1 // SPDX-License-Identifier: GPL-2.0-only
3 * Bluetooth supports for Qualcomm Atheros chips
5 * Copyright (c) 2015 The Linux Foundation. All rights reserved.
7 #include <linux/module.h>
8 #include <linux/firmware.h>
10 #include <net/bluetooth/bluetooth.h>
11 #include <net/bluetooth/hci_core.h>
17 int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
20 struct edl_event_hdr *edl;
21 struct rome_version *ver;
25 bt_dev_dbg(hdev, "QCA Version Request");
27 cmd = EDL_PATCH_VER_REQ_CMD;
28 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
29 &cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
32 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
37 if (skb->len != sizeof(*edl) + sizeof(*ver)) {
38 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
43 edl = (struct edl_event_hdr *)(skb->data);
45 bt_dev_err(hdev, "QCA TLV with no header");
50 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
51 edl->rtype != EDL_APP_VER_RES_EVT) {
52 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
58 ver = (struct rome_version *)(edl->data);
60 BT_DBG("%s: Product:0x%08x", hdev->name, le32_to_cpu(ver->product_id));
61 BT_DBG("%s: Patch :0x%08x", hdev->name, le16_to_cpu(ver->patch_ver));
62 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
63 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
65 /* QCA chipset version can be decided by patch and SoC
66 * version, combination with upper 2 bytes from SoC
67 * and lower 2 bytes from patch will be used.
69 *soc_version = (le32_to_cpu(ver->soc_id) << 16) |
70 (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
71 if (*soc_version == 0)
77 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
81 EXPORT_SYMBOL_GPL(qca_read_soc_version);
83 static int qca_send_reset(struct hci_dev *hdev)
88 bt_dev_dbg(hdev, "QCA HCI_RESET");
90 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
93 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
102 static void qca_tlv_check_data(struct rome_config *config,
103 const struct firmware *fw)
109 struct tlv_type_hdr *tlv;
110 struct tlv_type_patch *tlv_patch;
111 struct tlv_type_nvm *tlv_nvm;
113 tlv = (struct tlv_type_hdr *)fw->data;
115 type_len = le32_to_cpu(tlv->type_len);
116 length = (type_len >> 8) & 0x00ffffff;
118 BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff);
119 BT_DBG("Length\t\t : %d bytes", length);
121 config->dnld_mode = ROME_SKIP_EVT_NONE;
123 switch (config->type) {
125 tlv_patch = (struct tlv_type_patch *)tlv->data;
127 /* For Rome version 1.1 to 3.1, all segment commands
128 * are acked by a vendor specific event (VSE).
129 * For Rome >= 3.2, the download mode field indicates
130 * if VSE is skipped by the controller.
131 * In case VSE is skipped, only the last segment is acked.
133 config->dnld_mode = tlv_patch->download_mode;
134 config->dnld_type = config->dnld_mode;
136 BT_DBG("Total Length : %d bytes",
137 le32_to_cpu(tlv_patch->total_size));
138 BT_DBG("Patch Data Length : %d bytes",
139 le32_to_cpu(tlv_patch->data_length));
140 BT_DBG("Signing Format Version : 0x%x",
141 tlv_patch->format_version);
142 BT_DBG("Signature Algorithm : 0x%x",
143 tlv_patch->signature);
144 BT_DBG("Download mode : 0x%x",
145 tlv_patch->download_mode);
146 BT_DBG("Reserved : 0x%x",
147 tlv_patch->reserved1);
148 BT_DBG("Product ID : 0x%04x",
149 le16_to_cpu(tlv_patch->product_id));
150 BT_DBG("Rom Build Version : 0x%04x",
151 le16_to_cpu(tlv_patch->rom_build));
152 BT_DBG("Patch Version : 0x%04x",
153 le16_to_cpu(tlv_patch->patch_version));
154 BT_DBG("Reserved : 0x%x",
155 le16_to_cpu(tlv_patch->reserved2));
156 BT_DBG("Patch Entry Address : 0x%x",
157 le32_to_cpu(tlv_patch->entry));
163 while (idx < length) {
164 tlv_nvm = (struct tlv_type_nvm *)(data + idx);
166 tag_id = le16_to_cpu(tlv_nvm->tag_id);
167 tag_len = le16_to_cpu(tlv_nvm->tag_len);
169 /* Update NVM tags as needed */
172 /* HCI transport layer parameters
173 * enabling software inband sleep
174 * onto controller side.
176 tlv_nvm->data[0] |= 0x80;
179 tlv_nvm->data[2] = config->user_baud_rate;
183 case EDL_TAG_ID_DEEP_SLEEP:
185 * enabling deep sleep feature on controller.
187 tlv_nvm->data[0] |= 0x01;
192 idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len);
197 BT_ERR("Unknown TLV type %d", config->type);
202 static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
203 const u8 *data, enum rome_tlv_dnld_mode mode)
206 struct edl_event_hdr *edl;
207 struct tlv_seg_resp *tlv_resp;
208 u8 cmd[MAX_SIZE_PER_TLV_SEGMENT + 2];
211 cmd[0] = EDL_PATCH_TLV_REQ_CMD;
213 memcpy(cmd + 2, data, seg_size);
215 if (mode == ROME_SKIP_EVT_VSE_CC || mode == ROME_SKIP_EVT_VSE)
216 return __hci_cmd_send(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2,
219 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, seg_size + 2, cmd,
220 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
223 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
227 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
228 bt_dev_err(hdev, "QCA TLV response size mismatch");
233 edl = (struct edl_event_hdr *)(skb->data);
235 bt_dev_err(hdev, "TLV with no header");
240 tlv_resp = (struct tlv_seg_resp *)(edl->data);
242 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
243 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
244 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
245 edl->cresp, edl->rtype, tlv_resp->result);
255 static int qca_inject_cmd_complete_event(struct hci_dev *hdev)
257 struct hci_event_hdr *hdr;
258 struct hci_ev_cmd_complete *evt;
261 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
265 hdr = skb_put(skb, sizeof(*hdr));
266 hdr->evt = HCI_EV_CMD_COMPLETE;
267 hdr->plen = sizeof(*evt) + 1;
269 evt = skb_put(skb, sizeof(*evt));
271 evt->opcode = QCA_HCI_CC_OPCODE;
273 skb_put_u8(skb, QCA_HCI_CC_SUCCESS);
275 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
277 return hci_recv_frame(hdev, skb);
280 static int qca_download_firmware(struct hci_dev *hdev,
281 struct rome_config *config)
283 const struct firmware *fw;
285 int ret, remain, i = 0;
287 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
289 ret = request_firmware(&fw, config->fwname, &hdev->dev);
291 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
292 config->fwname, ret);
296 qca_tlv_check_data(config, fw);
301 int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
303 bt_dev_dbg(hdev, "Send segment %d, size %d", i++, segsize);
306 /* The last segment is always acked regardless download mode */
307 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
308 config->dnld_mode = ROME_SKIP_EVT_NONE;
310 ret = qca_tlv_send_segment(hdev, segsize, segment,
318 /* Latest qualcomm chipsets are not sending a command complete event
319 * for every fw packet sent. They only respond with a vendor specific
320 * event for the last packet. This optimization in the chip will
321 * decrease the BT in initialization time. Here we will inject a command
322 * complete event to avoid a command timeout error message.
324 if (config->dnld_type == ROME_SKIP_EVT_VSE_CC ||
325 config->dnld_type == ROME_SKIP_EVT_VSE)
326 return qca_inject_cmd_complete_event(hdev);
329 release_firmware(fw);
334 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
340 cmd[0] = EDL_NVM_ACCESS_SET_REQ_CMD;
341 cmd[1] = 0x02; /* TAG ID */
342 cmd[2] = sizeof(bdaddr_t); /* size */
343 memcpy(cmd + 3, bdaddr, sizeof(bdaddr_t));
344 skb = __hci_cmd_sync_ev(hdev, EDL_NVM_ACCESS_OPCODE, sizeof(cmd), cmd,
345 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
348 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
356 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
358 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
359 enum qca_btsoc_type soc_type, u32 soc_ver,
360 const char *firmware_name)
362 struct rome_config config;
366 bt_dev_dbg(hdev, "QCA setup on UART");
368 config.user_baud_rate = baudrate;
370 /* Download rampatch file */
371 config.type = TLV_TYPE_PATCH;
372 if (qca_is_wcn399x(soc_type)) {
373 /* Firmware files to download are based on ROM version.
374 * ROM version is derived from last two bytes of soc_ver.
376 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
377 (soc_ver & 0x0000000f);
378 snprintf(config.fwname, sizeof(config.fwname),
379 "qca/crbtfw%02x.tlv", rom_ver);
381 snprintf(config.fwname, sizeof(config.fwname),
382 "qca/rampatch_%08x.bin", soc_ver);
385 err = qca_download_firmware(hdev, &config);
387 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
391 /* Download NVM configuration */
392 config.type = TLV_TYPE_NVM;
394 snprintf(config.fwname, sizeof(config.fwname),
395 "qca/%s", firmware_name);
396 else if (qca_is_wcn399x(soc_type))
397 snprintf(config.fwname, sizeof(config.fwname),
398 "qca/crnv%02x.bin", rom_ver);
400 snprintf(config.fwname, sizeof(config.fwname),
401 "qca/nvm_%08x.bin", soc_ver);
403 err = qca_download_firmware(hdev, &config);
405 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
409 /* Perform HCI reset */
410 err = qca_send_reset(hdev);
412 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
416 bt_dev_info(hdev, "QCA setup on UART is completed");
420 EXPORT_SYMBOL_GPL(qca_uart_setup);
422 int qca_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
427 skb = __hci_cmd_sync_ev(hdev, EDL_WRITE_BD_ADDR_OPCODE, 6, bdaddr,
428 HCI_EV_VENDOR, HCI_INIT_TIMEOUT);
431 bt_dev_err(hdev, "QCA Change address cmd failed (%d)", err);
439 EXPORT_SYMBOL_GPL(qca_set_bdaddr);
442 MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
443 MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
444 MODULE_VERSION(VERSION);
445 MODULE_LICENSE("GPL");