3
* BlueZ - Bluetooth protocol stack for Linux
5
* Copyright (C) 2005-2010 Marcel Holtmann <marcel@holtmann.org>
6
* Copyright (c) 2010, Code Aurora Forum. All rights reserved.
9
* This program is free software; you can redistribute it and/or modify
10
* it under the terms of the GNU General Public License as published by
11
* the Free Software Foundation; either version 2 of the License, or
12
* (at your option) any later version.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program; if not, write to the Free Software
21
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
41
#include <sys/param.h>
42
#include <sys/ioctl.h>
43
#include <sys/socket.h>
46
#include <bluetooth/bluetooth.h>
47
#include <bluetooth/hci.h>
48
#include <bluetooth/hci_lib.h>
50
#include "hciattach.h"
52
#define FAILIF(x, args...) do { \
54
fprintf(stderr, ##args); \
61
hci_event_hdr hci_hdr;
62
evt_cmd_complete cmd_complete;
65
} __attribute__((packed)) command_complete_t;
67
static int read_command_complete(int fd,
68
unsigned short opcode,
71
command_complete_t resp;
72
unsigned char vsevent[512];
76
n = read_hci_event(fd, vsevent, sizeof(vsevent));
77
FAILIF(n < 0, "Failed to read response");
79
FAILIF(vsevent[1] != 0xFF, "Failed to read response");
81
n = read_hci_event(fd, (unsigned char *)&resp, sizeof(resp));
82
FAILIF(n < 0, "Failed to read response");
84
/* event must be event-complete */
85
FAILIF(resp.hci_hdr.evt != EVT_CMD_COMPLETE,
86
"Error in response: not a cmd-complete event, "
87
"but 0x%02x!\n", resp.hci_hdr.evt);
89
FAILIF(resp.hci_hdr.plen < 4, /* plen >= 4 for EVT_CMD_COMPLETE */
90
"Error in response: plen is not >= 4, but 0x%02x!\n",
93
/* cmd-complete event: opcode */
94
FAILIF(resp.cmd_complete.opcode != 0,
95
"Error in response: opcode is 0x%04x, not 0!",
96
resp.cmd_complete.opcode);
98
return resp.status == 0 ? 0 : -1;
101
static int qualcomm_load_firmware(int fd, const char *firmware, const char *bdaddr_s)
104
int fw = open(firmware, O_RDONLY);
106
fprintf(stdout, "Opening firmware file: %s\n", firmware);
109
"Could not open firmware file %s: %s (%d).\n",
110
firmware, strerror(errno), errno);
112
fprintf(stdout, "Uploading firmware...\n");
114
/* Read each command and wait for a response. */
115
unsigned char data[1024];
116
unsigned char cmdp[1 + sizeof(hci_command_hdr)];
117
hci_command_hdr *cmd = (hci_command_hdr *) (cmdp + 1);
120
nr = read(fw, cmdp, sizeof(cmdp));
124
FAILIF(nr != sizeof(cmdp),
125
"Could not read H4 + HCI header!\n");
126
FAILIF(*cmdp != HCI_COMMAND_PKT,
127
"Command is not an H4 command packet!\n");
129
FAILIF(read(fw, data, cmd->plen) != cmd->plen,
130
"Could not read %d bytes of data \
131
for command with opcode %04x!\n",
132
cmd->plen, cmd->opcode);
134
if ((data[0] == 1) && (data[1] == 2) && (data[2] == 6)) {
136
if (bdaddr_s != NULL) {
137
str2ba(bdaddr_s, &bdaddr);
138
memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
144
struct iovec iov_cmd[2];
145
iov_cmd[0].iov_base = cmdp;
146
iov_cmd[0].iov_len = sizeof(cmdp);
147
iov_cmd[1].iov_base = data;
148
iov_cmd[1].iov_len = cmd->plen;
149
nw = writev(fd, iov_cmd, 2);
150
FAILIF(nw != (int) sizeof(cmdp) + cmd->plen,
151
"Could not send entire command \
152
(sent only %d bytes)!\n",
156
/* Wait for response */
157
if (read_command_complete(fd, cmd->opcode, cmd->plen) < 0)
160
fprintf(stdout, "Firmware upload successful.\n");
167
int qualcomm_init(int fd, int speed, struct termios *ti, const char *bdaddr)
169
struct timespec tm = {0, 50000};
171
unsigned char resp[100]; /* Response */
175
memset(resp, 0, 100);
177
/* Get Manufacturer and LMP version */
178
cmd[0] = HCI_COMMAND_PKT;
184
n = write(fd, cmd, 4);
186
perror("Failed to write init command");
191
if (read_hci_event(fd, resp, 100) < 0) {
192
perror("Failed to read init response");
196
/* Wait for command complete event for our Opcode */
197
} while (resp[4] != cmd[1] && resp[5] != cmd[2]);
199
/* Verify manufacturer */
200
if ((resp[11] & 0xFF) != 0x1d)
202
"WARNING : module's manufacturer is not Qualcomm\n");
204
/* Print LMP version */
206
"Qualcomm module LMP version : 0x%02x\n", resp[10] & 0xFF);
208
/* Print LMP subversion */
210
unsigned short lmp_subv = resp[13] | (resp[14] << 8);
212
fprintf(stderr, "Qualcomm module LMP sub-version : 0x%04x\n",
217
cmd[0] = HCI_COMMAND_PKT;
224
n = write(fd, cmd, 5);
226
perror("Failed to write vendor init command");
231
if ((n = read_hci_event(fd, resp, 100)) < 0) {
232
perror("Failed to read vendor init response");
236
} while (resp[3] != 0 && resp[4] != 2);
238
snprintf(fw, sizeof(fw), "/etc/firmware/%c%c%c%c%c%c_%c%c%c%c.bin",
239
resp[18], resp[19], resp[20], resp[21],
241
resp[32], resp[33], resp[34], resp[35]);
243
/* Wait for command complete event for our Opcode */
244
if (read_hci_event(fd, resp, 100) < 0) {
245
perror("Failed to read init response");
249
qualcomm_load_firmware(fd, fw, bdaddr);
252
cmd[0] = HCI_COMMAND_PKT;
258
n = write(fd, cmd, 4);
260
perror("Failed to write reset command");
265
if ((n = read_hci_event(fd, resp, 100)) < 0) {
266
perror("Failed to read reset response");
270
} while (resp[4] != cmd[1] && resp[5] != cmd[2]);
272
nanosleep(&tm, NULL);