the BT LED immediately. | |
ffcba827 | 2731 | */ |
95655456 | 2732 | if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { |
ffcba827 THJA |
2733 | skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); |
2734 | if (IS_ERR(skb)) { | |
2735 | ret = PTR_ERR(skb); | |
2736 | bt_dev_err(hdev, "turning off Intel device LED failed"); | |
2737 | return ret; | |
2738 | } | |
2739 | kfree_skb(skb); | |
2740 | } | |
2741 | ||
ca5425e1 THJA |
2742 | return 0; |
2743 | } | |
2744 | ||
2745 | int btintel_configure_setup(struct hci_dev *hdev) | |
2746 | { | |
ca5425e1 THJA |
2747 | hdev->manufacturer = 2; |
2748 | hdev->setup = btintel_setup_combined; | |
2749 | hdev->shutdown = btintel_shutdown_combined; | |
019a1caa | 2750 | hdev->hw_error = btintel_hw_error; |
55380714 | 2751 | hdev->set_diag = btintel_set_diag_combined; |
83f2dafe | 2752 | hdev->set_bdaddr = btintel_set_bdaddr; |
ca5425e1 THJA |
2753 | |
2754 | return 0; | |
2755 | } | |
2756 | EXPORT_SYMBOL_GPL(btintel_configure_setup); | |
2757 | ||
019a1caa THJA |
2758 | void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len) |
2759 | { | |
2760 | const struct intel_bootup *evt = ptr; | |
2761 | ||
2762 | if (len != sizeof(*evt)) | |
2763 | return; | |
2764 | ||
2765 | if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING)) | |
2766 | btintel_wake_up_flag(hdev, INTEL_BOOTING); | |
2767 | } | |
2768 | EXPORT_SYMBOL_GPL(btintel_bootup); | |
2769 | ||
2770 | void btintel_secure_send_result(struct hci_dev *hdev, | |
2771 | const void *ptr, unsigned int len) | |
2772 | { | |
2773 | const struct intel_secure_send_result *evt = ptr; | |
2774 | ||
2775 | if (len != sizeof(*evt)) | |
2776 | return; | |
2777 | ||
2778 | if (evt->result) | |
2779 | btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED); | |
2780 | ||
2781 | if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) && | |
2782 | btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED)) | |
2783 | btintel_wake_up_flag(hdev, INTEL_DOWNLOADING); | |
2784 | } | |
2785 | EXPORT_SYMBOL_GPL(btintel_secure_send_result); | |
2786 | ||
48f0ed1b MH |
2787 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
2788 | MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); | |
2789 | MODULE_VERSION(VERSION); | |
2790 | MODULE_LICENSE("GPL"); | |
0ed97e82 MH |
2791 | MODULE_FIRMWARE("intel/ibt-11-5.sfi"); |
2792 | MODULE_FIRMWARE("intel/ibt-11-5.ddc"); | |
d1b7abae JB |
2793 | MODULE_FIRMWARE("intel/ibt-12-16.sfi"); |
2794 | MODULE_FIRMWARE("intel/ibt-12-16.ddc"); |