btintel.c 98 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. *
  4. * Bluetooth support for Intel devices
  5. *
  6. * Copyright (C) 2015 Intel Corporation
  7. */
  8. #include <linux/module.h>
  9. #include <linux/firmware.h>
  10. #include <linux/regmap.h>
  11. #include <linux/string_choices.h>
  12. #include <linux/acpi.h>
  13. #include <acpi/acpi_bus.h>
  14. #include <linux/unaligned.h>
  15. #include <linux/efi.h>
  16. #include <net/bluetooth/bluetooth.h>
  17. #include <net/bluetooth/hci_core.h>
  18. #include "btintel.h"
  19. #define VERSION "0.1"
  20. #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
  21. #define RSA_HEADER_LEN 644
  22. #define CSS_HEADER_OFFSET 8
  23. #define ECDSA_OFFSET 644
  24. #define ECDSA_HEADER_LEN 320
  25. #define BTINTEL_EFI_DSBR L"UefiCnvCommonDSBR"
  26. enum {
  27. DSM_SET_WDISABLE2_DELAY = 1,
  28. DSM_SET_RESET_METHOD = 3,
  29. };
  30. #define BTINTEL_BT_DOMAIN 0x12
  31. #define BTINTEL_SAR_LEGACY 0
  32. #define BTINTEL_SAR_INC_PWR 1
  33. #define BTINTEL_SAR_INC_PWR_SUPPORTED 0
  34. #define CMD_WRITE_BOOT_PARAMS 0xfc0e
  35. struct cmd_write_boot_params {
  36. __le32 boot_addr;
  37. u8 fw_build_num;
  38. u8 fw_build_ww;
  39. u8 fw_build_yy;
  40. } __packed;
  41. static struct {
  42. const char *driver_name;
  43. u8 hw_variant;
  44. u32 fw_build_num;
  45. } coredump_info;
  46. static const guid_t btintel_guid_dsm =
  47. GUID_INIT(0xaa10f4e0, 0x81ac, 0x4233,
  48. 0xab, 0xf6, 0x3b, 0x2a, 0xc5, 0x0e, 0x28, 0xd9);
  49. int btintel_check_bdaddr(struct hci_dev *hdev)
  50. {
  51. struct hci_rp_read_bd_addr *bda;
  52. struct sk_buff *skb;
  53. skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
  54. HCI_INIT_TIMEOUT);
  55. if (IS_ERR(skb)) {
  56. int err = PTR_ERR(skb);
  57. bt_dev_err(hdev, "Reading Intel device address failed (%d)",
  58. err);
  59. return err;
  60. }
  61. if (skb->len != sizeof(*bda)) {
  62. bt_dev_err(hdev, "Intel device address length mismatch");
  63. kfree_skb(skb);
  64. return -EIO;
  65. }
  66. bda = (struct hci_rp_read_bd_addr *)skb->data;
  67. /* For some Intel based controllers, the default Bluetooth device
  68. * address 00:03:19:9E:8B:00 can be found. These controllers are
  69. * fully operational, but have the danger of duplicate addresses
  70. * and that in turn can cause problems with Bluetooth operation.
  71. */
  72. if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
  73. bt_dev_err(hdev, "Found Intel default device address (%pMR)",
  74. &bda->bdaddr);
  75. hci_set_quirk(hdev, HCI_QUIRK_INVALID_BDADDR);
  76. }
  77. kfree_skb(skb);
  78. return 0;
  79. }
  80. EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
  81. int btintel_enter_mfg(struct hci_dev *hdev)
  82. {
  83. static const u8 param[] = { 0x01, 0x00 };
  84. struct sk_buff *skb;
  85. skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
  86. if (IS_ERR(skb)) {
  87. bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
  88. PTR_ERR(skb));
  89. return PTR_ERR(skb);
  90. }
  91. kfree_skb(skb);
  92. return 0;
  93. }
  94. EXPORT_SYMBOL_GPL(btintel_enter_mfg);
  95. int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
  96. {
  97. u8 param[] = { 0x00, 0x00 };
  98. struct sk_buff *skb;
  99. /* The 2nd command parameter specifies the manufacturing exit method:
  100. * 0x00: Just disable the manufacturing mode (0x00).
  101. * 0x01: Disable manufacturing mode and reset with patches deactivated.
  102. * 0x02: Disable manufacturing mode and reset with patches activated.
  103. */
  104. if (reset)
  105. param[1] |= patched ? 0x02 : 0x01;
  106. skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
  107. if (IS_ERR(skb)) {
  108. bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
  109. PTR_ERR(skb));
  110. return PTR_ERR(skb);
  111. }
  112. kfree_skb(skb);
  113. return 0;
  114. }
  115. EXPORT_SYMBOL_GPL(btintel_exit_mfg);
  116. int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
  117. {
  118. struct sk_buff *skb;
  119. int err;
  120. skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
  121. if (IS_ERR(skb)) {
  122. err = PTR_ERR(skb);
  123. bt_dev_err(hdev, "Changing Intel device address failed (%d)",
  124. err);
  125. return err;
  126. }
  127. kfree_skb(skb);
  128. return 0;
  129. }
  130. EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
  131. static int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
  132. {
  133. u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  134. struct sk_buff *skb;
  135. int err;
  136. if (debug)
  137. mask[1] |= 0x62;
  138. skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
  139. if (IS_ERR(skb)) {
  140. err = PTR_ERR(skb);
  141. bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err);
  142. return err;
  143. }
  144. kfree_skb(skb);
  145. return 0;
  146. }
  147. int btintel_set_diag(struct hci_dev *hdev, bool enable)
  148. {
  149. struct sk_buff *skb;
  150. u8 param[3];
  151. int err;
  152. if (enable) {
  153. param[0] = 0x03;
  154. param[1] = 0x03;
  155. param[2] = 0x03;
  156. } else {
  157. param[0] = 0x00;
  158. param[1] = 0x00;
  159. param[2] = 0x00;
  160. }
  161. skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
  162. if (IS_ERR(skb)) {
  163. err = PTR_ERR(skb);
  164. if (err == -ENODATA)
  165. goto done;
  166. bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)",
  167. err);
  168. return err;
  169. }
  170. kfree_skb(skb);
  171. done:
  172. btintel_set_event_mask(hdev, enable);
  173. return 0;
  174. }
  175. EXPORT_SYMBOL_GPL(btintel_set_diag);
  176. static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
  177. {
  178. int err, ret;
  179. err = btintel_enter_mfg(hdev);
  180. if (err)
  181. return err;
  182. ret = btintel_set_diag(hdev, enable);
  183. err = btintel_exit_mfg(hdev, false, false);
  184. if (err)
  185. return err;
  186. return ret;
  187. }
  188. static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable)
  189. {
  190. int ret;
  191. /* Legacy ROM device needs to be in the manufacturer mode to apply
  192. * diagnostic setting
  193. *
  194. * This flag is set after reading the Intel version.
  195. */
  196. if (btintel_test_flag(hdev, INTEL_ROM_LEGACY))
  197. ret = btintel_set_diag_mfg(hdev, enable);
  198. else
  199. ret = btintel_set_diag(hdev, enable);
  200. return ret;
  201. }
  202. void btintel_hw_error(struct hci_dev *hdev, u8 code)
  203. {
  204. struct sk_buff *skb;
  205. u8 type = 0x00;
  206. bt_dev_err(hdev, "Hardware error 0x%2.2x", code);
  207. hci_req_sync_lock(hdev);
  208. skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
  209. if (IS_ERR(skb)) {
  210. bt_dev_err(hdev, "Reset after hardware error failed (%ld)",
  211. PTR_ERR(skb));
  212. goto unlock;
  213. }
  214. kfree_skb(skb);
  215. skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
  216. if (IS_ERR(skb)) {
  217. bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)",
  218. PTR_ERR(skb));
  219. goto unlock;
  220. }
  221. if (skb->len != 13) {
  222. bt_dev_err(hdev, "Exception info size mismatch");
  223. kfree_skb(skb);
  224. goto unlock;
  225. }
  226. bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1));
  227. kfree_skb(skb);
  228. unlock:
  229. hci_req_sync_unlock(hdev);
  230. }
  231. EXPORT_SYMBOL_GPL(btintel_hw_error);
  232. int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
  233. {
  234. const char *variant;
  235. /* The hardware platform number has a fixed value of 0x37 and
  236. * for now only accept this single value.
  237. */
  238. if (ver->hw_platform != 0x37) {
  239. bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
  240. ver->hw_platform);
  241. return -EINVAL;
  242. }
  243. /* Check for supported iBT hardware variants of this firmware
  244. * loading method.
  245. *
  246. * This check has been put in place to ensure correct forward
  247. * compatibility options when newer hardware variants come along.
  248. */
  249. switch (ver->hw_variant) {
  250. case 0x07: /* WP - Legacy ROM */
  251. case 0x08: /* StP - Legacy ROM */
  252. case 0x0b: /* SfP */
  253. case 0x0c: /* WsP */
  254. case 0x11: /* JfP */
  255. case 0x12: /* ThP */
  256. case 0x13: /* HrP */
  257. case 0x14: /* CcP */
  258. break;
  259. default:
  260. bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
  261. ver->hw_variant);
  262. return -EINVAL;
  263. }
  264. switch (ver->fw_variant) {
  265. case 0x01:
  266. variant = "Legacy ROM 2.5";
  267. break;
  268. case 0x06:
  269. variant = "Bootloader";
  270. break;
  271. case 0x22:
  272. variant = "Legacy ROM 2.x";
  273. break;
  274. case 0x23:
  275. variant = "Firmware";
  276. break;
  277. default:
  278. bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant);
  279. return -EINVAL;
  280. }
  281. coredump_info.hw_variant = ver->hw_variant;
  282. coredump_info.fw_build_num = ver->fw_build_num;
  283. bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u",
  284. variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
  285. ver->fw_build_num, ver->fw_build_ww,
  286. 2000 + ver->fw_build_yy);
  287. return 0;
  288. }
  289. EXPORT_SYMBOL_GPL(btintel_version_info);
  290. static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
  291. const void *param)
  292. {
  293. while (plen > 0) {
  294. struct sk_buff *skb;
  295. u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
  296. cmd_param[0] = fragment_type;
  297. memcpy(cmd_param + 1, param, fragment_len);
  298. skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
  299. cmd_param, HCI_INIT_TIMEOUT);
  300. if (IS_ERR(skb))
  301. return PTR_ERR(skb);
  302. kfree_skb(skb);
  303. plen -= fragment_len;
  304. param += fragment_len;
  305. }
  306. return 0;
  307. }
  308. int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
  309. {
  310. const struct firmware *fw;
  311. struct sk_buff *skb;
  312. const u8 *fw_ptr;
  313. int err;
  314. err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
  315. if (err < 0) {
  316. bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
  317. ddc_name, err);
  318. return err;
  319. }
  320. bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
  321. fw_ptr = fw->data;
  322. /* DDC file contains one or more DDC structure which has
  323. * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
  324. */
  325. while (fw->size > fw_ptr - fw->data) {
  326. u8 cmd_plen = fw_ptr[0] + sizeof(u8);
  327. skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
  328. HCI_INIT_TIMEOUT);
  329. if (IS_ERR(skb)) {
  330. bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
  331. PTR_ERR(skb));
  332. release_firmware(fw);
  333. return PTR_ERR(skb);
  334. }
  335. fw_ptr += cmd_plen;
  336. kfree_skb(skb);
  337. }
  338. release_firmware(fw);
  339. bt_dev_info(hdev, "Applying Intel DDC parameters completed");
  340. return 0;
  341. }
  342. EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
  343. int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
  344. {
  345. int err, ret;
  346. err = btintel_enter_mfg(hdev);
  347. if (err)
  348. return err;
  349. ret = btintel_set_event_mask(hdev, debug);
  350. err = btintel_exit_mfg(hdev, false, false);
  351. if (err)
  352. return err;
  353. return ret;
  354. }
  355. EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
  356. int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
  357. {
  358. struct sk_buff *skb;
  359. skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
  360. if (IS_ERR(skb)) {
  361. bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
  362. PTR_ERR(skb));
  363. return PTR_ERR(skb);
  364. }
  365. if (!skb || skb->len != sizeof(*ver)) {
  366. bt_dev_err(hdev, "Intel version event size mismatch");
  367. kfree_skb(skb);
  368. return -EILSEQ;
  369. }
  370. memcpy(ver, skb->data, sizeof(*ver));
  371. kfree_skb(skb);
  372. return 0;
  373. }
  374. EXPORT_SYMBOL_GPL(btintel_read_version);
  375. int btintel_version_info_tlv(struct hci_dev *hdev,
  376. struct intel_version_tlv *version)
  377. {
  378. const char *variant;
  379. /* The hardware platform number has a fixed value of 0x37 and
  380. * for now only accept this single value.
  381. */
  382. if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) {
  383. bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
  384. INTEL_HW_PLATFORM(version->cnvi_bt));
  385. return -EINVAL;
  386. }
  387. /* Check for supported iBT hardware variants of this firmware
  388. * loading method.
  389. *
  390. * This check has been put in place to ensure correct forward
  391. * compatibility options when newer hardware variants come along.
  392. */
  393. switch (INTEL_HW_VARIANT(version->cnvi_bt)) {
  394. case 0x17: /* TyP */
  395. case 0x18: /* Slr */
  396. case 0x19: /* Slr-F */
  397. case 0x1b: /* Mgr */
  398. case 0x1c: /* Gale Peak (GaP) */
  399. case 0x1d: /* BlazarU (BzrU) */
  400. case 0x1e: /* BlazarI (Bzr) */
  401. case 0x1f: /* Scorpious Peak */
  402. case 0x22: /* BlazarIW (BzrIW) */
  403. break;
  404. default:
  405. bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
  406. INTEL_HW_VARIANT(version->cnvi_bt));
  407. return -EINVAL;
  408. }
  409. switch (version->img_type) {
  410. case BTINTEL_IMG_BOOTLOADER:
  411. variant = "Bootloader";
  412. /* It is required that every single firmware fragment is acknowledged
  413. * with a command complete event. If the boot parameters indicate
  414. * that this bootloader does not send them, then abort the setup.
  415. */
  416. if (version->limited_cce != 0x00) {
  417. bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)",
  418. version->limited_cce);
  419. return -EINVAL;
  420. }
  421. /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */
  422. if (version->sbe_type > 0x01) {
  423. bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)",
  424. version->sbe_type);
  425. return -EINVAL;
  426. }
  427. bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id);
  428. bt_dev_info(hdev, "Secure boot is %s",
  429. str_enabled_disabled(version->secure_boot));
  430. bt_dev_info(hdev, "OTP lock is %s",
  431. str_enabled_disabled(version->otp_lock));
  432. bt_dev_info(hdev, "API lock is %s",
  433. str_enabled_disabled(version->api_lock));
  434. bt_dev_info(hdev, "Debug lock is %s",
  435. str_enabled_disabled(version->debug_lock));
  436. bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
  437. version->min_fw_build_nn, version->min_fw_build_cw,
  438. 2000 + version->min_fw_build_yy);
  439. break;
  440. case BTINTEL_IMG_IML:
  441. variant = "Intermediate loader";
  442. break;
  443. case BTINTEL_IMG_OP:
  444. variant = "Firmware";
  445. break;
  446. default:
  447. bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type);
  448. return -EINVAL;
  449. }
  450. coredump_info.hw_variant = INTEL_HW_VARIANT(version->cnvi_bt);
  451. coredump_info.fw_build_num = version->build_num;
  452. bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant,
  453. 2000 + (version->timestamp >> 8), version->timestamp & 0xff,
  454. version->build_type, version->build_num);
  455. if (version->img_type == BTINTEL_IMG_OP)
  456. bt_dev_info(hdev, "Firmware SHA1: 0x%8.8x", version->git_sha1);
  457. return 0;
  458. }
  459. EXPORT_SYMBOL_GPL(btintel_version_info_tlv);
  460. int btintel_parse_version_tlv(struct hci_dev *hdev,
  461. struct intel_version_tlv *version,
  462. struct sk_buff *skb)
  463. {
  464. /* Consume Command Complete Status field */
  465. skb_pull(skb, 1);
  466. /* Event parameters contain multiple TLVs. Read each of them
  467. * and only keep the required data. Also, it use existing legacy
  468. * version field like hw_platform, hw_variant, and fw_variant
  469. * to keep the existing setup flow
  470. */
  471. while (skb->len) {
  472. struct intel_tlv *tlv;
  473. /* Make sure skb has a minimum length of the header */
  474. if (skb->len < sizeof(*tlv))
  475. return -EINVAL;
  476. tlv = (struct intel_tlv *)skb->data;
  477. /* Make sure skb has a enough data */
  478. if (skb->len < tlv->len + sizeof(*tlv))
  479. return -EINVAL;
  480. switch (tlv->type) {
  481. case INTEL_TLV_CNVI_TOP:
  482. version->cnvi_top = get_unaligned_le32(tlv->val);
  483. break;
  484. case INTEL_TLV_CNVR_TOP:
  485. version->cnvr_top = get_unaligned_le32(tlv->val);
  486. break;
  487. case INTEL_TLV_CNVI_BT:
  488. version->cnvi_bt = get_unaligned_le32(tlv->val);
  489. break;
  490. case INTEL_TLV_CNVR_BT:
  491. version->cnvr_bt = get_unaligned_le32(tlv->val);
  492. break;
  493. case INTEL_TLV_DEV_REV_ID:
  494. version->dev_rev_id = get_unaligned_le16(tlv->val);
  495. break;
  496. case INTEL_TLV_IMAGE_TYPE:
  497. version->img_type = tlv->val[0];
  498. break;
  499. case INTEL_TLV_TIME_STAMP:
  500. /* If image type is Operational firmware (0x03), then
  501. * running FW Calendar Week and Year information can
  502. * be extracted from Timestamp information
  503. */
  504. version->min_fw_build_cw = tlv->val[0];
  505. version->min_fw_build_yy = tlv->val[1];
  506. version->timestamp = get_unaligned_le16(tlv->val);
  507. break;
  508. case INTEL_TLV_BUILD_TYPE:
  509. version->build_type = tlv->val[0];
  510. break;
  511. case INTEL_TLV_BUILD_NUM:
  512. /* If image type is Operational firmware (0x03), then
  513. * running FW build number can be extracted from the
  514. * Build information
  515. */
  516. version->min_fw_build_nn = tlv->val[0];
  517. version->build_num = get_unaligned_le32(tlv->val);
  518. break;
  519. case INTEL_TLV_SECURE_BOOT:
  520. version->secure_boot = tlv->val[0];
  521. break;
  522. case INTEL_TLV_OTP_LOCK:
  523. version->otp_lock = tlv->val[0];
  524. break;
  525. case INTEL_TLV_API_LOCK:
  526. version->api_lock = tlv->val[0];
  527. break;
  528. case INTEL_TLV_DEBUG_LOCK:
  529. version->debug_lock = tlv->val[0];
  530. break;
  531. case INTEL_TLV_MIN_FW:
  532. version->min_fw_build_nn = tlv->val[0];
  533. version->min_fw_build_cw = tlv->val[1];
  534. version->min_fw_build_yy = tlv->val[2];
  535. break;
  536. case INTEL_TLV_LIMITED_CCE:
  537. version->limited_cce = tlv->val[0];
  538. break;
  539. case INTEL_TLV_SBE_TYPE:
  540. version->sbe_type = tlv->val[0];
  541. break;
  542. case INTEL_TLV_OTP_BDADDR:
  543. memcpy(&version->otp_bd_addr, tlv->val,
  544. sizeof(bdaddr_t));
  545. break;
  546. case INTEL_TLV_GIT_SHA1:
  547. version->git_sha1 = get_unaligned_le32(tlv->val);
  548. break;
  549. case INTEL_TLV_FW_ID:
  550. snprintf(version->fw_id, sizeof(version->fw_id),
  551. "%s", tlv->val);
  552. break;
  553. default:
  554. /* Ignore rest of information */
  555. break;
  556. }
  557. /* consume the current tlv and move to next*/
  558. skb_pull(skb, tlv->len + sizeof(*tlv));
  559. }
  560. return 0;
  561. }
  562. EXPORT_SYMBOL_GPL(btintel_parse_version_tlv);
  563. static int btintel_read_version_tlv(struct hci_dev *hdev,
  564. struct intel_version_tlv *version)
  565. {
  566. struct sk_buff *skb;
  567. const u8 param[1] = { 0xFF };
  568. if (!version)
  569. return -EINVAL;
  570. skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
  571. if (IS_ERR(skb)) {
  572. bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
  573. PTR_ERR(skb));
  574. return PTR_ERR(skb);
  575. }
  576. if (skb->data[0]) {
  577. bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
  578. skb->data[0]);
  579. kfree_skb(skb);
  580. return -EIO;
  581. }
  582. btintel_parse_version_tlv(hdev, version, skb);
  583. kfree_skb(skb);
  584. return 0;
  585. }
  586. /* ------- REGMAP IBT SUPPORT ------- */
  587. #define IBT_REG_MODE_8BIT 0x00
  588. #define IBT_REG_MODE_16BIT 0x01
  589. #define IBT_REG_MODE_32BIT 0x02
  590. struct regmap_ibt_context {
  591. struct hci_dev *hdev;
  592. __u16 op_write;
  593. __u16 op_read;
  594. };
  595. struct ibt_cp_reg_access {
  596. __le32 addr;
  597. __u8 mode;
  598. __u8 len;
  599. __u8 data[];
  600. } __packed;
  601. struct ibt_rp_reg_access {
  602. __u8 status;
  603. __le32 addr;
  604. __u8 data[];
  605. } __packed;
  606. static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
  607. void *val, size_t val_size)
  608. {
  609. struct regmap_ibt_context *ctx = context;
  610. struct ibt_cp_reg_access cp;
  611. struct ibt_rp_reg_access *rp;
  612. struct sk_buff *skb;
  613. int err = 0;
  614. if (reg_size != sizeof(__le32))
  615. return -EINVAL;
  616. switch (val_size) {
  617. case 1:
  618. cp.mode = IBT_REG_MODE_8BIT;
  619. break;
  620. case 2:
  621. cp.mode = IBT_REG_MODE_16BIT;
  622. break;
  623. case 4:
  624. cp.mode = IBT_REG_MODE_32BIT;
  625. break;
  626. default:
  627. return -EINVAL;
  628. }
  629. /* regmap provides a little-endian formatted addr */
  630. cp.addr = *(__le32 *)addr;
  631. cp.len = val_size;
  632. bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
  633. skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
  634. HCI_CMD_TIMEOUT);
  635. if (IS_ERR(skb)) {
  636. err = PTR_ERR(skb);
  637. bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
  638. le32_to_cpu(cp.addr), err);
  639. return err;
  640. }
  641. if (skb->len != sizeof(*rp) + val_size) {
  642. bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
  643. le32_to_cpu(cp.addr));
  644. err = -EINVAL;
  645. goto done;
  646. }
  647. rp = (struct ibt_rp_reg_access *)skb->data;
  648. if (rp->addr != cp.addr) {
  649. bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
  650. le32_to_cpu(rp->addr));
  651. err = -EINVAL;
  652. goto done;
  653. }
  654. memcpy(val, rp->data, val_size);
  655. done:
  656. kfree_skb(skb);
  657. return err;
  658. }
  659. static int regmap_ibt_gather_write(void *context,
  660. const void *addr, size_t reg_size,
  661. const void *val, size_t val_size)
  662. {
  663. struct regmap_ibt_context *ctx = context;
  664. struct ibt_cp_reg_access *cp;
  665. struct sk_buff *skb;
  666. int plen = sizeof(*cp) + val_size;
  667. u8 mode;
  668. int err = 0;
  669. if (reg_size != sizeof(__le32))
  670. return -EINVAL;
  671. switch (val_size) {
  672. case 1:
  673. mode = IBT_REG_MODE_8BIT;
  674. break;
  675. case 2:
  676. mode = IBT_REG_MODE_16BIT;
  677. break;
  678. case 4:
  679. mode = IBT_REG_MODE_32BIT;
  680. break;
  681. default:
  682. return -EINVAL;
  683. }
  684. cp = kmalloc(plen, GFP_KERNEL);
  685. if (!cp)
  686. return -ENOMEM;
  687. /* regmap provides a little-endian formatted addr/value */
  688. cp->addr = *(__le32 *)addr;
  689. cp->mode = mode;
  690. cp->len = val_size;
  691. memcpy(&cp->data, val, val_size);
  692. bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
  693. skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
  694. if (IS_ERR(skb)) {
  695. err = PTR_ERR(skb);
  696. bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
  697. le32_to_cpu(cp->addr), err);
  698. goto done;
  699. }
  700. kfree_skb(skb);
  701. done:
  702. kfree(cp);
  703. return err;
  704. }
  705. static int regmap_ibt_write(void *context, const void *data, size_t count)
  706. {
  707. /* data contains register+value, since we only support 32bit addr,
  708. * minimum data size is 4 bytes.
  709. */
  710. if (WARN_ONCE(count < 4, "Invalid register access"))
  711. return -EINVAL;
  712. return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
  713. }
  714. static void regmap_ibt_free_context(void *context)
  715. {
  716. kfree(context);
  717. }
  718. static const struct regmap_bus regmap_ibt = {
  719. .read = regmap_ibt_read,
  720. .write = regmap_ibt_write,
  721. .gather_write = regmap_ibt_gather_write,
  722. .free_context = regmap_ibt_free_context,
  723. .reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
  724. .val_format_endian_default = REGMAP_ENDIAN_LITTLE,
  725. };
  726. /* Config is the same for all register regions */
  727. static const struct regmap_config regmap_ibt_cfg = {
  728. .name = "btintel_regmap",
  729. .reg_bits = 32,
  730. .val_bits = 32,
  731. };
  732. struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
  733. u16 opcode_write)
  734. {
  735. struct regmap_ibt_context *ctx;
  736. bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
  737. opcode_write);
  738. ctx = kzalloc_obj(*ctx);
  739. if (!ctx)
  740. return ERR_PTR(-ENOMEM);
  741. ctx->op_read = opcode_read;
  742. ctx->op_write = opcode_write;
  743. ctx->hdev = hdev;
  744. return regmap_init(&hdev->dev, &regmap_ibt, ctx, &regmap_ibt_cfg);
  745. }
  746. EXPORT_SYMBOL_GPL(btintel_regmap_init);
  747. int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param)
  748. {
  749. struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 };
  750. struct sk_buff *skb;
  751. params.boot_param = cpu_to_le32(boot_param);
  752. skb = __hci_cmd_sync(hdev, BTINTEL_HCI_OP_RESET, sizeof(params), &params,
  753. HCI_INIT_TIMEOUT);
  754. if (IS_ERR(skb)) {
  755. bt_dev_err(hdev, "Failed to send Intel Reset command");
  756. return PTR_ERR(skb);
  757. }
  758. kfree_skb(skb);
  759. return 0;
  760. }
  761. EXPORT_SYMBOL_GPL(btintel_send_intel_reset);
  762. int btintel_read_boot_params(struct hci_dev *hdev,
  763. struct intel_boot_params *params)
  764. {
  765. struct sk_buff *skb;
  766. skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
  767. if (IS_ERR(skb)) {
  768. bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
  769. PTR_ERR(skb));
  770. return PTR_ERR(skb);
  771. }
  772. if (skb->len != sizeof(*params)) {
  773. bt_dev_err(hdev, "Intel boot parameters size mismatch");
  774. kfree_skb(skb);
  775. return -EILSEQ;
  776. }
  777. memcpy(params, skb->data, sizeof(*params));
  778. kfree_skb(skb);
  779. if (params->status) {
  780. bt_dev_err(hdev, "Intel boot parameters command failed (%02x)",
  781. params->status);
  782. return -bt_to_errno(params->status);
  783. }
  784. bt_dev_info(hdev, "Device revision is %u",
  785. le16_to_cpu(params->dev_revid));
  786. bt_dev_info(hdev, "Secure boot is %s",
  787. str_enabled_disabled(params->secure_boot));
  788. bt_dev_info(hdev, "OTP lock is %s",
  789. str_enabled_disabled(params->otp_lock));
  790. bt_dev_info(hdev, "API lock is %s",
  791. str_enabled_disabled(params->api_lock));
  792. bt_dev_info(hdev, "Debug lock is %s",
  793. str_enabled_disabled(params->debug_lock));
  794. bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
  795. params->min_fw_build_nn, params->min_fw_build_cw,
  796. 2000 + params->min_fw_build_yy);
  797. return 0;
  798. }
  799. EXPORT_SYMBOL_GPL(btintel_read_boot_params);
  800. static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev,
  801. const struct firmware *fw)
  802. {
  803. int err;
  804. /* Start the firmware download transaction with the Init fragment
  805. * represented by the 128 bytes of CSS header.
  806. */
  807. err = btintel_secure_send(hdev, 0x00, 128, fw->data);
  808. if (err < 0) {
  809. bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
  810. goto done;
  811. }
  812. /* Send the 256 bytes of public key information from the firmware
  813. * as the PKey fragment.
  814. */
  815. err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
  816. if (err < 0) {
  817. bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
  818. goto done;
  819. }
  820. /* Send the 256 bytes of signature information from the firmware
  821. * as the Sign fragment.
  822. */
  823. err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
  824. if (err < 0) {
  825. bt_dev_err(hdev, "Failed to send firmware signature (%d)", err);
  826. goto done;
  827. }
  828. done:
  829. return err;
  830. }
  831. static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev,
  832. const struct firmware *fw)
  833. {
  834. int err;
  835. /* Start the firmware download transaction with the Init fragment
  836. * represented by the 128 bytes of CSS header.
  837. */
  838. err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644);
  839. if (err < 0) {
  840. bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
  841. return err;
  842. }
  843. /* Send the 96 bytes of public key information from the firmware
  844. * as the PKey fragment.
  845. */
  846. err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128);
  847. if (err < 0) {
  848. bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
  849. return err;
  850. }
  851. /* Send the 96 bytes of signature information from the firmware
  852. * as the Sign fragment
  853. */
  854. err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224);
  855. if (err < 0) {
  856. bt_dev_err(hdev, "Failed to send firmware signature (%d)",
  857. err);
  858. return err;
  859. }
  860. return 0;
  861. }
  862. static int btintel_download_firmware_payload(struct hci_dev *hdev,
  863. const struct firmware *fw,
  864. size_t offset)
  865. {
  866. int err;
  867. const u8 *fw_ptr;
  868. u32 frag_len;
  869. fw_ptr = fw->data + offset;
  870. frag_len = 0;
  871. err = -EINVAL;
  872. while (fw_ptr - fw->data < fw->size) {
  873. struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
  874. frag_len += sizeof(*cmd) + cmd->plen;
  875. /* The parameter length of the secure send command requires
  876. * a 4 byte alignment. It happens so that the firmware file
  877. * contains proper Intel_NOP commands to align the fragments
  878. * as needed.
  879. *
  880. * Send set of commands with 4 byte alignment from the
  881. * firmware data buffer as a single Data fragment.
  882. */
  883. if (!(frag_len % 4)) {
  884. err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
  885. if (err < 0) {
  886. bt_dev_err(hdev,
  887. "Failed to send firmware data (%d)",
  888. err);
  889. goto done;
  890. }
  891. fw_ptr += frag_len;
  892. frag_len = 0;
  893. }
  894. }
  895. done:
  896. return err;
  897. }
  898. static bool btintel_firmware_version(struct hci_dev *hdev,
  899. u8 num, u8 ww, u8 yy,
  900. const struct firmware *fw,
  901. u32 *boot_addr)
  902. {
  903. const u8 *fw_ptr;
  904. fw_ptr = fw->data;
  905. while (fw_ptr - fw->data < fw->size) {
  906. struct hci_command_hdr *cmd = (void *)(fw_ptr);
  907. /* Each SKU has a different reset parameter to use in the
  908. * HCI_Intel_Reset command and it is embedded in the firmware
  909. * data. So, instead of using static value per SKU, check
  910. * the firmware data and save it for later use.
  911. */
  912. if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) {
  913. struct cmd_write_boot_params *params;
  914. params = (void *)(fw_ptr + sizeof(*cmd));
  915. *boot_addr = le32_to_cpu(params->boot_addr);
  916. bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr);
  917. bt_dev_info(hdev, "Firmware Version: %u-%u.%u",
  918. params->fw_build_num, params->fw_build_ww,
  919. params->fw_build_yy);
  920. return (num == params->fw_build_num &&
  921. ww == params->fw_build_ww &&
  922. yy == params->fw_build_yy);
  923. }
  924. fw_ptr += sizeof(*cmd) + cmd->plen;
  925. }
  926. return false;
  927. }
  928. int btintel_download_firmware(struct hci_dev *hdev,
  929. struct intel_version *ver,
  930. const struct firmware *fw,
  931. u32 *boot_param)
  932. {
  933. int err;
  934. /* SfP and WsP don't seem to update the firmware version on file
  935. * so version checking is currently not possible.
  936. */
  937. switch (ver->hw_variant) {
  938. case 0x0b: /* SfP */
  939. case 0x0c: /* WsP */
  940. /* Skip version checking */
  941. break;
  942. default:
  943. /* Skip download if firmware has the same version */
  944. if (btintel_firmware_version(hdev, ver->fw_build_num,
  945. ver->fw_build_ww, ver->fw_build_yy,
  946. fw, boot_param)) {
  947. bt_dev_info(hdev, "Firmware already loaded");
  948. /* Return -EALREADY to indicate that the firmware has
  949. * already been loaded.
  950. */
  951. return -EALREADY;
  952. }
  953. }
  954. /* The firmware variant determines if the device is in bootloader
  955. * mode or is running operational firmware. The value 0x06 identifies
  956. * the bootloader and the value 0x23 identifies the operational
  957. * firmware.
  958. *
  959. * If the firmware version has changed that means it needs to be reset
  960. * to bootloader when operational so the new firmware can be loaded.
  961. */
  962. if (ver->fw_variant == 0x23)
  963. return -EINVAL;
  964. err = btintel_sfi_rsa_header_secure_send(hdev, fw);
  965. if (err)
  966. return err;
  967. return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
  968. }
  969. EXPORT_SYMBOL_GPL(btintel_download_firmware);
  970. static int btintel_download_fw_tlv(struct hci_dev *hdev,
  971. struct intel_version_tlv *ver,
  972. const struct firmware *fw, u32 *boot_param,
  973. u8 hw_variant, u8 sbe_type)
  974. {
  975. int err;
  976. u32 css_header_ver;
  977. /* Skip download if firmware has the same version */
  978. if (btintel_firmware_version(hdev, ver->min_fw_build_nn,
  979. ver->min_fw_build_cw,
  980. ver->min_fw_build_yy,
  981. fw, boot_param)) {
  982. bt_dev_info(hdev, "Firmware already loaded");
  983. /* Return -EALREADY to indicate that firmware has
  984. * already been loaded.
  985. */
  986. return -EALREADY;
  987. }
  988. /* The firmware variant determines if the device is in bootloader
  989. * mode or is running operational firmware. The value 0x01 identifies
  990. * the bootloader and the value 0x03 identifies the operational
  991. * firmware.
  992. *
  993. * If the firmware version has changed that means it needs to be reset
  994. * to bootloader when operational so the new firmware can be loaded.
  995. */
  996. if (ver->img_type == BTINTEL_IMG_OP)
  997. return -EINVAL;
  998. /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support
  999. * only RSA secure boot engine. Hence, the corresponding sfi file will
  1000. * have RSA header of 644 bytes followed by Command Buffer.
  1001. *
  1002. * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA
  1003. * secure boot engine. As a result, the corresponding sfi file will
  1004. * have RSA header of 644, ECDSA header of 320 bytes followed by
  1005. * Command Buffer.
  1006. *
  1007. * CSS Header byte positions 0x08 to 0x0B represent the CSS Header
  1008. * version: RSA(0x00010000) , ECDSA (0x00020000)
  1009. */
  1010. css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET);
  1011. if (css_header_ver != 0x00010000) {
  1012. bt_dev_err(hdev, "Invalid CSS Header version");
  1013. return -EINVAL;
  1014. }
  1015. if (hw_variant <= 0x14) {
  1016. if (sbe_type != 0x00) {
  1017. bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)",
  1018. hw_variant);
  1019. return -EINVAL;
  1020. }
  1021. err = btintel_sfi_rsa_header_secure_send(hdev, fw);
  1022. if (err)
  1023. return err;
  1024. err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
  1025. if (err)
  1026. return err;
  1027. } else if (hw_variant >= 0x17) {
  1028. /* Check if CSS header for ECDSA follows the RSA header */
  1029. if (fw->data[ECDSA_OFFSET] != 0x06)
  1030. return -EINVAL;
  1031. /* Check if the CSS Header version is ECDSA(0x00020000) */
  1032. css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET);
  1033. if (css_header_ver != 0x00020000) {
  1034. bt_dev_err(hdev, "Invalid CSS Header version");
  1035. return -EINVAL;
  1036. }
  1037. if (sbe_type == 0x00) {
  1038. err = btintel_sfi_rsa_header_secure_send(hdev, fw);
  1039. if (err)
  1040. return err;
  1041. err = btintel_download_firmware_payload(hdev, fw,
  1042. RSA_HEADER_LEN + ECDSA_HEADER_LEN);
  1043. if (err)
  1044. return err;
  1045. } else if (sbe_type == 0x01) {
  1046. err = btintel_sfi_ecdsa_header_secure_send(hdev, fw);
  1047. if (err)
  1048. return err;
  1049. err = btintel_download_firmware_payload(hdev, fw,
  1050. RSA_HEADER_LEN + ECDSA_HEADER_LEN);
  1051. if (err)
  1052. return err;
  1053. }
  1054. }
  1055. return 0;
  1056. }
  1057. static void btintel_reset_to_bootloader(struct hci_dev *hdev)
  1058. {
  1059. struct intel_reset params;
  1060. struct sk_buff *skb;
  1061. /* PCIe transport uses shared hardware reset mechanism for recovery
  1062. * which gets triggered in pcie *setup* function on error.
  1063. */
  1064. if (hdev->bus == HCI_PCI)
  1065. return;
  1066. /* Send Intel Reset command. This will result in
  1067. * re-enumeration of BT controller.
  1068. *
  1069. * Intel Reset parameter description:
  1070. * reset_type : 0x00 (Soft reset),
  1071. * 0x01 (Hard reset)
  1072. * patch_enable : 0x00 (Do not enable),
  1073. * 0x01 (Enable)
  1074. * ddc_reload : 0x00 (Do not reload),
  1075. * 0x01 (Reload)
  1076. * boot_option: 0x00 (Current image),
  1077. * 0x01 (Specified boot address)
  1078. * boot_param: Boot address
  1079. *
  1080. */
  1081. params.reset_type = 0x01;
  1082. params.patch_enable = 0x01;
  1083. params.ddc_reload = 0x01;
  1084. params.boot_option = 0x00;
  1085. params.boot_param = cpu_to_le32(0x00000000);
  1086. skb = __hci_cmd_sync(hdev, BTINTEL_HCI_OP_RESET, sizeof(params),
  1087. &params, HCI_INIT_TIMEOUT);
  1088. if (IS_ERR(skb)) {
  1089. bt_dev_err(hdev, "FW download error recovery failed (%ld)",
  1090. PTR_ERR(skb));
  1091. return;
  1092. }
  1093. bt_dev_info(hdev, "Intel reset sent to retry FW download");
  1094. kfree_skb(skb);
  1095. /* Current Intel BT controllers(ThP/JfP) hold the USB reset
  1096. * lines for 2ms when it receives Intel Reset in bootloader mode.
  1097. * Whereas, the upcoming Intel BT controllers will hold USB reset
  1098. * for 150ms. To keep the delay generic, 150ms is chosen here.
  1099. */
  1100. msleep(150);
  1101. }
  1102. static int btintel_read_debug_features(struct hci_dev *hdev,
  1103. struct intel_debug_features *features)
  1104. {
  1105. struct sk_buff *skb;
  1106. u8 page_no = 1;
  1107. /* Intel controller supports two pages, each page is of 128-bit
  1108. * feature bit mask. And each bit defines specific feature support
  1109. */
  1110. skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no,
  1111. HCI_INIT_TIMEOUT);
  1112. if (IS_ERR(skb)) {
  1113. bt_dev_err(hdev, "Reading supported features failed (%ld)",
  1114. PTR_ERR(skb));
  1115. return PTR_ERR(skb);
  1116. }
  1117. if (skb->len != (sizeof(features->page1) + 3)) {
  1118. bt_dev_err(hdev, "Supported features event size mismatch");
  1119. kfree_skb(skb);
  1120. return -EILSEQ;
  1121. }
  1122. memcpy(features->page1, skb->data + 3, sizeof(features->page1));
  1123. /* Read the supported features page2 if required in future.
  1124. */
  1125. kfree_skb(skb);
  1126. return 0;
  1127. }
  1128. static int btintel_set_debug_features(struct hci_dev *hdev,
  1129. const struct intel_debug_features *features)
  1130. {
  1131. u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00,
  1132. 0x00, 0x00, 0x00 };
  1133. u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 };
  1134. u8 trace_enable = 0x02;
  1135. struct sk_buff *skb;
  1136. if (!features) {
  1137. bt_dev_warn(hdev, "Debug features not read");
  1138. return -EINVAL;
  1139. }
  1140. if (!(features->page1[0] & 0x3f)) {
  1141. bt_dev_info(hdev, "Telemetry exception format not supported");
  1142. return 0;
  1143. }
  1144. skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
  1145. if (IS_ERR(skb)) {
  1146. bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
  1147. PTR_ERR(skb));
  1148. return PTR_ERR(skb);
  1149. }
  1150. kfree_skb(skb);
  1151. skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT);
  1152. if (IS_ERR(skb)) {
  1153. bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)",
  1154. PTR_ERR(skb));
  1155. return PTR_ERR(skb);
  1156. }
  1157. kfree_skb(skb);
  1158. skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
  1159. if (IS_ERR(skb)) {
  1160. bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)",
  1161. PTR_ERR(skb));
  1162. return PTR_ERR(skb);
  1163. }
  1164. kfree_skb(skb);
  1165. bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x",
  1166. trace_enable, mask[3]);
  1167. return 0;
  1168. }
  1169. static int btintel_reset_debug_features(struct hci_dev *hdev,
  1170. const struct intel_debug_features *features)
  1171. {
  1172. u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
  1173. 0x00, 0x00, 0x00 };
  1174. u8 trace_enable = 0x00;
  1175. struct sk_buff *skb;
  1176. if (!features) {
  1177. bt_dev_warn(hdev, "Debug features not read");
  1178. return -EINVAL;
  1179. }
  1180. if (!(features->page1[0] & 0x3f)) {
  1181. bt_dev_info(hdev, "Telemetry exception format not supported");
  1182. return 0;
  1183. }
  1184. /* Should stop the trace before writing ddc event mask. */
  1185. skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
  1186. if (IS_ERR(skb)) {
  1187. bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)",
  1188. PTR_ERR(skb));
  1189. return PTR_ERR(skb);
  1190. }
  1191. kfree_skb(skb);
  1192. skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
  1193. if (IS_ERR(skb)) {
  1194. bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
  1195. PTR_ERR(skb));
  1196. return PTR_ERR(skb);
  1197. }
  1198. kfree_skb(skb);
  1199. bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x",
  1200. trace_enable, mask[3]);
  1201. return 0;
  1202. }
  1203. int btintel_set_quality_report(struct hci_dev *hdev, bool enable)
  1204. {
  1205. struct intel_debug_features features;
  1206. int err;
  1207. bt_dev_dbg(hdev, "enable %d", enable);
  1208. /* Read the Intel supported features and if new exception formats
  1209. * supported, need to load the additional DDC config to enable.
  1210. */
  1211. err = btintel_read_debug_features(hdev, &features);
  1212. if (err)
  1213. return err;
  1214. /* Set or reset the debug features. */
  1215. if (enable)
  1216. err = btintel_set_debug_features(hdev, &features);
  1217. else
  1218. err = btintel_reset_debug_features(hdev, &features);
  1219. return err;
  1220. }
  1221. EXPORT_SYMBOL_GPL(btintel_set_quality_report);
  1222. static void btintel_coredump(struct hci_dev *hdev)
  1223. {
  1224. struct sk_buff *skb;
  1225. skb = __hci_cmd_sync(hdev, 0xfc4e, 0, NULL, HCI_CMD_TIMEOUT);
  1226. if (IS_ERR(skb)) {
  1227. bt_dev_err(hdev, "Coredump failed (%ld)", PTR_ERR(skb));
  1228. return;
  1229. }
  1230. kfree_skb(skb);
  1231. }
  1232. static void btintel_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
  1233. {
  1234. char buf[80];
  1235. snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
  1236. coredump_info.hw_variant);
  1237. skb_put_data(skb, buf, strlen(buf));
  1238. snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
  1239. coredump_info.fw_build_num);
  1240. skb_put_data(skb, buf, strlen(buf));
  1241. snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info.driver_name);
  1242. skb_put_data(skb, buf, strlen(buf));
  1243. snprintf(buf, sizeof(buf), "Vendor: Intel\n");
  1244. skb_put_data(skb, buf, strlen(buf));
  1245. }
  1246. static int btintel_register_devcoredump_support(struct hci_dev *hdev)
  1247. {
  1248. struct intel_debug_features features;
  1249. int err;
  1250. err = btintel_read_debug_features(hdev, &features);
  1251. if (err) {
  1252. bt_dev_info(hdev, "Error reading debug features");
  1253. return err;
  1254. }
  1255. if (!(features.page1[0] & 0x3f)) {
  1256. bt_dev_dbg(hdev, "Telemetry exception format not supported");
  1257. return -EOPNOTSUPP;
  1258. }
  1259. hci_devcd_register(hdev, btintel_coredump, btintel_dmp_hdr, NULL);
  1260. return err;
  1261. }
  1262. static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev,
  1263. struct intel_version *ver)
  1264. {
  1265. const struct firmware *fw;
  1266. char fwname[64];
  1267. int ret;
  1268. snprintf(fwname, sizeof(fwname),
  1269. "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
  1270. ver->hw_platform, ver->hw_variant, ver->hw_revision,
  1271. ver->fw_variant, ver->fw_revision, ver->fw_build_num,
  1272. ver->fw_build_ww, ver->fw_build_yy);
  1273. ret = request_firmware(&fw, fwname, &hdev->dev);
  1274. if (ret < 0) {
  1275. if (ret == -EINVAL) {
  1276. bt_dev_err(hdev, "Intel firmware file request failed (%d)",
  1277. ret);
  1278. return NULL;
  1279. }
  1280. bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
  1281. fwname, ret);
  1282. /* If the correct firmware patch file is not found, use the
  1283. * default firmware patch file instead
  1284. */
  1285. snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
  1286. ver->hw_platform, ver->hw_variant);
  1287. if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
  1288. bt_dev_err(hdev, "failed to open default fw file: %s",
  1289. fwname);
  1290. return NULL;
  1291. }
  1292. }
  1293. bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
  1294. return fw;
  1295. }
  1296. static int btintel_legacy_rom_patching(struct hci_dev *hdev,
  1297. const struct firmware *fw,
  1298. const u8 **fw_ptr, int *disable_patch)
  1299. {
  1300. struct sk_buff *skb;
  1301. struct hci_command_hdr *cmd;
  1302. const u8 *cmd_param;
  1303. struct hci_event_hdr *evt = NULL;
  1304. const u8 *evt_param = NULL;
  1305. int remain = fw->size - (*fw_ptr - fw->data);
  1306. /* The first byte indicates the types of the patch command or event.
  1307. * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
  1308. * in the current firmware buffer doesn't start with 0x01 or
  1309. * the size of remain buffer is smaller than HCI command header,
  1310. * the firmware file is corrupted and it should stop the patching
  1311. * process.
  1312. */
  1313. if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
  1314. bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
  1315. return -EINVAL;
  1316. }
  1317. (*fw_ptr)++;
  1318. remain--;
  1319. cmd = (struct hci_command_hdr *)(*fw_ptr);
  1320. *fw_ptr += sizeof(*cmd);
  1321. remain -= sizeof(*cmd);
  1322. /* Ensure that the remain firmware data is long enough than the length
  1323. * of command parameter. If not, the firmware file is corrupted.
  1324. */
  1325. if (remain < cmd->plen) {
  1326. bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
  1327. return -EFAULT;
  1328. }
  1329. /* If there is a command that loads a patch in the firmware
  1330. * file, then enable the patch upon success, otherwise just
  1331. * disable the manufacturer mode, for example patch activation
  1332. * is not required when the default firmware patch file is used
  1333. * because there are no patch data to load.
  1334. */
  1335. if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
  1336. *disable_patch = 0;
  1337. cmd_param = *fw_ptr;
  1338. *fw_ptr += cmd->plen;
  1339. remain -= cmd->plen;
  1340. /* This reads the expected events when the above command is sent to the
  1341. * device. Some vendor commands expects more than one events, for
  1342. * example command status event followed by vendor specific event.
  1343. * For this case, it only keeps the last expected event. so the command
  1344. * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
  1345. * last expected event.
  1346. */
  1347. while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
  1348. (*fw_ptr)++;
  1349. remain--;
  1350. evt = (struct hci_event_hdr *)(*fw_ptr);
  1351. *fw_ptr += sizeof(*evt);
  1352. remain -= sizeof(*evt);
  1353. if (remain < evt->plen) {
  1354. bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
  1355. return -EFAULT;
  1356. }
  1357. evt_param = *fw_ptr;
  1358. *fw_ptr += evt->plen;
  1359. remain -= evt->plen;
  1360. }
  1361. /* Every HCI commands in the firmware file has its correspond event.
  1362. * If event is not found or remain is smaller than zero, the firmware
  1363. * file is corrupted.
  1364. */
  1365. if (!evt || !evt_param || remain < 0) {
  1366. bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
  1367. return -EFAULT;
  1368. }
  1369. skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
  1370. cmd_param, evt->evt, HCI_INIT_TIMEOUT);
  1371. if (IS_ERR(skb)) {
  1372. bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
  1373. cmd->opcode, PTR_ERR(skb));
  1374. return PTR_ERR(skb);
  1375. }
  1376. /* It ensures that the returned event matches the event data read from
  1377. * the firmware file. At fist, it checks the length and then
  1378. * the contents of the event.
  1379. */
  1380. if (skb->len != evt->plen) {
  1381. bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
  1382. le16_to_cpu(cmd->opcode));
  1383. kfree_skb(skb);
  1384. return -EFAULT;
  1385. }
  1386. if (memcmp(skb->data, evt_param, evt->plen)) {
  1387. bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
  1388. le16_to_cpu(cmd->opcode));
  1389. kfree_skb(skb);
  1390. return -EFAULT;
  1391. }
  1392. kfree_skb(skb);
  1393. return 0;
  1394. }
  1395. static int btintel_legacy_rom_setup(struct hci_dev *hdev,
  1396. struct intel_version *ver)
  1397. {
  1398. const struct firmware *fw;
  1399. const u8 *fw_ptr;
  1400. int disable_patch, err;
  1401. struct intel_version new_ver;
  1402. BT_DBG("%s", hdev->name);
  1403. /* fw_patch_num indicates the version of patch the device currently
  1404. * have. If there is no patch data in the device, it is always 0x00.
  1405. * So, if it is other than 0x00, no need to patch the device again.
  1406. */
  1407. if (ver->fw_patch_num) {
  1408. bt_dev_info(hdev,
  1409. "Intel device is already patched. patch num: %02x",
  1410. ver->fw_patch_num);
  1411. goto complete;
  1412. }
  1413. /* Opens the firmware patch file based on the firmware version read
  1414. * from the controller. If it fails to open the matching firmware
  1415. * patch file, it tries to open the default firmware patch file.
  1416. * If no patch file is found, allow the device to operate without
  1417. * a patch.
  1418. */
  1419. fw = btintel_legacy_rom_get_fw(hdev, ver);
  1420. if (!fw)
  1421. goto complete;
  1422. fw_ptr = fw->data;
  1423. /* Enable the manufacturer mode of the controller.
  1424. * Only while this mode is enabled, the driver can download the
  1425. * firmware patch data and configuration parameters.
  1426. */
  1427. err = btintel_enter_mfg(hdev);
  1428. if (err) {
  1429. release_firmware(fw);
  1430. return err;
  1431. }
  1432. disable_patch = 1;
  1433. /* The firmware data file consists of list of Intel specific HCI
  1434. * commands and its expected events. The first byte indicates the
  1435. * type of the message, either HCI command or HCI event.
  1436. *
  1437. * It reads the command and its expected event from the firmware file,
  1438. * and send to the controller. Once __hci_cmd_sync_ev() returns,
  1439. * the returned event is compared with the event read from the firmware
  1440. * file and it will continue until all the messages are downloaded to
  1441. * the controller.
  1442. *
  1443. * Once the firmware patching is completed successfully,
  1444. * the manufacturer mode is disabled with reset and activating the
  1445. * downloaded patch.
  1446. *
  1447. * If the firmware patching fails, the manufacturer mode is
  1448. * disabled with reset and deactivating the patch.
  1449. *
  1450. * If the default patch file is used, no reset is done when disabling
  1451. * the manufacturer.
  1452. */
  1453. while (fw->size > fw_ptr - fw->data) {
  1454. int ret;
  1455. ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr,
  1456. &disable_patch);
  1457. if (ret < 0)
  1458. goto exit_mfg_deactivate;
  1459. }
  1460. release_firmware(fw);
  1461. if (disable_patch)
  1462. goto exit_mfg_disable;
  1463. /* Patching completed successfully and disable the manufacturer mode
  1464. * with reset and activate the downloaded firmware patches.
  1465. */
  1466. err = btintel_exit_mfg(hdev, true, true);
  1467. if (err)
  1468. return err;
  1469. /* Need build number for downloaded fw patches in
  1470. * every power-on boot
  1471. */
  1472. err = btintel_read_version(hdev, &new_ver);
  1473. if (err)
  1474. return err;
  1475. bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
  1476. new_ver.fw_patch_num);
  1477. goto complete;
  1478. exit_mfg_disable:
  1479. /* Disable the manufacturer mode without reset */
  1480. err = btintel_exit_mfg(hdev, false, false);
  1481. if (err)
  1482. return err;
  1483. bt_dev_info(hdev, "Intel firmware patch completed");
  1484. goto complete;
  1485. exit_mfg_deactivate:
  1486. release_firmware(fw);
  1487. /* Patching failed. Disable the manufacturer mode with reset and
  1488. * deactivate the downloaded firmware patches.
  1489. */
  1490. err = btintel_exit_mfg(hdev, true, false);
  1491. if (err)
  1492. return err;
  1493. bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
  1494. complete:
  1495. /* Set the event mask for Intel specific vendor events. This enables
  1496. * a few extra events that are useful during general operation.
  1497. */
  1498. btintel_set_event_mask_mfg(hdev, false);
  1499. btintel_check_bdaddr(hdev);
  1500. return 0;
  1501. }
  1502. static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
  1503. {
  1504. ktime_t delta, rettime;
  1505. unsigned long long duration;
  1506. int err;
  1507. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1508. bt_dev_info(hdev, "Waiting for firmware download to complete");
  1509. err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING,
  1510. TASK_INTERRUPTIBLE,
  1511. msecs_to_jiffies(msec));
  1512. if (err == -EINTR) {
  1513. bt_dev_err(hdev, "Firmware loading interrupted");
  1514. return err;
  1515. }
  1516. if (err) {
  1517. bt_dev_err(hdev, "Firmware loading timeout");
  1518. return -ETIMEDOUT;
  1519. }
  1520. if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) {
  1521. bt_dev_err(hdev, "Firmware loading failed");
  1522. return -ENOEXEC;
  1523. }
  1524. rettime = ktime_get();
  1525. delta = ktime_sub(rettime, calltime);
  1526. duration = (unsigned long long)ktime_to_ns(delta) >> 10;
  1527. bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
  1528. return 0;
  1529. }
  1530. static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
  1531. {
  1532. ktime_t delta, rettime;
  1533. unsigned long long duration;
  1534. int err;
  1535. bt_dev_info(hdev, "Waiting for device to boot");
  1536. err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING,
  1537. TASK_INTERRUPTIBLE,
  1538. msecs_to_jiffies(msec));
  1539. if (err == -EINTR) {
  1540. bt_dev_err(hdev, "Device boot interrupted");
  1541. return -EINTR;
  1542. }
  1543. if (err) {
  1544. bt_dev_err(hdev, "Device boot timeout");
  1545. return -ETIMEDOUT;
  1546. }
  1547. rettime = ktime_get();
  1548. delta = ktime_sub(rettime, calltime);
  1549. duration = (unsigned long long) ktime_to_ns(delta) >> 10;
  1550. bt_dev_info(hdev, "Device booted in %llu usecs", duration);
  1551. return 0;
  1552. }
  1553. static int btintel_boot_wait_d0(struct hci_dev *hdev, ktime_t calltime,
  1554. int msec)
  1555. {
  1556. ktime_t delta, rettime;
  1557. unsigned long long duration;
  1558. int err;
  1559. bt_dev_info(hdev, "Waiting for device transition to d0");
  1560. err = btintel_wait_on_flag_timeout(hdev, INTEL_WAIT_FOR_D0,
  1561. TASK_INTERRUPTIBLE,
  1562. msecs_to_jiffies(msec));
  1563. if (err == -EINTR) {
  1564. bt_dev_err(hdev, "Device d0 move interrupted");
  1565. return -EINTR;
  1566. }
  1567. if (err) {
  1568. bt_dev_err(hdev, "Device d0 move timeout");
  1569. return -ETIMEDOUT;
  1570. }
  1571. rettime = ktime_get();
  1572. delta = ktime_sub(rettime, calltime);
  1573. duration = (unsigned long long)ktime_to_ns(delta) >> 10;
  1574. bt_dev_info(hdev, "Device moved to D0 in %llu usecs", duration);
  1575. return 0;
  1576. }
  1577. static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
  1578. {
  1579. ktime_t calltime;
  1580. int err;
  1581. calltime = ktime_get();
  1582. btintel_set_flag(hdev, INTEL_BOOTING);
  1583. btintel_set_flag(hdev, INTEL_WAIT_FOR_D0);
  1584. err = btintel_send_intel_reset(hdev, boot_addr);
  1585. if (err) {
  1586. bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
  1587. btintel_reset_to_bootloader(hdev);
  1588. return err;
  1589. }
  1590. /* The bootloader will not indicate when the device is ready. This
  1591. * is done by the operational firmware sending bootup notification.
  1592. *
  1593. * Booting into operational firmware should not take longer than
  1594. * 5 second. However if that happens, then just fail the setup
  1595. * since something went wrong.
  1596. */
  1597. err = btintel_boot_wait(hdev, calltime, 5000);
  1598. if (err == -ETIMEDOUT) {
  1599. btintel_reset_to_bootloader(hdev);
  1600. goto exit_error;
  1601. }
  1602. if (hdev->bus == HCI_PCI) {
  1603. /* In case of PCIe, after receiving bootup event, driver performs
  1604. * D0 entry by writing 0 to sleep control register (check
  1605. * btintel_pcie_recv_event())
  1606. * Firmware acks with alive interrupt indicating host is full ready to
  1607. * perform BT operation. Lets wait here till INTEL_WAIT_FOR_D0
  1608. * bit is cleared.
  1609. */
  1610. calltime = ktime_get();
  1611. err = btintel_boot_wait_d0(hdev, calltime, 2000);
  1612. }
  1613. exit_error:
  1614. return err;
  1615. }
  1616. static int btintel_get_fw_name(struct intel_version *ver,
  1617. struct intel_boot_params *params,
  1618. char *fw_name, size_t len,
  1619. const char *suffix)
  1620. {
  1621. switch (ver->hw_variant) {
  1622. case 0x0b: /* SfP */
  1623. case 0x0c: /* WsP */
  1624. snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
  1625. ver->hw_variant,
  1626. le16_to_cpu(params->dev_revid),
  1627. suffix);
  1628. break;
  1629. case 0x11: /* JfP */
  1630. case 0x12: /* ThP */
  1631. case 0x13: /* HrP */
  1632. case 0x14: /* CcP */
  1633. snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
  1634. ver->hw_variant,
  1635. ver->hw_revision,
  1636. ver->fw_revision,
  1637. suffix);
  1638. break;
  1639. default:
  1640. return -EINVAL;
  1641. }
  1642. return 0;
  1643. }
  1644. static int btintel_download_fw(struct hci_dev *hdev,
  1645. struct intel_version *ver,
  1646. struct intel_boot_params *params,
  1647. u32 *boot_param)
  1648. {
  1649. const struct firmware *fw;
  1650. char fwname[64];
  1651. int err;
  1652. ktime_t calltime;
  1653. if (!ver || !params)
  1654. return -EINVAL;
  1655. /* The firmware variant determines if the device is in bootloader
  1656. * mode or is running operational firmware. The value 0x06 identifies
  1657. * the bootloader and the value 0x23 identifies the operational
  1658. * firmware.
  1659. *
  1660. * When the operational firmware is already present, then only
  1661. * the check for valid Bluetooth device address is needed. This
  1662. * determines if the device will be added as configured or
  1663. * unconfigured controller.
  1664. *
  1665. * It is not possible to use the Secure Boot Parameters in this
  1666. * case since that command is only available in bootloader mode.
  1667. */
  1668. if (ver->fw_variant == 0x23) {
  1669. btintel_clear_flag(hdev, INTEL_BOOTLOADER);
  1670. btintel_check_bdaddr(hdev);
  1671. /* SfP and WsP don't seem to update the firmware version on file
  1672. * so version checking is currently possible.
  1673. */
  1674. switch (ver->hw_variant) {
  1675. case 0x0b: /* SfP */
  1676. case 0x0c: /* WsP */
  1677. return 0;
  1678. }
  1679. /* Proceed to download to check if the version matches */
  1680. goto download;
  1681. }
  1682. /* Read the secure boot parameters to identify the operating
  1683. * details of the bootloader.
  1684. */
  1685. err = btintel_read_boot_params(hdev, params);
  1686. if (err)
  1687. return err;
  1688. /* It is required that every single firmware fragment is acknowledged
  1689. * with a command complete event. If the boot parameters indicate
  1690. * that this bootloader does not send them, then abort the setup.
  1691. */
  1692. if (params->limited_cce != 0x00) {
  1693. bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
  1694. params->limited_cce);
  1695. return -EINVAL;
  1696. }
  1697. /* If the OTP has no valid Bluetooth device address, then there will
  1698. * also be no valid address for the operational firmware.
  1699. */
  1700. if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) {
  1701. bt_dev_info(hdev, "No device address configured");
  1702. hci_set_quirk(hdev, HCI_QUIRK_INVALID_BDADDR);
  1703. }
  1704. download:
  1705. /* With this Intel bootloader only the hardware variant and device
  1706. * revision information are used to select the right firmware for SfP
  1707. * and WsP.
  1708. *
  1709. * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
  1710. *
  1711. * Currently the supported hardware variants are:
  1712. * 11 (0x0b) for iBT3.0 (LnP/SfP)
  1713. * 12 (0x0c) for iBT3.5 (WsP)
  1714. *
  1715. * For ThP/JfP and for future SKU's, the FW name varies based on HW
  1716. * variant, HW revision and FW revision, as these are dependent on CNVi
  1717. * and RF Combination.
  1718. *
  1719. * 17 (0x11) for iBT3.5 (JfP)
  1720. * 18 (0x12) for iBT3.5 (ThP)
  1721. *
  1722. * The firmware file name for these will be
  1723. * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
  1724. *
  1725. */
  1726. err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi");
  1727. if (err < 0) {
  1728. if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
  1729. /* Firmware has already been loaded */
  1730. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1731. return 0;
  1732. }
  1733. bt_dev_err(hdev, "Unsupported Intel firmware naming");
  1734. return -EINVAL;
  1735. }
  1736. err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
  1737. if (err < 0) {
  1738. if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
  1739. /* Firmware has already been loaded */
  1740. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1741. return 0;
  1742. }
  1743. bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
  1744. fwname, err);
  1745. return err;
  1746. }
  1747. bt_dev_info(hdev, "Found device firmware: %s", fwname);
  1748. if (fw->size < 644) {
  1749. bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
  1750. fw->size);
  1751. err = -EBADF;
  1752. goto done;
  1753. }
  1754. calltime = ktime_get();
  1755. btintel_set_flag(hdev, INTEL_DOWNLOADING);
  1756. /* Start firmware downloading and get boot parameter */
  1757. err = btintel_download_firmware(hdev, ver, fw, boot_param);
  1758. if (err < 0) {
  1759. if (err == -EALREADY) {
  1760. /* Firmware has already been loaded */
  1761. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1762. err = 0;
  1763. goto done;
  1764. }
  1765. /* When FW download fails, send Intel Reset to retry
  1766. * FW download.
  1767. */
  1768. btintel_reset_to_bootloader(hdev);
  1769. goto done;
  1770. }
  1771. /* Before switching the device into operational mode and with that
  1772. * booting the loaded firmware, wait for the bootloader notification
  1773. * that all fragments have been successfully received.
  1774. *
  1775. * When the event processing receives the notification, then the
  1776. * INTEL_DOWNLOADING flag will be cleared.
  1777. *
  1778. * The firmware loading should not take longer than 5 seconds
  1779. * and thus just timeout if that happens and fail the setup
  1780. * of this device.
  1781. */
  1782. err = btintel_download_wait(hdev, calltime, 5000);
  1783. if (err == -ETIMEDOUT)
  1784. btintel_reset_to_bootloader(hdev);
  1785. done:
  1786. release_firmware(fw);
  1787. return err;
  1788. }
  1789. static int btintel_bootloader_setup(struct hci_dev *hdev,
  1790. struct intel_version *ver)
  1791. {
  1792. struct intel_version new_ver;
  1793. struct intel_boot_params params;
  1794. u32 boot_param;
  1795. char ddcname[64];
  1796. int err;
  1797. BT_DBG("%s", hdev->name);
  1798. /* Set the default boot parameter to 0x0 and it is updated to
  1799. * SKU specific boot parameter after reading Intel_Write_Boot_Params
  1800. * command while downloading the firmware.
  1801. */
  1802. boot_param = 0x00000000;
  1803. btintel_set_flag(hdev, INTEL_BOOTLOADER);
  1804. err = btintel_download_fw(hdev, ver, &params, &boot_param);
  1805. if (err)
  1806. return err;
  1807. /* controller is already having an operational firmware */
  1808. if (ver->fw_variant == 0x23)
  1809. goto finish;
  1810. err = btintel_boot(hdev, boot_param);
  1811. if (err)
  1812. return err;
  1813. btintel_clear_flag(hdev, INTEL_BOOTLOADER);
  1814. err = btintel_get_fw_name(ver, &params, ddcname,
  1815. sizeof(ddcname), "ddc");
  1816. if (err < 0) {
  1817. bt_dev_err(hdev, "Unsupported Intel firmware naming");
  1818. } else {
  1819. /* Once the device is running in operational mode, it needs to
  1820. * apply the device configuration (DDC) parameters.
  1821. *
  1822. * The device can work without DDC parameters, so even if it
  1823. * fails to load the file, no need to fail the setup.
  1824. */
  1825. btintel_load_ddc_config(hdev, ddcname);
  1826. }
  1827. hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
  1828. /* Read the Intel version information after loading the FW */
  1829. err = btintel_read_version(hdev, &new_ver);
  1830. if (err)
  1831. return err;
  1832. btintel_version_info(hdev, &new_ver);
  1833. finish:
  1834. /* Set the event mask for Intel specific vendor events. This enables
  1835. * a few extra events that are useful during general operation. It
  1836. * does not enable any debugging related events.
  1837. *
  1838. * The device will function correctly without these events enabled
  1839. * and thus no need to fail the setup.
  1840. */
  1841. btintel_set_event_mask(hdev, false);
  1842. return 0;
  1843. }
  1844. static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver,
  1845. char *fw_name, size_t len,
  1846. const char *suffix)
  1847. {
  1848. const char *format;
  1849. u32 cnvi, cnvr;
  1850. cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
  1851. INTEL_CNVX_TOP_STEP(ver->cnvi_top));
  1852. cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
  1853. INTEL_CNVX_TOP_STEP(ver->cnvr_top));
  1854. /* Only Blazar product supports downloading of intermediate loader
  1855. * image
  1856. */
  1857. if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e) {
  1858. u8 zero[BTINTEL_FWID_MAXLEN];
  1859. if (ver->img_type == BTINTEL_IMG_BOOTLOADER) {
  1860. format = "intel/ibt-%04x-%04x-iml.%s";
  1861. snprintf(fw_name, len, format, cnvi, cnvr, suffix);
  1862. return;
  1863. }
  1864. memset(zero, 0, sizeof(zero));
  1865. /* ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step-fw_id> */
  1866. if (memcmp(ver->fw_id, zero, sizeof(zero))) {
  1867. format = "intel/ibt-%04x-%04x-%s.%s";
  1868. snprintf(fw_name, len, format, cnvi, cnvr,
  1869. ver->fw_id, suffix);
  1870. return;
  1871. }
  1872. /* If firmware id is not present, fallback to legacy naming
  1873. * convention
  1874. */
  1875. }
  1876. /* Fallback to legacy naming convention for other controllers
  1877. * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step>
  1878. */
  1879. format = "intel/ibt-%04x-%04x.%s";
  1880. snprintf(fw_name, len, format, cnvi, cnvr, suffix);
  1881. }
  1882. static void btintel_get_iml_tlv(const struct intel_version_tlv *ver,
  1883. char *fw_name, size_t len,
  1884. const char *suffix)
  1885. {
  1886. const char *format;
  1887. u32 cnvi, cnvr;
  1888. cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
  1889. INTEL_CNVX_TOP_STEP(ver->cnvi_top));
  1890. cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
  1891. INTEL_CNVX_TOP_STEP(ver->cnvr_top));
  1892. format = "intel/ibt-%04x-%04x-iml.%s";
  1893. snprintf(fw_name, len, format, cnvi, cnvr, suffix);
  1894. }
  1895. static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
  1896. struct intel_version_tlv *ver,
  1897. u32 *boot_param)
  1898. {
  1899. const struct firmware *fw;
  1900. char fwname[128];
  1901. int err;
  1902. ktime_t calltime;
  1903. if (!ver || !boot_param)
  1904. return -EINVAL;
  1905. /* The firmware variant determines if the device is in bootloader
  1906. * mode or is running operational firmware. The value 0x03 identifies
  1907. * the bootloader and the value 0x23 identifies the operational
  1908. * firmware.
  1909. *
  1910. * When the operational firmware is already present, then only
  1911. * the check for valid Bluetooth device address is needed. This
  1912. * determines if the device will be added as configured or
  1913. * unconfigured controller.
  1914. *
  1915. * It is not possible to use the Secure Boot Parameters in this
  1916. * case since that command is only available in bootloader mode.
  1917. */
  1918. if (ver->img_type == BTINTEL_IMG_OP) {
  1919. btintel_clear_flag(hdev, INTEL_BOOTLOADER);
  1920. btintel_check_bdaddr(hdev);
  1921. } else {
  1922. /*
  1923. * Check for valid bd address in boot loader mode. Device
  1924. * will be marked as unconfigured if empty bd address is
  1925. * found.
  1926. */
  1927. if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) {
  1928. bt_dev_info(hdev, "No device address configured");
  1929. hci_set_quirk(hdev, HCI_QUIRK_INVALID_BDADDR);
  1930. }
  1931. }
  1932. if (ver->img_type == BTINTEL_IMG_OP) {
  1933. /* Controller running OP image. In case of FW downgrade,
  1934. * FWID TLV may not be present and driver may attempt to load
  1935. * firmware image which doesn't exist. Lets compare the version
  1936. * of IML image
  1937. */
  1938. if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e)
  1939. btintel_get_iml_tlv(ver, fwname, sizeof(fwname), "sfi");
  1940. else
  1941. btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
  1942. } else {
  1943. btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
  1944. }
  1945. err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
  1946. if (err < 0) {
  1947. if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
  1948. /* Firmware has already been loaded */
  1949. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1950. return 0;
  1951. }
  1952. bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
  1953. fwname, err);
  1954. return err;
  1955. }
  1956. bt_dev_info(hdev, "Found device firmware: %s", fwname);
  1957. if (fw->size < 644) {
  1958. bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
  1959. fw->size);
  1960. err = -EBADF;
  1961. goto done;
  1962. }
  1963. calltime = ktime_get();
  1964. btintel_set_flag(hdev, INTEL_DOWNLOADING);
  1965. /* Start firmware downloading and get boot parameter */
  1966. err = btintel_download_fw_tlv(hdev, ver, fw, boot_param,
  1967. INTEL_HW_VARIANT(ver->cnvi_bt),
  1968. ver->sbe_type);
  1969. if (err < 0) {
  1970. if (err == -EALREADY) {
  1971. /* Firmware has already been loaded */
  1972. btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
  1973. err = 0;
  1974. goto done;
  1975. }
  1976. /* When FW download fails, send Intel Reset to retry
  1977. * FW download.
  1978. */
  1979. btintel_reset_to_bootloader(hdev);
  1980. goto done;
  1981. }
  1982. /* Before switching the device into operational mode and with that
  1983. * booting the loaded firmware, wait for the bootloader notification
  1984. * that all fragments have been successfully received.
  1985. *
  1986. * When the event processing receives the notification, then the
  1987. * BTUSB_DOWNLOADING flag will be cleared.
  1988. *
  1989. * The firmware loading should not take longer than 5 seconds
  1990. * and thus just timeout if that happens and fail the setup
  1991. * of this device.
  1992. */
  1993. err = btintel_download_wait(hdev, calltime, 5000);
  1994. if (err == -ETIMEDOUT)
  1995. btintel_reset_to_bootloader(hdev);
  1996. done:
  1997. release_firmware(fw);
  1998. return err;
  1999. }
  2000. static int btintel_get_codec_config_data(struct hci_dev *hdev,
  2001. __u8 link, struct bt_codec *codec,
  2002. __u8 *ven_len, __u8 **ven_data)
  2003. {
  2004. int err = 0;
  2005. if (!ven_data || !ven_len)
  2006. return -EINVAL;
  2007. *ven_len = 0;
  2008. *ven_data = NULL;
  2009. if (link != ESCO_LINK) {
  2010. bt_dev_err(hdev, "Invalid link type(%u)", link);
  2011. return -EINVAL;
  2012. }
  2013. *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL);
  2014. if (!*ven_data) {
  2015. err = -ENOMEM;
  2016. goto error;
  2017. }
  2018. /* supports only CVSD and mSBC offload codecs */
  2019. switch (codec->id) {
  2020. case 0x02:
  2021. **ven_data = 0x00;
  2022. break;
  2023. case 0x05:
  2024. **ven_data = 0x01;
  2025. break;
  2026. default:
  2027. err = -EINVAL;
  2028. bt_dev_err(hdev, "Invalid codec id(%u)", codec->id);
  2029. goto error;
  2030. }
  2031. /* codec and its capabilities are pre-defined to ids
  2032. * preset id = 0x00 represents CVSD codec with sampling rate 8K
  2033. * preset id = 0x01 represents mSBC codec with sampling rate 16K
  2034. */
  2035. *ven_len = sizeof(__u8);
  2036. return err;
  2037. error:
  2038. kfree(*ven_data);
  2039. *ven_data = NULL;
  2040. return err;
  2041. }
  2042. static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
  2043. {
  2044. /* Intel uses 1 as data path id for all the usecases */
  2045. *data_path_id = 1;
  2046. return 0;
  2047. }
  2048. static int btintel_configure_offload(struct hci_dev *hdev)
  2049. {
  2050. struct sk_buff *skb;
  2051. int err = 0;
  2052. struct intel_offload_use_cases *use_cases;
  2053. skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT);
  2054. if (IS_ERR(skb)) {
  2055. bt_dev_err(hdev, "Reading offload use cases failed (%ld)",
  2056. PTR_ERR(skb));
  2057. return PTR_ERR(skb);
  2058. }
  2059. if (skb->len < sizeof(*use_cases)) {
  2060. err = -EIO;
  2061. goto error;
  2062. }
  2063. use_cases = (void *)skb->data;
  2064. if (use_cases->status) {
  2065. err = -bt_to_errno(skb->data[0]);
  2066. goto error;
  2067. }
  2068. if (use_cases->preset[0] & 0x03) {
  2069. hdev->get_data_path_id = btintel_get_data_path_id;
  2070. hdev->get_codec_config_data = btintel_get_codec_config_data;
  2071. }
  2072. error:
  2073. kfree_skb(skb);
  2074. return err;
  2075. }
  2076. static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver)
  2077. {
  2078. struct sk_buff *skb;
  2079. struct hci_ppag_enable_cmd ppag_cmd;
  2080. acpi_handle handle;
  2081. struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL};
  2082. union acpi_object *p, *elements;
  2083. u32 domain, mode;
  2084. acpi_status status;
  2085. /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */
  2086. switch (ver->cnvr_top & 0xFFF) {
  2087. case 0x504: /* Hrp2 */
  2088. case 0x202: /* Jfp2 */
  2089. case 0x201: /* Jfp1 */
  2090. bt_dev_dbg(hdev, "PPAG not supported for Intel CNVr (0x%3x)",
  2091. ver->cnvr_top & 0xFFF);
  2092. return;
  2093. }
  2094. handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
  2095. if (!handle) {
  2096. bt_dev_info(hdev, "No support for BT device in ACPI firmware");
  2097. return;
  2098. }
  2099. status = acpi_evaluate_object(handle, "PPAG", NULL, &buffer);
  2100. if (ACPI_FAILURE(status)) {
  2101. if (status == AE_NOT_FOUND) {
  2102. bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found");
  2103. return;
  2104. }
  2105. bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status));
  2106. return;
  2107. }
  2108. p = buffer.pointer;
  2109. if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) {
  2110. bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d",
  2111. p->type, p->package.count);
  2112. kfree(buffer.pointer);
  2113. return;
  2114. }
  2115. elements = p->package.elements;
  2116. /* PPAG table is located at element[1] */
  2117. p = &elements[1];
  2118. domain = (u32)p->package.elements[0].integer.value;
  2119. mode = (u32)p->package.elements[1].integer.value;
  2120. kfree(buffer.pointer);
  2121. if (domain != 0x12) {
  2122. bt_dev_dbg(hdev, "PPAG-BT: Bluetooth domain is disabled in ACPI firmware");
  2123. return;
  2124. }
  2125. /* PPAG mode
  2126. * BIT 0 : 0 Disabled in EU
  2127. * 1 Enabled in EU
  2128. * BIT 1 : 0 Disabled in China
  2129. * 1 Enabled in China
  2130. */
  2131. mode &= 0x03;
  2132. if (!mode) {
  2133. bt_dev_dbg(hdev, "PPAG-BT: EU, China mode are disabled in BIOS");
  2134. return;
  2135. }
  2136. ppag_cmd.ppag_enable_flags = cpu_to_le32(mode);
  2137. skb = __hci_cmd_sync(hdev, INTEL_OP_PPAG_CMD, sizeof(ppag_cmd),
  2138. &ppag_cmd, HCI_CMD_TIMEOUT);
  2139. if (IS_ERR(skb)) {
  2140. bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb));
  2141. return;
  2142. }
  2143. bt_dev_info(hdev, "PPAG-BT: Enabled (Mode %d)", mode);
  2144. kfree_skb(skb);
  2145. }
  2146. static int btintel_acpi_reset_method(struct hci_dev *hdev)
  2147. {
  2148. int ret = 0;
  2149. acpi_status status;
  2150. union acpi_object *p, *ref;
  2151. struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
  2152. status = acpi_evaluate_object(ACPI_HANDLE(GET_HCIDEV_DEV(hdev)), "_PRR", NULL, &buffer);
  2153. if (ACPI_FAILURE(status)) {
  2154. bt_dev_err(hdev, "Failed to run _PRR method");
  2155. ret = -ENODEV;
  2156. return ret;
  2157. }
  2158. p = buffer.pointer;
  2159. if (p->package.count != 1 || p->type != ACPI_TYPE_PACKAGE) {
  2160. bt_dev_err(hdev, "Invalid arguments");
  2161. ret = -EINVAL;
  2162. goto exit_on_error;
  2163. }
  2164. ref = &p->package.elements[0];
  2165. if (ref->type != ACPI_TYPE_LOCAL_REFERENCE) {
  2166. bt_dev_err(hdev, "Invalid object type: 0x%x", ref->type);
  2167. ret = -EINVAL;
  2168. goto exit_on_error;
  2169. }
  2170. status = acpi_evaluate_object(ref->reference.handle, "_RST", NULL, NULL);
  2171. if (ACPI_FAILURE(status)) {
  2172. bt_dev_err(hdev, "Failed to run_RST method");
  2173. ret = -ENODEV;
  2174. goto exit_on_error;
  2175. }
  2176. exit_on_error:
  2177. kfree(buffer.pointer);
  2178. return ret;
  2179. }
  2180. static void btintel_set_dsm_reset_method(struct hci_dev *hdev,
  2181. struct intel_version_tlv *ver_tlv)
  2182. {
  2183. struct btintel_data *data = hci_get_priv(hdev);
  2184. acpi_handle handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
  2185. u8 reset_payload[4] = {0x01, 0x00, 0x01, 0x00};
  2186. union acpi_object *obj, argv4;
  2187. enum {
  2188. RESET_TYPE_WDISABLE2,
  2189. RESET_TYPE_VSEC
  2190. };
  2191. handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
  2192. if (!handle) {
  2193. bt_dev_dbg(hdev, "No support for bluetooth device in ACPI firmware");
  2194. return;
  2195. }
  2196. if (!acpi_has_method(handle, "_PRR")) {
  2197. bt_dev_err(hdev, "No support for _PRR ACPI method");
  2198. return;
  2199. }
  2200. switch (ver_tlv->cnvi_top & 0xfff) {
  2201. case 0x910: /* GalePeak2 */
  2202. reset_payload[2] = RESET_TYPE_VSEC;
  2203. break;
  2204. default:
  2205. /* WDISABLE2 is the default reset method */
  2206. reset_payload[2] = RESET_TYPE_WDISABLE2;
  2207. if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
  2208. BIT(DSM_SET_WDISABLE2_DELAY))) {
  2209. bt_dev_err(hdev, "No dsm support to set reset delay");
  2210. return;
  2211. }
  2212. argv4.integer.type = ACPI_TYPE_INTEGER;
  2213. /* delay required to toggle BT power */
  2214. argv4.integer.value = 160;
  2215. obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
  2216. DSM_SET_WDISABLE2_DELAY, &argv4);
  2217. if (!obj) {
  2218. bt_dev_err(hdev, "Failed to call dsm to set reset delay");
  2219. return;
  2220. }
  2221. ACPI_FREE(obj);
  2222. }
  2223. bt_dev_info(hdev, "DSM reset method type: 0x%02x", reset_payload[2]);
  2224. if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
  2225. DSM_SET_RESET_METHOD)) {
  2226. bt_dev_warn(hdev, "No support for dsm to set reset method");
  2227. return;
  2228. }
  2229. argv4.buffer.type = ACPI_TYPE_BUFFER;
  2230. argv4.buffer.length = sizeof(reset_payload);
  2231. argv4.buffer.pointer = reset_payload;
  2232. obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
  2233. DSM_SET_RESET_METHOD, &argv4);
  2234. if (!obj) {
  2235. bt_dev_err(hdev, "Failed to call dsm to set reset method");
  2236. return;
  2237. }
  2238. ACPI_FREE(obj);
  2239. data->acpi_reset_method = btintel_acpi_reset_method;
  2240. }
  2241. #define BTINTEL_ISODATA_HANDLE_BASE 0x900
  2242. static u8 btintel_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb)
  2243. {
  2244. /*
  2245. * Distinguish ISO data packets form ACL data packets
  2246. * based on their connection handle value range.
  2247. */
  2248. if (iso_capable(hdev) && hci_skb_pkt_type(skb) == HCI_ACLDATA_PKT) {
  2249. __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle);
  2250. if (hci_handle(handle) >= BTINTEL_ISODATA_HANDLE_BASE)
  2251. return HCI_ISODATA_PKT;
  2252. }
  2253. return hci_skb_pkt_type(skb);
  2254. }
  2255. /*
  2256. * UefiCnvCommonDSBR UEFI variable provides information from the OEM platforms
  2257. * if they have replaced the BRI (Bluetooth Radio Interface) resistor to
  2258. * overcome the potential STEP errors on their designs. Based on the
  2259. * configauration, bluetooth firmware shall adjust the BRI response line drive
  2260. * strength. The below structure represents DSBR data.
  2261. * struct {
  2262. * u8 header;
  2263. * u32 dsbr;
  2264. * } __packed;
  2265. *
  2266. * header - defines revision number of the structure
  2267. * dsbr - defines drive strength BRI response
  2268. * bit0
  2269. * 0 - instructs bluetooth firmware to use default values
  2270. * 1 - instructs bluetooth firmware to override default values
  2271. * bit3:1
  2272. * Reserved
  2273. * bit7:4
  2274. * DSBR override values (only if bit0 is set. Default value is 0xF
  2275. * bit31:7
  2276. * Reserved
  2277. * Expected values for dsbr field:
  2278. * 1. 0xF1 - indicates that the resistor on board is 33 Ohm
  2279. * 2. 0x00 or 0xB1 - indicates that the resistor on board is 10 Ohm
  2280. * 3. Non existing UEFI variable or invalid (none of the above) - indicates
  2281. * that the resistor on board is 10 Ohm
  2282. * Even if uefi variable is not present, driver shall send 0xfc0a command to
  2283. * firmware to use default values.
  2284. *
  2285. */
  2286. static int btintel_uefi_get_dsbr(u32 *dsbr_var)
  2287. {
  2288. struct btintel_dsbr {
  2289. u8 header;
  2290. u32 dsbr;
  2291. } __packed data;
  2292. efi_status_t status;
  2293. unsigned long data_size = sizeof(data);
  2294. efi_guid_t guid = EFI_GUID(0xe65d8884, 0xd4af, 0x4b20, 0x8d, 0x03,
  2295. 0x77, 0x2e, 0xcc, 0x3d, 0xa5, 0x31);
  2296. if (!IS_ENABLED(CONFIG_EFI))
  2297. return -EOPNOTSUPP;
  2298. if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))
  2299. return -EOPNOTSUPP;
  2300. status = efi.get_variable(BTINTEL_EFI_DSBR, &guid, NULL, &data_size,
  2301. &data);
  2302. if (status != EFI_SUCCESS || data_size != sizeof(data))
  2303. return -ENXIO;
  2304. *dsbr_var = data.dsbr;
  2305. return 0;
  2306. }
  2307. static int btintel_set_dsbr(struct hci_dev *hdev, struct intel_version_tlv *ver)
  2308. {
  2309. struct btintel_dsbr_cmd {
  2310. u8 enable;
  2311. u8 dsbr;
  2312. } __packed;
  2313. struct btintel_dsbr_cmd cmd;
  2314. struct sk_buff *skb;
  2315. u32 dsbr, cnvi;
  2316. u8 status;
  2317. int err;
  2318. cnvi = ver->cnvi_top & 0xfff;
  2319. /* DSBR command needs to be sent for,
  2320. * 1. BlazarI or BlazarIW + B0 step product in IML image.
  2321. * 2. Gale Peak2 or BlazarU in OP image.
  2322. * 3. Scorpious Peak in IML image.
  2323. */
  2324. switch (cnvi) {
  2325. case BTINTEL_CNVI_BLAZARI:
  2326. case BTINTEL_CNVI_BLAZARIW:
  2327. if (ver->img_type == BTINTEL_IMG_IML &&
  2328. INTEL_CNVX_TOP_STEP(ver->cnvi_top) == 0x01)
  2329. break;
  2330. return 0;
  2331. case BTINTEL_CNVI_GAP:
  2332. case BTINTEL_CNVI_BLAZARU:
  2333. if (ver->img_type == BTINTEL_IMG_OP &&
  2334. hdev->bus == HCI_USB)
  2335. break;
  2336. return 0;
  2337. case BTINTEL_CNVI_SCP:
  2338. if (ver->img_type == BTINTEL_IMG_IML)
  2339. break;
  2340. return 0;
  2341. default:
  2342. return 0;
  2343. }
  2344. dsbr = 0;
  2345. err = btintel_uefi_get_dsbr(&dsbr);
  2346. if (err < 0)
  2347. bt_dev_dbg(hdev, "Error reading efi: %ls (%d)",
  2348. BTINTEL_EFI_DSBR, err);
  2349. cmd.enable = dsbr & BIT(0);
  2350. cmd.dsbr = dsbr >> 4 & 0xF;
  2351. bt_dev_info(hdev, "dsbr: enable: 0x%2.2x value: 0x%2.2x", cmd.enable,
  2352. cmd.dsbr);
  2353. skb = __hci_cmd_sync(hdev, 0xfc0a, sizeof(cmd), &cmd, HCI_CMD_TIMEOUT);
  2354. if (IS_ERR(skb))
  2355. return -bt_to_errno(PTR_ERR(skb));
  2356. status = skb->data[0];
  2357. kfree_skb(skb);
  2358. if (status)
  2359. return -bt_to_errno(status);
  2360. return 0;
  2361. }
  2362. #ifdef CONFIG_ACPI
  2363. static acpi_status btintel_evaluate_acpi_method(struct hci_dev *hdev,
  2364. acpi_string method,
  2365. union acpi_object **ptr,
  2366. u8 pkg_size)
  2367. {
  2368. struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
  2369. union acpi_object *p;
  2370. acpi_status status;
  2371. acpi_handle handle;
  2372. handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
  2373. if (!handle) {
  2374. bt_dev_dbg(hdev, "ACPI-BT: No ACPI support for Bluetooth device");
  2375. return AE_NOT_EXIST;
  2376. }
  2377. status = acpi_evaluate_object(handle, method, NULL, &buffer);
  2378. if (ACPI_FAILURE(status)) {
  2379. bt_dev_dbg(hdev, "ACPI-BT: ACPI Failure: %s method: %s",
  2380. acpi_format_exception(status), method);
  2381. return status;
  2382. }
  2383. p = buffer.pointer;
  2384. if (p->type != ACPI_TYPE_PACKAGE || p->package.count < pkg_size) {
  2385. bt_dev_warn(hdev, "ACPI-BT: Invalid object type: %d or package count: %d",
  2386. p->type, p->package.count);
  2387. kfree(buffer.pointer);
  2388. return AE_ERROR;
  2389. }
  2390. *ptr = buffer.pointer;
  2391. return 0;
  2392. }
  2393. static union acpi_object *btintel_acpi_get_bt_pkg(union acpi_object *buffer)
  2394. {
  2395. union acpi_object *domain, *bt_pkg;
  2396. int i;
  2397. for (i = 1; i < buffer->package.count; i++) {
  2398. bt_pkg = &buffer->package.elements[i];
  2399. domain = &bt_pkg->package.elements[0];
  2400. if (domain->type == ACPI_TYPE_INTEGER &&
  2401. domain->integer.value == BTINTEL_BT_DOMAIN)
  2402. return bt_pkg;
  2403. }
  2404. return ERR_PTR(-ENOENT);
  2405. }
  2406. static int btintel_send_sar_ddc(struct hci_dev *hdev, struct btintel_cp_ddc_write *data, u8 len)
  2407. {
  2408. struct sk_buff *skb;
  2409. skb = __hci_cmd_sync(hdev, 0xfc8b, len, data, HCI_CMD_TIMEOUT);
  2410. if (IS_ERR(skb)) {
  2411. bt_dev_warn(hdev, "Failed to send sar ddc id:0x%4.4x (%ld)",
  2412. le16_to_cpu(data->id), PTR_ERR(skb));
  2413. return PTR_ERR(skb);
  2414. }
  2415. kfree_skb(skb);
  2416. return 0;
  2417. }
  2418. static int btintel_send_edr(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2419. int id, struct btintel_sar_inc_pwr *sar)
  2420. {
  2421. cmd->len = 5;
  2422. cmd->id = cpu_to_le16(id);
  2423. cmd->data[0] = sar->br >> 3;
  2424. cmd->data[1] = sar->edr2 >> 3;
  2425. cmd->data[2] = sar->edr3 >> 3;
  2426. return btintel_send_sar_ddc(hdev, cmd, 6);
  2427. }
  2428. static int btintel_send_le(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2429. int id, struct btintel_sar_inc_pwr *sar)
  2430. {
  2431. cmd->len = 3;
  2432. cmd->id = cpu_to_le16(id);
  2433. cmd->data[0] = min3(sar->le, sar->le_lr, sar->le_2mhz) >> 3;
  2434. return btintel_send_sar_ddc(hdev, cmd, 4);
  2435. }
  2436. static int btintel_send_br(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2437. int id, struct btintel_sar_inc_pwr *sar)
  2438. {
  2439. cmd->len = 3;
  2440. cmd->id = cpu_to_le16(id);
  2441. cmd->data[0] = sar->br >> 3;
  2442. return btintel_send_sar_ddc(hdev, cmd, 4);
  2443. }
  2444. static int btintel_send_br_mutual(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2445. int id, struct btintel_sar_inc_pwr *sar)
  2446. {
  2447. cmd->len = 3;
  2448. cmd->id = cpu_to_le16(id);
  2449. cmd->data[0] = sar->br;
  2450. return btintel_send_sar_ddc(hdev, cmd, 4);
  2451. }
  2452. static int btintel_send_edr2(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2453. int id, struct btintel_sar_inc_pwr *sar)
  2454. {
  2455. cmd->len = 3;
  2456. cmd->id = cpu_to_le16(id);
  2457. cmd->data[0] = sar->edr2;
  2458. return btintel_send_sar_ddc(hdev, cmd, 4);
  2459. }
  2460. static int btintel_send_edr3(struct hci_dev *hdev, struct btintel_cp_ddc_write *cmd,
  2461. int id, struct btintel_sar_inc_pwr *sar)
  2462. {
  2463. cmd->len = 3;
  2464. cmd->id = cpu_to_le16(id);
  2465. cmd->data[0] = sar->edr3;
  2466. return btintel_send_sar_ddc(hdev, cmd, 4);
  2467. }
  2468. static int btintel_set_legacy_sar(struct hci_dev *hdev, struct btintel_sar_inc_pwr *sar)
  2469. {
  2470. struct btintel_cp_ddc_write *cmd;
  2471. u8 buffer[64];
  2472. int ret;
  2473. cmd = (void *)buffer;
  2474. ret = btintel_send_br(hdev, cmd, 0x0131, sar);
  2475. if (ret)
  2476. return ret;
  2477. ret = btintel_send_br(hdev, cmd, 0x0132, sar);
  2478. if (ret)
  2479. return ret;
  2480. ret = btintel_send_le(hdev, cmd, 0x0133, sar);
  2481. if (ret)
  2482. return ret;
  2483. ret = btintel_send_edr(hdev, cmd, 0x0137, sar);
  2484. if (ret)
  2485. return ret;
  2486. ret = btintel_send_edr(hdev, cmd, 0x0138, sar);
  2487. if (ret)
  2488. return ret;
  2489. ret = btintel_send_edr(hdev, cmd, 0x013b, sar);
  2490. if (ret)
  2491. return ret;
  2492. ret = btintel_send_edr(hdev, cmd, 0x013c, sar);
  2493. return ret;
  2494. }
  2495. static int btintel_set_mutual_sar(struct hci_dev *hdev, struct btintel_sar_inc_pwr *sar)
  2496. {
  2497. struct btintel_cp_ddc_write *cmd;
  2498. struct sk_buff *skb;
  2499. u8 buffer[64];
  2500. bool enable;
  2501. int ret;
  2502. cmd = (void *)buffer;
  2503. cmd->len = 3;
  2504. cmd->id = cpu_to_le16(0x019e);
  2505. if (sar->revision == BTINTEL_SAR_INC_PWR &&
  2506. sar->inc_power_mode == BTINTEL_SAR_INC_PWR_SUPPORTED)
  2507. cmd->data[0] = 0x01;
  2508. else
  2509. cmd->data[0] = 0x00;
  2510. ret = btintel_send_sar_ddc(hdev, cmd, 4);
  2511. if (ret)
  2512. return ret;
  2513. if (sar->revision == BTINTEL_SAR_INC_PWR &&
  2514. sar->inc_power_mode == BTINTEL_SAR_INC_PWR_SUPPORTED) {
  2515. cmd->len = 3;
  2516. cmd->id = cpu_to_le16(0x019f);
  2517. cmd->data[0] = sar->sar_2400_chain_a;
  2518. ret = btintel_send_sar_ddc(hdev, cmd, 4);
  2519. if (ret)
  2520. return ret;
  2521. }
  2522. ret = btintel_send_br_mutual(hdev, cmd, 0x01a0, sar);
  2523. if (ret)
  2524. return ret;
  2525. ret = btintel_send_edr2(hdev, cmd, 0x01a1, sar);
  2526. if (ret)
  2527. return ret;
  2528. ret = btintel_send_edr3(hdev, cmd, 0x01a2, sar);
  2529. if (ret)
  2530. return ret;
  2531. ret = btintel_send_le(hdev, cmd, 0x01a3, sar);
  2532. if (ret)
  2533. return ret;
  2534. enable = true;
  2535. skb = __hci_cmd_sync(hdev, 0xfe25, 1, &enable, HCI_CMD_TIMEOUT);
  2536. if (IS_ERR(skb)) {
  2537. bt_dev_warn(hdev, "Failed to send Intel SAR Enable (%ld)", PTR_ERR(skb));
  2538. return PTR_ERR(skb);
  2539. }
  2540. kfree_skb(skb);
  2541. return 0;
  2542. }
  2543. static int btintel_sar_send_to_device(struct hci_dev *hdev, struct btintel_sar_inc_pwr *sar,
  2544. struct intel_version_tlv *ver)
  2545. {
  2546. u16 cnvi, cnvr;
  2547. int ret;
  2548. cnvi = ver->cnvi_top & 0xfff;
  2549. cnvr = ver->cnvr_top & 0xfff;
  2550. if (cnvi < BTINTEL_CNVI_BLAZARI && cnvr < BTINTEL_CNVR_FMP2) {
  2551. bt_dev_info(hdev, "Applying legacy Bluetooth SAR");
  2552. ret = btintel_set_legacy_sar(hdev, sar);
  2553. } else if (cnvi == BTINTEL_CNVI_GAP || cnvr == BTINTEL_CNVR_FMP2) {
  2554. bt_dev_info(hdev, "Applying mutual Bluetooth SAR");
  2555. ret = btintel_set_mutual_sar(hdev, sar);
  2556. } else {
  2557. ret = -EOPNOTSUPP;
  2558. }
  2559. return ret;
  2560. }
  2561. static int btintel_acpi_set_sar(struct hci_dev *hdev, struct intel_version_tlv *ver)
  2562. {
  2563. union acpi_object *bt_pkg, *buffer = NULL;
  2564. struct btintel_sar_inc_pwr sar;
  2565. acpi_status status;
  2566. u8 revision;
  2567. int ret;
  2568. status = btintel_evaluate_acpi_method(hdev, "BRDS", &buffer, 2);
  2569. if (ACPI_FAILURE(status))
  2570. return -ENOENT;
  2571. bt_pkg = btintel_acpi_get_bt_pkg(buffer);
  2572. if (IS_ERR(bt_pkg)) {
  2573. ret = PTR_ERR(bt_pkg);
  2574. goto error;
  2575. }
  2576. if (!bt_pkg->package.count) {
  2577. ret = -EINVAL;
  2578. goto error;
  2579. }
  2580. revision = buffer->package.elements[0].integer.value;
  2581. if (revision > BTINTEL_SAR_INC_PWR) {
  2582. bt_dev_dbg(hdev, "BT_SAR: revision: 0x%2.2x not supported", revision);
  2583. ret = -EOPNOTSUPP;
  2584. goto error;
  2585. }
  2586. memset(&sar, 0, sizeof(sar));
  2587. if (revision == BTINTEL_SAR_LEGACY && bt_pkg->package.count == 8) {
  2588. sar.revision = revision;
  2589. sar.bt_sar_bios = bt_pkg->package.elements[1].integer.value;
  2590. sar.br = bt_pkg->package.elements[2].integer.value;
  2591. sar.edr2 = bt_pkg->package.elements[3].integer.value;
  2592. sar.edr3 = bt_pkg->package.elements[4].integer.value;
  2593. sar.le = bt_pkg->package.elements[5].integer.value;
  2594. sar.le_2mhz = bt_pkg->package.elements[6].integer.value;
  2595. sar.le_lr = bt_pkg->package.elements[7].integer.value;
  2596. } else if (revision == BTINTEL_SAR_INC_PWR && bt_pkg->package.count == 10) {
  2597. sar.revision = revision;
  2598. sar.bt_sar_bios = bt_pkg->package.elements[1].integer.value;
  2599. sar.inc_power_mode = bt_pkg->package.elements[2].integer.value;
  2600. sar.sar_2400_chain_a = bt_pkg->package.elements[3].integer.value;
  2601. sar.br = bt_pkg->package.elements[4].integer.value;
  2602. sar.edr2 = bt_pkg->package.elements[5].integer.value;
  2603. sar.edr3 = bt_pkg->package.elements[6].integer.value;
  2604. sar.le = bt_pkg->package.elements[7].integer.value;
  2605. sar.le_2mhz = bt_pkg->package.elements[8].integer.value;
  2606. sar.le_lr = bt_pkg->package.elements[9].integer.value;
  2607. } else {
  2608. ret = -EINVAL;
  2609. goto error;
  2610. }
  2611. /* Apply only if it is enabled in BIOS */
  2612. if (sar.bt_sar_bios != 1) {
  2613. bt_dev_dbg(hdev, "Bluetooth SAR is not enabled");
  2614. ret = -EOPNOTSUPP;
  2615. goto error;
  2616. }
  2617. ret = btintel_sar_send_to_device(hdev, &sar, ver);
  2618. error:
  2619. kfree(buffer);
  2620. return ret;
  2621. }
  2622. #endif /* CONFIG_ACPI */
  2623. static int btintel_set_specific_absorption_rate(struct hci_dev *hdev,
  2624. struct intel_version_tlv *ver)
  2625. {
  2626. #ifdef CONFIG_ACPI
  2627. return btintel_acpi_set_sar(hdev, ver);
  2628. #endif
  2629. return 0;
  2630. }
  2631. int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
  2632. struct intel_version_tlv *ver)
  2633. {
  2634. u32 boot_param;
  2635. char ddcname[64];
  2636. int err;
  2637. struct intel_version_tlv new_ver;
  2638. bt_dev_dbg(hdev, "");
  2639. /* Set the default boot parameter to 0x0 and it is updated to
  2640. * SKU specific boot parameter after reading Intel_Write_Boot_Params
  2641. * command while downloading the firmware.
  2642. */
  2643. boot_param = 0x00000000;
  2644. /* In case of PCIe, this function might get called multiple times with
  2645. * same hdev instance if there is any error on firmware download.
  2646. * Need to clear stale bits of previous firmware download attempt.
  2647. */
  2648. for (int i = 0; i < __INTEL_NUM_FLAGS; i++)
  2649. btintel_clear_flag(hdev, i);
  2650. btintel_set_flag(hdev, INTEL_BOOTLOADER);
  2651. err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
  2652. if (err)
  2653. return err;
  2654. /* check if controller is already having an operational firmware */
  2655. if (ver->img_type == BTINTEL_IMG_OP)
  2656. goto finish;
  2657. err = btintel_boot(hdev, boot_param);
  2658. if (err)
  2659. return err;
  2660. err = btintel_read_version_tlv(hdev, ver);
  2661. if (err)
  2662. return err;
  2663. /* set drive strength of BRI response */
  2664. err = btintel_set_dsbr(hdev, ver);
  2665. if (err) {
  2666. bt_dev_err(hdev, "Failed to send dsbr command (%d)", err);
  2667. return err;
  2668. }
  2669. /* If image type returned is BTINTEL_IMG_IML, then controller supports
  2670. * intermediate loader image
  2671. */
  2672. if (ver->img_type == BTINTEL_IMG_IML) {
  2673. err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
  2674. if (err)
  2675. return err;
  2676. err = btintel_boot(hdev, boot_param);
  2677. if (err)
  2678. return err;
  2679. }
  2680. btintel_clear_flag(hdev, INTEL_BOOTLOADER);
  2681. btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc");
  2682. /* Once the device is running in operational mode, it needs to
  2683. * apply the device configuration (DDC) parameters.
  2684. *
  2685. * The device can work without DDC parameters, so even if it
  2686. * fails to load the file, no need to fail the setup.
  2687. */
  2688. btintel_load_ddc_config(hdev, ddcname);
  2689. /* Read supported use cases and set callbacks to fetch datapath id */
  2690. btintel_configure_offload(hdev);
  2691. hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
  2692. /* Send sar values to controller */
  2693. btintel_set_specific_absorption_rate(hdev, ver);
  2694. /* Set PPAG feature */
  2695. btintel_set_ppag(hdev, ver);
  2696. /* Read the Intel version information after loading the FW */
  2697. err = btintel_read_version_tlv(hdev, &new_ver);
  2698. if (err)
  2699. return err;
  2700. btintel_version_info_tlv(hdev, &new_ver);
  2701. finish:
  2702. /* Set the event mask for Intel specific vendor events. This enables
  2703. * a few extra events that are useful during general operation. It
  2704. * does not enable any debugging related events.
  2705. *
  2706. * The device will function correctly without these events enabled
  2707. * and thus no need to fail the setup.
  2708. */
  2709. btintel_set_event_mask(hdev, false);
  2710. return 0;
  2711. }
  2712. EXPORT_SYMBOL_GPL(btintel_bootloader_setup_tlv);
  2713. void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant)
  2714. {
  2715. switch (hw_variant) {
  2716. /* Legacy bootloader devices that supports MSFT Extension */
  2717. case 0x11: /* JfP */
  2718. case 0x12: /* ThP */
  2719. case 0x13: /* HrP */
  2720. case 0x14: /* CcP */
  2721. /* All Intel new generation controllers support the Microsoft vendor
  2722. * extension are using 0xFC1E for VsMsftOpCode.
  2723. */
  2724. case 0x17:
  2725. case 0x18:
  2726. case 0x19:
  2727. case 0x1b:
  2728. case 0x1c:
  2729. case 0x1d:
  2730. case 0x1e:
  2731. case 0x1f:
  2732. case 0x22:
  2733. hci_set_msft_opcode(hdev, 0xFC1E);
  2734. break;
  2735. default:
  2736. /* Not supported */
  2737. break;
  2738. }
  2739. }
  2740. EXPORT_SYMBOL_GPL(btintel_set_msft_opcode);
  2741. void btintel_print_fseq_info(struct hci_dev *hdev)
  2742. {
  2743. struct sk_buff *skb;
  2744. u8 *p;
  2745. u32 val;
  2746. const char *str;
  2747. skb = __hci_cmd_sync(hdev, 0xfcb3, 0, NULL, HCI_CMD_TIMEOUT);
  2748. if (IS_ERR(skb)) {
  2749. bt_dev_dbg(hdev, "Reading fseq status command failed (%ld)",
  2750. PTR_ERR(skb));
  2751. return;
  2752. }
  2753. if (skb->len < (sizeof(u32) * 16 + 2)) {
  2754. bt_dev_dbg(hdev, "Malformed packet of length %u received",
  2755. skb->len);
  2756. kfree_skb(skb);
  2757. return;
  2758. }
  2759. p = skb_pull_data(skb, 1);
  2760. if (*p) {
  2761. bt_dev_dbg(hdev, "Failed to get fseq status (0x%2.2x)", *p);
  2762. kfree_skb(skb);
  2763. return;
  2764. }
  2765. p = skb_pull_data(skb, 1);
  2766. switch (*p) {
  2767. case 0:
  2768. str = "Success";
  2769. break;
  2770. case 1:
  2771. str = "Fatal error";
  2772. break;
  2773. case 2:
  2774. str = "Semaphore acquire error";
  2775. break;
  2776. default:
  2777. str = "Unknown error";
  2778. break;
  2779. }
  2780. if (*p) {
  2781. bt_dev_err(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
  2782. kfree_skb(skb);
  2783. return;
  2784. }
  2785. bt_dev_info(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
  2786. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2787. bt_dev_dbg(hdev, "Reason: 0x%8.8x", val);
  2788. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2789. bt_dev_dbg(hdev, "Global version: 0x%8.8x", val);
  2790. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2791. bt_dev_dbg(hdev, "Installed version: 0x%8.8x", val);
  2792. p = skb->data;
  2793. skb_pull_data(skb, 4);
  2794. bt_dev_info(hdev, "Fseq executed: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
  2795. p[2], p[3]);
  2796. p = skb->data;
  2797. skb_pull_data(skb, 4);
  2798. bt_dev_info(hdev, "Fseq BT Top: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
  2799. p[2], p[3]);
  2800. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2801. bt_dev_dbg(hdev, "Fseq Top init version: 0x%8.8x", val);
  2802. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2803. bt_dev_dbg(hdev, "Fseq Cnvio init version: 0x%8.8x", val);
  2804. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2805. bt_dev_dbg(hdev, "Fseq MBX Wifi file version: 0x%8.8x", val);
  2806. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2807. bt_dev_dbg(hdev, "Fseq BT version: 0x%8.8x", val);
  2808. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2809. bt_dev_dbg(hdev, "Fseq Top reset address: 0x%8.8x", val);
  2810. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2811. bt_dev_dbg(hdev, "Fseq MBX timeout: 0x%8.8x", val);
  2812. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2813. bt_dev_dbg(hdev, "Fseq MBX ack: 0x%8.8x", val);
  2814. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2815. bt_dev_dbg(hdev, "Fseq CNVi id: 0x%8.8x", val);
  2816. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2817. bt_dev_dbg(hdev, "Fseq CNVr id: 0x%8.8x", val);
  2818. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2819. bt_dev_dbg(hdev, "Fseq Error handle: 0x%8.8x", val);
  2820. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2821. bt_dev_dbg(hdev, "Fseq Magic noalive indication: 0x%8.8x", val);
  2822. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2823. bt_dev_dbg(hdev, "Fseq OTP version: 0x%8.8x", val);
  2824. val = get_unaligned_le32(skb_pull_data(skb, 4));
  2825. bt_dev_dbg(hdev, "Fseq MBX otp version: 0x%8.8x", val);
  2826. kfree_skb(skb);
  2827. }
  2828. EXPORT_SYMBOL_GPL(btintel_print_fseq_info);
  2829. static int btintel_setup_combined(struct hci_dev *hdev)
  2830. {
  2831. const u8 param[1] = { 0xFF };
  2832. struct intel_version ver;
  2833. struct intel_version_tlv ver_tlv;
  2834. struct sk_buff *skb;
  2835. int err;
  2836. BT_DBG("%s", hdev->name);
  2837. /* The some controllers have a bug with the first HCI command sent to it
  2838. * returning number of completed commands as zero. This would stall the
  2839. * command processing in the Bluetooth core.
  2840. *
  2841. * As a workaround, send HCI Reset command first which will reset the
  2842. * number of completed commands and allow normal command processing
  2843. * from now on.
  2844. *
  2845. * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe
  2846. * in the SW_RFKILL ON state as a workaround of fixing LED issue during
  2847. * the shutdown() procedure, and once the device is in SW_RFKILL ON
  2848. * state, the only way to exit out of it is sending the HCI_Reset
  2849. * command.
  2850. */
  2851. if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) ||
  2852. btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
  2853. skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
  2854. HCI_INIT_TIMEOUT);
  2855. if (IS_ERR(skb)) {
  2856. bt_dev_err(hdev,
  2857. "sending initial HCI reset failed (%ld)",
  2858. PTR_ERR(skb));
  2859. return PTR_ERR(skb);
  2860. }
  2861. kfree_skb(skb);
  2862. }
  2863. /* Starting from TyP device, the command parameter and response are
  2864. * changed even though the OCF for HCI_Intel_Read_Version command
  2865. * remains same. The legacy devices can handle even if the
  2866. * command has a parameter and returns a correct version information.
  2867. * So, it uses new format to support both legacy and new format.
  2868. */
  2869. skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
  2870. if (IS_ERR(skb)) {
  2871. bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
  2872. PTR_ERR(skb));
  2873. return PTR_ERR(skb);
  2874. }
  2875. /* Check the status */
  2876. if (skb->data[0]) {
  2877. bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
  2878. skb->data[0]);
  2879. err = -EIO;
  2880. goto exit_error;
  2881. }
  2882. /* Apply the common HCI quirks for Intel device */
  2883. hci_set_quirk(hdev, HCI_QUIRK_STRICT_DUPLICATE_FILTER);
  2884. hci_set_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY);
  2885. hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_DIAG);
  2886. /* Set up the quality report callback for Intel devices */
  2887. hdev->set_quality_report = btintel_set_quality_report;
  2888. /* For Legacy device, check the HW platform value and size */
  2889. if (skb->len == sizeof(ver) && skb->data[1] == 0x37) {
  2890. bt_dev_dbg(hdev, "Read the legacy Intel version information");
  2891. memcpy(&ver, skb->data, sizeof(ver));
  2892. /* Display version information */
  2893. btintel_version_info(hdev, &ver);
  2894. /* Check for supported iBT hardware variants of this firmware
  2895. * loading method.
  2896. *
  2897. * This check has been put in place to ensure correct forward
  2898. * compatibility options when newer hardware variants come
  2899. * along.
  2900. */
  2901. switch (ver.hw_variant) {
  2902. case 0x07: /* WP */
  2903. case 0x08: /* StP */
  2904. /* Legacy ROM product */
  2905. btintel_set_flag(hdev, INTEL_ROM_LEGACY);
  2906. /* Apply the device specific HCI quirks
  2907. *
  2908. * WBS for SdP - For the Legacy ROM products, only SdP
  2909. * supports the WBS. But the version information is not
  2910. * enough to use here because the StP2 and SdP have same
  2911. * hw_variant and fw_variant. So, this flag is set by
  2912. * the transport driver (btusb) based on the HW info
  2913. * (idProduct)
  2914. */
  2915. if (!btintel_test_flag(hdev,
  2916. INTEL_ROM_LEGACY_NO_WBS_SUPPORT))
  2917. hci_set_quirk(hdev,
  2918. HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
  2919. err = btintel_legacy_rom_setup(hdev, &ver);
  2920. break;
  2921. case 0x0b: /* SfP */
  2922. case 0x11: /* JfP */
  2923. case 0x12: /* ThP */
  2924. case 0x13: /* HrP */
  2925. case 0x14: /* CcP */
  2926. fallthrough;
  2927. case 0x0c: /* WsP */
  2928. /* Apply the device specific HCI quirks
  2929. *
  2930. * All Legacy bootloader devices support WBS
  2931. */
  2932. hci_set_quirk(hdev,
  2933. HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
  2934. /* These variants don't seem to support LE Coded PHY */
  2935. hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LE_CODED);
  2936. /* Setup MSFT Extension support */
  2937. btintel_set_msft_opcode(hdev, ver.hw_variant);
  2938. err = btintel_bootloader_setup(hdev, &ver);
  2939. btintel_register_devcoredump_support(hdev);
  2940. break;
  2941. default:
  2942. bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
  2943. ver.hw_variant);
  2944. err = -EINVAL;
  2945. }
  2946. hci_set_hw_info(hdev,
  2947. "INTEL platform=%u variant=%u revision=%u",
  2948. ver.hw_platform, ver.hw_variant,
  2949. ver.hw_revision);
  2950. goto exit_error;
  2951. }
  2952. /* memset ver_tlv to start with clean state as few fields are exclusive
  2953. * to bootloader mode and are not populated in operational mode
  2954. */
  2955. memset(&ver_tlv, 0, sizeof(ver_tlv));
  2956. /* For TLV type device, parse the tlv data */
  2957. err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
  2958. if (err) {
  2959. bt_dev_err(hdev, "Failed to parse TLV version information");
  2960. goto exit_error;
  2961. }
  2962. if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) {
  2963. bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
  2964. INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
  2965. err = -EINVAL;
  2966. goto exit_error;
  2967. }
  2968. /* Check for supported iBT hardware variants of this firmware
  2969. * loading method.
  2970. *
  2971. * This check has been put in place to ensure correct forward
  2972. * compatibility options when newer hardware variants come
  2973. * along.
  2974. */
  2975. switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
  2976. case 0x11: /* JfP */
  2977. case 0x12: /* ThP */
  2978. case 0x13: /* HrP */
  2979. case 0x14: /* CcP */
  2980. /* Some legacy bootloader devices starting from JfP,
  2981. * the operational firmware supports both old and TLV based
  2982. * HCI_Intel_Read_Version command based on the command
  2983. * parameter.
  2984. *
  2985. * For upgrading firmware case, the TLV based version cannot
  2986. * be used because the firmware filename for legacy bootloader
  2987. * is based on the old format.
  2988. *
  2989. * Also, it is not easy to convert TLV based version from the
  2990. * legacy version format.
  2991. *
  2992. * So, as a workaround for those devices, use the legacy
  2993. * HCI_Intel_Read_Version to get the version information and
  2994. * run the legacy bootloader setup.
  2995. */
  2996. err = btintel_read_version(hdev, &ver);
  2997. if (err)
  2998. break;
  2999. /* Apply the device specific HCI quirks
  3000. *
  3001. * All Legacy bootloader devices support WBS
  3002. */
  3003. hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
  3004. /* These variants don't seem to support LE Coded PHY */
  3005. hci_set_quirk(hdev, HCI_QUIRK_BROKEN_LE_CODED);
  3006. /* Setup MSFT Extension support */
  3007. btintel_set_msft_opcode(hdev, ver.hw_variant);
  3008. err = btintel_bootloader_setup(hdev, &ver);
  3009. btintel_register_devcoredump_support(hdev);
  3010. break;
  3011. case 0x18: /* GfP2 */
  3012. case 0x1c: /* GaP */
  3013. /* Re-classify packet type for controllers with LE audio */
  3014. hdev->classify_pkt_type = btintel_classify_pkt_type;
  3015. fallthrough;
  3016. case 0x17:
  3017. case 0x19:
  3018. case 0x1b:
  3019. case 0x1d:
  3020. case 0x1e:
  3021. case 0x1f:
  3022. case 0x22:
  3023. /* Display version information of TLV type */
  3024. btintel_version_info_tlv(hdev, &ver_tlv);
  3025. /* Apply the device specific HCI quirks for TLV based devices
  3026. *
  3027. * All TLV based devices support WBS
  3028. */
  3029. hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED);
  3030. /* Setup MSFT Extension support */
  3031. btintel_set_msft_opcode(hdev,
  3032. INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
  3033. btintel_set_dsm_reset_method(hdev, &ver_tlv);
  3034. err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
  3035. if (err)
  3036. goto exit_error;
  3037. btintel_register_devcoredump_support(hdev);
  3038. btintel_print_fseq_info(hdev);
  3039. break;
  3040. default:
  3041. bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
  3042. INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
  3043. err = -EINVAL;
  3044. break;
  3045. }
  3046. hci_set_hw_info(hdev, "INTEL platform=%u variant=%u",
  3047. INTEL_HW_PLATFORM(ver_tlv.cnvi_bt),
  3048. INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
  3049. exit_error:
  3050. kfree_skb(skb);
  3051. return err;
  3052. }
  3053. int btintel_shutdown_combined(struct hci_dev *hdev)
  3054. {
  3055. struct sk_buff *skb;
  3056. int ret;
  3057. /* Send HCI Reset to the controller to stop any BT activity which
  3058. * were triggered. This will help to save power and maintain the
  3059. * sync b/w Host and controller
  3060. */
  3061. skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
  3062. if (IS_ERR(skb)) {
  3063. bt_dev_err(hdev, "HCI reset during shutdown failed");
  3064. return PTR_ERR(skb);
  3065. }
  3066. kfree_skb(skb);
  3067. /* Some platforms have an issue with BT LED when the interface is
  3068. * down or BT radio is turned off, which takes 5 seconds to BT LED
  3069. * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the
  3070. * device in the RFKILL ON state which turns off the BT LED immediately.
  3071. */
  3072. if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
  3073. skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
  3074. if (IS_ERR(skb)) {
  3075. ret = PTR_ERR(skb);
  3076. bt_dev_err(hdev, "turning off Intel device LED failed");
  3077. return ret;
  3078. }
  3079. kfree_skb(skb);
  3080. }
  3081. return 0;
  3082. }
  3083. EXPORT_SYMBOL_GPL(btintel_shutdown_combined);
  3084. int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name)
  3085. {
  3086. hdev->manufacturer = 2;
  3087. hdev->setup = btintel_setup_combined;
  3088. hdev->shutdown = btintel_shutdown_combined;
  3089. hdev->hw_error = btintel_hw_error;
  3090. hdev->set_diag = btintel_set_diag_combined;
  3091. hdev->set_bdaddr = btintel_set_bdaddr;
  3092. coredump_info.driver_name = driver_name;
  3093. return 0;
  3094. }
  3095. EXPORT_SYMBOL_GPL(btintel_configure_setup);
  3096. static int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
  3097. {
  3098. struct intel_tlv *tlv = (void *)&skb->data[5];
  3099. /* The first event is always an event type TLV */
  3100. if (tlv->type != INTEL_TLV_TYPE_ID)
  3101. goto recv_frame;
  3102. switch (tlv->val[0]) {
  3103. case INTEL_TLV_SYSTEM_EXCEPTION:
  3104. case INTEL_TLV_FATAL_EXCEPTION:
  3105. case INTEL_TLV_DEBUG_EXCEPTION:
  3106. case INTEL_TLV_TEST_EXCEPTION:
  3107. /* Generate devcoredump from exception */
  3108. if (!hci_devcd_init(hdev, skb->len)) {
  3109. hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC));
  3110. hci_devcd_complete(hdev);
  3111. } else {
  3112. bt_dev_err(hdev, "Failed to generate devcoredump");
  3113. }
  3114. break;
  3115. default:
  3116. bt_dev_err(hdev, "Invalid exception type %02X", tlv->val[0]);
  3117. }
  3118. recv_frame:
  3119. return hci_recv_frame(hdev, skb);
  3120. }
  3121. int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
  3122. {
  3123. struct hci_event_hdr *hdr = (void *)skb->data;
  3124. const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
  3125. if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
  3126. hdr->plen > 0) {
  3127. const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
  3128. unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
  3129. if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
  3130. switch (skb->data[2]) {
  3131. case 0x02:
  3132. /* When switching to the operational firmware
  3133. * the device sends a vendor specific event
  3134. * indicating that the bootup completed.
  3135. */
  3136. btintel_bootup(hdev, ptr, len);
  3137. kfree_skb(skb);
  3138. return 0;
  3139. case 0x06:
  3140. /* When the firmware loading completes the
  3141. * device sends out a vendor specific event
  3142. * indicating the result of the firmware
  3143. * loading.
  3144. */
  3145. btintel_secure_send_result(hdev, ptr, len);
  3146. kfree_skb(skb);
  3147. return 0;
  3148. }
  3149. }
  3150. /* Handle all diagnostics events separately. May still call
  3151. * hci_recv_frame.
  3152. */
  3153. if (len >= sizeof(diagnostics_hdr) &&
  3154. memcmp(&skb->data[2], diagnostics_hdr,
  3155. sizeof(diagnostics_hdr)) == 0) {
  3156. return btintel_diagnostics(hdev, skb);
  3157. }
  3158. }
  3159. return hci_recv_frame(hdev, skb);
  3160. }
  3161. EXPORT_SYMBOL_GPL(btintel_recv_event);
  3162. void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len)
  3163. {
  3164. const struct intel_bootup *evt = ptr;
  3165. if (len != sizeof(*evt))
  3166. return;
  3167. if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING))
  3168. btintel_wake_up_flag(hdev, INTEL_BOOTING);
  3169. }
  3170. EXPORT_SYMBOL_GPL(btintel_bootup);
  3171. void btintel_secure_send_result(struct hci_dev *hdev,
  3172. const void *ptr, unsigned int len)
  3173. {
  3174. const struct intel_secure_send_result *evt = ptr;
  3175. if (len != sizeof(*evt))
  3176. return;
  3177. if (evt->result)
  3178. btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED);
  3179. if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) &&
  3180. btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED))
  3181. btintel_wake_up_flag(hdev, INTEL_DOWNLOADING);
  3182. }
  3183. EXPORT_SYMBOL_GPL(btintel_secure_send_result);
  3184. MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
  3185. MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
  3186. MODULE_VERSION(VERSION);
  3187. MODULE_LICENSE("GPL");
  3188. MODULE_FIRMWARE("intel/ibt-11-5.sfi");
  3189. MODULE_FIRMWARE("intel/ibt-11-5.ddc");
  3190. MODULE_FIRMWARE("intel/ibt-12-16.sfi");
  3191. MODULE_FIRMWARE("intel/ibt-12-16.ddc");