1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth support for Intel devices 5 * 6 * Copyright (C) 2015 Intel Corporation 7 */ 8 9 #include <linux/module.h> 10 #include <linux/firmware.h> 11 #include <linux/regmap.h> 12 #include <linux/acpi.h> 13 #include <asm/unaligned.h> 14 15 #include <net/bluetooth/bluetooth.h> 16 #include <net/bluetooth/hci_core.h> 17 18 #include "btintel.h" 19 20 #define VERSION "0.1" 21 22 #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 23 #define RSA_HEADER_LEN 644 24 #define CSS_HEADER_OFFSET 8 25 #define ECDSA_OFFSET 644 26 #define ECDSA_HEADER_LEN 320 27 28 #define BTINTEL_PPAG_NAME "PPAG" 29 #define BTINTEL_PPAG_PREFIX "\\_SB_.PCI0.XHCI.RHUB" 30 31 #define CMD_WRITE_BOOT_PARAMS 0xfc0e 32 struct cmd_write_boot_params { 33 __le32 boot_addr; 34 u8 fw_build_num; 35 u8 fw_build_ww; 36 u8 fw_build_yy; 37 } __packed; 38 39 int btintel_check_bdaddr(struct hci_dev *hdev) 40 { 41 struct hci_rp_read_bd_addr *bda; 42 struct sk_buff *skb; 43 44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 45 HCI_INIT_TIMEOUT); 46 if (IS_ERR(skb)) { 47 int err = PTR_ERR(skb); 48 bt_dev_err(hdev, "Reading Intel device address failed (%d)", 49 err); 50 return err; 51 } 52 53 if (skb->len != sizeof(*bda)) { 54 bt_dev_err(hdev, "Intel device address length mismatch"); 55 kfree_skb(skb); 56 return -EIO; 57 } 58 59 bda = (struct hci_rp_read_bd_addr *)skb->data; 60 61 /* For some Intel based controllers, the default Bluetooth device 62 * address 00:03:19:9E:8B:00 can be found. These controllers are 63 * fully operational, but have the danger of duplicate addresses 64 * and that in turn can cause problems with Bluetooth operation. 65 */ 66 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { 67 bt_dev_err(hdev, "Found Intel default device address (%pMR)", 68 &bda->bdaddr); 69 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 70 } 71 72 kfree_skb(skb); 73 74 return 0; 75 } 76 EXPORT_SYMBOL_GPL(btintel_check_bdaddr); 77 78 int btintel_enter_mfg(struct hci_dev *hdev) 79 { 80 static const u8 param[] = { 0x01, 0x00 }; 81 struct sk_buff *skb; 82 83 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 84 if (IS_ERR(skb)) { 85 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)", 86 PTR_ERR(skb)); 87 return PTR_ERR(skb); 88 } 89 kfree_skb(skb); 90 91 return 0; 92 } 93 EXPORT_SYMBOL_GPL(btintel_enter_mfg); 94 95 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched) 96 { 97 u8 param[] = { 0x00, 0x00 }; 98 struct sk_buff *skb; 99 100 /* The 2nd command parameter specifies the manufacturing exit method: 101 * 0x00: Just disable the manufacturing mode (0x00). 102 * 0x01: Disable manufacturing mode and reset with patches deactivated. 103 * 0x02: Disable manufacturing mode and reset with patches activated. 104 */ 105 if (reset) 106 param[1] |= patched ? 0x02 : 0x01; 107 108 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 109 if (IS_ERR(skb)) { 110 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)", 111 PTR_ERR(skb)); 112 return PTR_ERR(skb); 113 } 114 kfree_skb(skb); 115 116 return 0; 117 } 118 EXPORT_SYMBOL_GPL(btintel_exit_mfg); 119 120 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 121 { 122 struct sk_buff *skb; 123 int err; 124 125 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 126 if (IS_ERR(skb)) { 127 err = PTR_ERR(skb); 128 bt_dev_err(hdev, "Changing Intel device address failed (%d)", 129 err); 130 return err; 131 } 132 kfree_skb(skb); 133 134 return 0; 135 } 136 EXPORT_SYMBOL_GPL(btintel_set_bdaddr); 137 138 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug) 139 { 140 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 141 struct sk_buff *skb; 142 int err; 143 144 if (debug) 145 mask[1] |= 0x62; 146 147 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); 148 if (IS_ERR(skb)) { 149 err = PTR_ERR(skb); 150 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err); 151 return err; 152 } 153 kfree_skb(skb); 154 155 return 0; 156 } 157 158 int btintel_set_diag(struct hci_dev *hdev, bool enable) 159 { 160 struct sk_buff *skb; 161 u8 param[3]; 162 int err; 163 164 if (enable) { 165 param[0] = 0x03; 166 param[1] = 0x03; 167 param[2] = 0x03; 168 } else { 169 param[0] = 0x00; 170 param[1] = 0x00; 171 param[2] = 0x00; 172 } 173 174 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); 175 if (IS_ERR(skb)) { 176 err = PTR_ERR(skb); 177 if (err == -ENODATA) 178 goto done; 179 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)", 180 err); 181 return err; 182 } 183 kfree_skb(skb); 184 185 done: 186 btintel_set_event_mask(hdev, enable); 187 return 0; 188 } 189 EXPORT_SYMBOL_GPL(btintel_set_diag); 190 191 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) 192 { 193 int err, ret; 194 195 err = btintel_enter_mfg(hdev); 196 if (err) 197 return err; 198 199 ret = btintel_set_diag(hdev, enable); 200 201 err = btintel_exit_mfg(hdev, false, false); 202 if (err) 203 return err; 204 205 return ret; 206 } 207 208 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable) 209 { 210 int ret; 211 212 /* Legacy ROM device needs to be in the manufacturer mode to apply 213 * diagnostic setting 214 * 215 * This flag is set after reading the Intel version. 216 */ 217 if (btintel_test_flag(hdev, INTEL_ROM_LEGACY)) 218 ret = btintel_set_diag_mfg(hdev, enable); 219 else 220 ret = btintel_set_diag(hdev, enable); 221 222 return ret; 223 } 224 225 static void btintel_hw_error(struct hci_dev *hdev, u8 code) 226 { 227 struct sk_buff *skb; 228 u8 type = 0x00; 229 230 bt_dev_err(hdev, "Hardware error 0x%2.2x", code); 231 232 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 233 if (IS_ERR(skb)) { 234 bt_dev_err(hdev, "Reset after hardware error failed (%ld)", 235 PTR_ERR(skb)); 236 return; 237 } 238 kfree_skb(skb); 239 240 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); 241 if (IS_ERR(skb)) { 242 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)", 243 PTR_ERR(skb)); 244 return; 245 } 246 247 if (skb->len != 13) { 248 bt_dev_err(hdev, "Exception info size mismatch"); 249 kfree_skb(skb); 250 return; 251 } 252 253 bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1)); 254 255 kfree_skb(skb); 256 } 257 258 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) 259 { 260 const char *variant; 261 262 /* The hardware platform number has a fixed value of 0x37 and 263 * for now only accept this single value. 264 */ 265 if (ver->hw_platform != 0x37) { 266 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 267 ver->hw_platform); 268 return -EINVAL; 269 } 270 271 /* Check for supported iBT hardware variants of this firmware 272 * loading method. 273 * 274 * This check has been put in place to ensure correct forward 275 * compatibility options when newer hardware variants come along. 276 */ 277 switch (ver->hw_variant) { 278 case 0x07: /* WP - Legacy ROM */ 279 case 0x08: /* StP - Legacy ROM */ 280 case 0x0b: /* SfP */ 281 case 0x0c: /* WsP */ 282 case 0x11: /* JfP */ 283 case 0x12: /* ThP */ 284 case 0x13: /* HrP */ 285 case 0x14: /* CcP */ 286 break; 287 default: 288 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 289 ver->hw_variant); 290 return -EINVAL; 291 } 292 293 switch (ver->fw_variant) { 294 case 0x01: 295 variant = "Legacy ROM 2.5"; 296 break; 297 case 0x06: 298 variant = "Bootloader"; 299 break; 300 case 0x22: 301 variant = "Legacy ROM 2.x"; 302 break; 303 case 0x23: 304 variant = "Firmware"; 305 break; 306 default: 307 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant); 308 return -EINVAL; 309 } 310 311 bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u", 312 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, 313 ver->fw_build_num, ver->fw_build_ww, 314 2000 + ver->fw_build_yy); 315 316 return 0; 317 } 318 EXPORT_SYMBOL_GPL(btintel_version_info); 319 320 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, 321 const void *param) 322 { 323 while (plen > 0) { 324 struct sk_buff *skb; 325 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; 326 327 cmd_param[0] = fragment_type; 328 memcpy(cmd_param + 1, param, fragment_len); 329 330 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, 331 cmd_param, HCI_INIT_TIMEOUT); 332 if (IS_ERR(skb)) 333 return PTR_ERR(skb); 334 335 kfree_skb(skb); 336 337 plen -= fragment_len; 338 param += fragment_len; 339 } 340 341 return 0; 342 } 343 344 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) 345 { 346 const struct firmware *fw; 347 struct sk_buff *skb; 348 const u8 *fw_ptr; 349 int err; 350 351 err = request_firmware_direct(&fw, ddc_name, &hdev->dev); 352 if (err < 0) { 353 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", 354 ddc_name, err); 355 return err; 356 } 357 358 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); 359 360 fw_ptr = fw->data; 361 362 /* DDC file contains one or more DDC structure which has 363 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). 364 */ 365 while (fw->size > fw_ptr - fw->data) { 366 u8 cmd_plen = fw_ptr[0] + sizeof(u8); 367 368 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, 369 HCI_INIT_TIMEOUT); 370 if (IS_ERR(skb)) { 371 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", 372 PTR_ERR(skb)); 373 release_firmware(fw); 374 return PTR_ERR(skb); 375 } 376 377 fw_ptr += cmd_plen; 378 kfree_skb(skb); 379 } 380 381 release_firmware(fw); 382 383 bt_dev_info(hdev, "Applying Intel DDC parameters completed"); 384 385 return 0; 386 } 387 EXPORT_SYMBOL_GPL(btintel_load_ddc_config); 388 389 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) 390 { 391 int err, ret; 392 393 err = btintel_enter_mfg(hdev); 394 if (err) 395 return err; 396 397 ret = btintel_set_event_mask(hdev, debug); 398 399 err = btintel_exit_mfg(hdev, false, false); 400 if (err) 401 return err; 402 403 return ret; 404 } 405 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); 406 407 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver) 408 { 409 struct sk_buff *skb; 410 411 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 412 if (IS_ERR(skb)) { 413 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 414 PTR_ERR(skb)); 415 return PTR_ERR(skb); 416 } 417 418 if (skb->len != sizeof(*ver)) { 419 bt_dev_err(hdev, "Intel version event size mismatch"); 420 kfree_skb(skb); 421 return -EILSEQ; 422 } 423 424 memcpy(ver, skb->data, sizeof(*ver)); 425 426 kfree_skb(skb); 427 428 return 0; 429 } 430 EXPORT_SYMBOL_GPL(btintel_read_version); 431 432 static int btintel_version_info_tlv(struct hci_dev *hdev, 433 struct intel_version_tlv *version) 434 { 435 const char *variant; 436 437 /* The hardware platform number has a fixed value of 0x37 and 438 * for now only accept this single value. 439 */ 440 if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) { 441 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 442 INTEL_HW_PLATFORM(version->cnvi_bt)); 443 return -EINVAL; 444 } 445 446 /* Check for supported iBT hardware variants of this firmware 447 * loading method. 448 * 449 * This check has been put in place to ensure correct forward 450 * compatibility options when newer hardware variants come along. 451 */ 452 switch (INTEL_HW_VARIANT(version->cnvi_bt)) { 453 case 0x17: /* TyP */ 454 case 0x18: /* Slr */ 455 case 0x19: /* Slr-F */ 456 case 0x1b: /* Mgr */ 457 break; 458 default: 459 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)", 460 INTEL_HW_VARIANT(version->cnvi_bt)); 461 return -EINVAL; 462 } 463 464 switch (version->img_type) { 465 case 0x01: 466 variant = "Bootloader"; 467 /* It is required that every single firmware fragment is acknowledged 468 * with a command complete event. If the boot parameters indicate 469 * that this bootloader does not send them, then abort the setup. 470 */ 471 if (version->limited_cce != 0x00) { 472 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)", 473 version->limited_cce); 474 return -EINVAL; 475 } 476 477 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */ 478 if (version->sbe_type > 0x01) { 479 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)", 480 version->sbe_type); 481 return -EINVAL; 482 } 483 484 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id); 485 bt_dev_info(hdev, "Secure boot is %s", 486 version->secure_boot ? "enabled" : "disabled"); 487 bt_dev_info(hdev, "OTP lock is %s", 488 version->otp_lock ? "enabled" : "disabled"); 489 bt_dev_info(hdev, "API lock is %s", 490 version->api_lock ? "enabled" : "disabled"); 491 bt_dev_info(hdev, "Debug lock is %s", 492 version->debug_lock ? "enabled" : "disabled"); 493 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 494 version->min_fw_build_nn, version->min_fw_build_cw, 495 2000 + version->min_fw_build_yy); 496 break; 497 case 0x03: 498 variant = "Firmware"; 499 break; 500 default: 501 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type); 502 return -EINVAL; 503 } 504 505 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant, 506 2000 + (version->timestamp >> 8), version->timestamp & 0xff, 507 version->build_type, version->build_num); 508 509 return 0; 510 } 511 512 static int btintel_parse_version_tlv(struct hci_dev *hdev, 513 struct intel_version_tlv *version, 514 struct sk_buff *skb) 515 { 516 /* Consume Command Complete Status field */ 517 skb_pull(skb, 1); 518 519 /* Event parameters contatin multiple TLVs. Read each of them 520 * and only keep the required data. Also, it use existing legacy 521 * version field like hw_platform, hw_variant, and fw_variant 522 * to keep the existing setup flow 523 */ 524 while (skb->len) { 525 struct intel_tlv *tlv; 526 527 /* Make sure skb has a minimum length of the header */ 528 if (skb->len < sizeof(*tlv)) 529 return -EINVAL; 530 531 tlv = (struct intel_tlv *)skb->data; 532 533 /* Make sure skb has a enough data */ 534 if (skb->len < tlv->len + sizeof(*tlv)) 535 return -EINVAL; 536 537 switch (tlv->type) { 538 case INTEL_TLV_CNVI_TOP: 539 version->cnvi_top = get_unaligned_le32(tlv->val); 540 break; 541 case INTEL_TLV_CNVR_TOP: 542 version->cnvr_top = get_unaligned_le32(tlv->val); 543 break; 544 case INTEL_TLV_CNVI_BT: 545 version->cnvi_bt = get_unaligned_le32(tlv->val); 546 break; 547 case INTEL_TLV_CNVR_BT: 548 version->cnvr_bt = get_unaligned_le32(tlv->val); 549 break; 550 case INTEL_TLV_DEV_REV_ID: 551 version->dev_rev_id = get_unaligned_le16(tlv->val); 552 break; 553 case INTEL_TLV_IMAGE_TYPE: 554 version->img_type = tlv->val[0]; 555 break; 556 case INTEL_TLV_TIME_STAMP: 557 /* If image type is Operational firmware (0x03), then 558 * running FW Calendar Week and Year information can 559 * be extracted from Timestamp information 560 */ 561 version->min_fw_build_cw = tlv->val[0]; 562 version->min_fw_build_yy = tlv->val[1]; 563 version->timestamp = get_unaligned_le16(tlv->val); 564 break; 565 case INTEL_TLV_BUILD_TYPE: 566 version->build_type = tlv->val[0]; 567 break; 568 case INTEL_TLV_BUILD_NUM: 569 /* If image type is Operational firmware (0x03), then 570 * running FW build number can be extracted from the 571 * Build information 572 */ 573 version->min_fw_build_nn = tlv->val[0]; 574 version->build_num = get_unaligned_le32(tlv->val); 575 break; 576 case INTEL_TLV_SECURE_BOOT: 577 version->secure_boot = tlv->val[0]; 578 break; 579 case INTEL_TLV_OTP_LOCK: 580 version->otp_lock = tlv->val[0]; 581 break; 582 case INTEL_TLV_API_LOCK: 583 version->api_lock = tlv->val[0]; 584 break; 585 case INTEL_TLV_DEBUG_LOCK: 586 version->debug_lock = tlv->val[0]; 587 break; 588 case INTEL_TLV_MIN_FW: 589 version->min_fw_build_nn = tlv->val[0]; 590 version->min_fw_build_cw = tlv->val[1]; 591 version->min_fw_build_yy = tlv->val[2]; 592 break; 593 case INTEL_TLV_LIMITED_CCE: 594 version->limited_cce = tlv->val[0]; 595 break; 596 case INTEL_TLV_SBE_TYPE: 597 version->sbe_type = tlv->val[0]; 598 break; 599 case INTEL_TLV_OTP_BDADDR: 600 memcpy(&version->otp_bd_addr, tlv->val, 601 sizeof(bdaddr_t)); 602 break; 603 default: 604 /* Ignore rest of information */ 605 break; 606 } 607 /* consume the current tlv and move to next*/ 608 skb_pull(skb, tlv->len + sizeof(*tlv)); 609 } 610 611 return 0; 612 } 613 614 static int btintel_read_version_tlv(struct hci_dev *hdev, 615 struct intel_version_tlv *version) 616 { 617 struct sk_buff *skb; 618 const u8 param[1] = { 0xFF }; 619 620 if (!version) 621 return -EINVAL; 622 623 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 624 if (IS_ERR(skb)) { 625 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 626 PTR_ERR(skb)); 627 return PTR_ERR(skb); 628 } 629 630 if (skb->data[0]) { 631 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 632 skb->data[0]); 633 kfree_skb(skb); 634 return -EIO; 635 } 636 637 btintel_parse_version_tlv(hdev, version, skb); 638 639 kfree_skb(skb); 640 return 0; 641 } 642 643 /* ------- REGMAP IBT SUPPORT ------- */ 644 645 #define IBT_REG_MODE_8BIT 0x00 646 #define IBT_REG_MODE_16BIT 0x01 647 #define IBT_REG_MODE_32BIT 0x02 648 649 struct regmap_ibt_context { 650 struct hci_dev *hdev; 651 __u16 op_write; 652 __u16 op_read; 653 }; 654 655 struct ibt_cp_reg_access { 656 __le32 addr; 657 __u8 mode; 658 __u8 len; 659 __u8 data[]; 660 } __packed; 661 662 struct ibt_rp_reg_access { 663 __u8 status; 664 __le32 addr; 665 __u8 data[]; 666 } __packed; 667 668 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, 669 void *val, size_t val_size) 670 { 671 struct regmap_ibt_context *ctx = context; 672 struct ibt_cp_reg_access cp; 673 struct ibt_rp_reg_access *rp; 674 struct sk_buff *skb; 675 int err = 0; 676 677 if (reg_size != sizeof(__le32)) 678 return -EINVAL; 679 680 switch (val_size) { 681 case 1: 682 cp.mode = IBT_REG_MODE_8BIT; 683 break; 684 case 2: 685 cp.mode = IBT_REG_MODE_16BIT; 686 break; 687 case 4: 688 cp.mode = IBT_REG_MODE_32BIT; 689 break; 690 default: 691 return -EINVAL; 692 } 693 694 /* regmap provides a little-endian formatted addr */ 695 cp.addr = *(__le32 *)addr; 696 cp.len = val_size; 697 698 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); 699 700 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, 701 HCI_CMD_TIMEOUT); 702 if (IS_ERR(skb)) { 703 err = PTR_ERR(skb); 704 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", 705 le32_to_cpu(cp.addr), err); 706 return err; 707 } 708 709 if (skb->len != sizeof(*rp) + val_size) { 710 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", 711 le32_to_cpu(cp.addr)); 712 err = -EINVAL; 713 goto done; 714 } 715 716 rp = (struct ibt_rp_reg_access *)skb->data; 717 718 if (rp->addr != cp.addr) { 719 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", 720 le32_to_cpu(rp->addr)); 721 err = -EINVAL; 722 goto done; 723 } 724 725 memcpy(val, rp->data, val_size); 726 727 done: 728 kfree_skb(skb); 729 return err; 730 } 731 732 static int regmap_ibt_gather_write(void *context, 733 const void *addr, size_t reg_size, 734 const void *val, size_t val_size) 735 { 736 struct regmap_ibt_context *ctx = context; 737 struct ibt_cp_reg_access *cp; 738 struct sk_buff *skb; 739 int plen = sizeof(*cp) + val_size; 740 u8 mode; 741 int err = 0; 742 743 if (reg_size != sizeof(__le32)) 744 return -EINVAL; 745 746 switch (val_size) { 747 case 1: 748 mode = IBT_REG_MODE_8BIT; 749 break; 750 case 2: 751 mode = IBT_REG_MODE_16BIT; 752 break; 753 case 4: 754 mode = IBT_REG_MODE_32BIT; 755 break; 756 default: 757 return -EINVAL; 758 } 759 760 cp = kmalloc(plen, GFP_KERNEL); 761 if (!cp) 762 return -ENOMEM; 763 764 /* regmap provides a little-endian formatted addr/value */ 765 cp->addr = *(__le32 *)addr; 766 cp->mode = mode; 767 cp->len = val_size; 768 memcpy(&cp->data, val, val_size); 769 770 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); 771 772 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); 773 if (IS_ERR(skb)) { 774 err = PTR_ERR(skb); 775 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", 776 le32_to_cpu(cp->addr), err); 777 goto done; 778 } 779 kfree_skb(skb); 780 781 done: 782 kfree(cp); 783 return err; 784 } 785 786 static int regmap_ibt_write(void *context, const void *data, size_t count) 787 { 788 /* data contains register+value, since we only support 32bit addr, 789 * minimum data size is 4 bytes. 790 */ 791 if (WARN_ONCE(count < 4, "Invalid register access")) 792 return -EINVAL; 793 794 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); 795 } 796 797 static void regmap_ibt_free_context(void *context) 798 { 799 kfree(context); 800 } 801 802 static const struct regmap_bus regmap_ibt = { 803 .read = regmap_ibt_read, 804 .write = regmap_ibt_write, 805 .gather_write = regmap_ibt_gather_write, 806 .free_context = regmap_ibt_free_context, 807 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, 808 .val_format_endian_default = REGMAP_ENDIAN_LITTLE, 809 }; 810 811 /* Config is the same for all register regions */ 812 static const struct regmap_config regmap_ibt_cfg = { 813 .name = "btintel_regmap", 814 .reg_bits = 32, 815 .val_bits = 32, 816 }; 817 818 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, 819 u16 opcode_write) 820 { 821 struct regmap_ibt_context *ctx; 822 823 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, 824 opcode_write); 825 826 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 827 if (!ctx) 828 return ERR_PTR(-ENOMEM); 829 830 ctx->op_read = opcode_read; 831 ctx->op_write = opcode_write; 832 ctx->hdev = hdev; 833 834 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); 835 } 836 EXPORT_SYMBOL_GPL(btintel_regmap_init); 837 838 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param) 839 { 840 struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 }; 841 struct sk_buff *skb; 842 843 params.boot_param = cpu_to_le32(boot_param); 844 845 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms, 846 HCI_INIT_TIMEOUT); 847 if (IS_ERR(skb)) { 848 bt_dev_err(hdev, "Failed to send Intel Reset command"); 849 return PTR_ERR(skb); 850 } 851 852 kfree_skb(skb); 853 854 return 0; 855 } 856 EXPORT_SYMBOL_GPL(btintel_send_intel_reset); 857 858 int btintel_read_boot_params(struct hci_dev *hdev, 859 struct intel_boot_params *params) 860 { 861 struct sk_buff *skb; 862 863 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); 864 if (IS_ERR(skb)) { 865 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 866 PTR_ERR(skb)); 867 return PTR_ERR(skb); 868 } 869 870 if (skb->len != sizeof(*params)) { 871 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 872 kfree_skb(skb); 873 return -EILSEQ; 874 } 875 876 memcpy(params, skb->data, sizeof(*params)); 877 878 kfree_skb(skb); 879 880 if (params->status) { 881 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)", 882 params->status); 883 return -bt_to_errno(params->status); 884 } 885 886 bt_dev_info(hdev, "Device revision is %u", 887 le16_to_cpu(params->dev_revid)); 888 889 bt_dev_info(hdev, "Secure boot is %s", 890 params->secure_boot ? "enabled" : "disabled"); 891 892 bt_dev_info(hdev, "OTP lock is %s", 893 params->otp_lock ? "enabled" : "disabled"); 894 895 bt_dev_info(hdev, "API lock is %s", 896 params->api_lock ? "enabled" : "disabled"); 897 898 bt_dev_info(hdev, "Debug lock is %s", 899 params->debug_lock ? "enabled" : "disabled"); 900 901 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 902 params->min_fw_build_nn, params->min_fw_build_cw, 903 2000 + params->min_fw_build_yy); 904 905 return 0; 906 } 907 EXPORT_SYMBOL_GPL(btintel_read_boot_params); 908 909 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev, 910 const struct firmware *fw) 911 { 912 int err; 913 914 /* Start the firmware download transaction with the Init fragment 915 * represented by the 128 bytes of CSS header. 916 */ 917 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 918 if (err < 0) { 919 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 920 goto done; 921 } 922 923 /* Send the 256 bytes of public key information from the firmware 924 * as the PKey fragment. 925 */ 926 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 927 if (err < 0) { 928 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 929 goto done; 930 } 931 932 /* Send the 256 bytes of signature information from the firmware 933 * as the Sign fragment. 934 */ 935 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 936 if (err < 0) { 937 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err); 938 goto done; 939 } 940 941 done: 942 return err; 943 } 944 945 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev, 946 const struct firmware *fw) 947 { 948 int err; 949 950 /* Start the firmware download transaction with the Init fragment 951 * represented by the 128 bytes of CSS header. 952 */ 953 err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644); 954 if (err < 0) { 955 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 956 return err; 957 } 958 959 /* Send the 96 bytes of public key information from the firmware 960 * as the PKey fragment. 961 */ 962 err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128); 963 if (err < 0) { 964 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 965 return err; 966 } 967 968 /* Send the 96 bytes of signature information from the firmware 969 * as the Sign fragment 970 */ 971 err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224); 972 if (err < 0) { 973 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 974 err); 975 return err; 976 } 977 return 0; 978 } 979 980 static int btintel_download_firmware_payload(struct hci_dev *hdev, 981 const struct firmware *fw, 982 size_t offset) 983 { 984 int err; 985 const u8 *fw_ptr; 986 u32 frag_len; 987 988 fw_ptr = fw->data + offset; 989 frag_len = 0; 990 err = -EINVAL; 991 992 while (fw_ptr - fw->data < fw->size) { 993 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 994 995 frag_len += sizeof(*cmd) + cmd->plen; 996 997 /* The parameter length of the secure send command requires 998 * a 4 byte alignment. It happens so that the firmware file 999 * contains proper Intel_NOP commands to align the fragments 1000 * as needed. 1001 * 1002 * Send set of commands with 4 byte alignment from the 1003 * firmware data buffer as a single Data fragement. 1004 */ 1005 if (!(frag_len % 4)) { 1006 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 1007 if (err < 0) { 1008 bt_dev_err(hdev, 1009 "Failed to send firmware data (%d)", 1010 err); 1011 goto done; 1012 } 1013 1014 fw_ptr += frag_len; 1015 frag_len = 0; 1016 } 1017 } 1018 1019 done: 1020 return err; 1021 } 1022 1023 static bool btintel_firmware_version(struct hci_dev *hdev, 1024 u8 num, u8 ww, u8 yy, 1025 const struct firmware *fw, 1026 u32 *boot_addr) 1027 { 1028 const u8 *fw_ptr; 1029 1030 fw_ptr = fw->data; 1031 1032 while (fw_ptr - fw->data < fw->size) { 1033 struct hci_command_hdr *cmd = (void *)(fw_ptr); 1034 1035 /* Each SKU has a different reset parameter to use in the 1036 * HCI_Intel_Reset command and it is embedded in the firmware 1037 * data. So, instead of using static value per SKU, check 1038 * the firmware data and save it for later use. 1039 */ 1040 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) { 1041 struct cmd_write_boot_params *params; 1042 1043 params = (void *)(fw_ptr + sizeof(*cmd)); 1044 1045 *boot_addr = le32_to_cpu(params->boot_addr); 1046 1047 bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr); 1048 1049 bt_dev_info(hdev, "Firmware Version: %u-%u.%u", 1050 params->fw_build_num, params->fw_build_ww, 1051 params->fw_build_yy); 1052 1053 return (num == params->fw_build_num && 1054 ww == params->fw_build_ww && 1055 yy == params->fw_build_yy); 1056 } 1057 1058 fw_ptr += sizeof(*cmd) + cmd->plen; 1059 } 1060 1061 return false; 1062 } 1063 1064 int btintel_download_firmware(struct hci_dev *hdev, 1065 struct intel_version *ver, 1066 const struct firmware *fw, 1067 u32 *boot_param) 1068 { 1069 int err; 1070 1071 /* SfP and WsP don't seem to update the firmware version on file 1072 * so version checking is currently not possible. 1073 */ 1074 switch (ver->hw_variant) { 1075 case 0x0b: /* SfP */ 1076 case 0x0c: /* WsP */ 1077 /* Skip version checking */ 1078 break; 1079 default: 1080 1081 /* Skip download if firmware has the same version */ 1082 if (btintel_firmware_version(hdev, ver->fw_build_num, 1083 ver->fw_build_ww, ver->fw_build_yy, 1084 fw, boot_param)) { 1085 bt_dev_info(hdev, "Firmware already loaded"); 1086 /* Return -EALREADY to indicate that the firmware has 1087 * already been loaded. 1088 */ 1089 return -EALREADY; 1090 } 1091 } 1092 1093 /* The firmware variant determines if the device is in bootloader 1094 * mode or is running operational firmware. The value 0x06 identifies 1095 * the bootloader and the value 0x23 identifies the operational 1096 * firmware. 1097 * 1098 * If the firmware version has changed that means it needs to be reset 1099 * to bootloader when operational so the new firmware can be loaded. 1100 */ 1101 if (ver->fw_variant == 0x23) 1102 return -EINVAL; 1103 1104 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1105 if (err) 1106 return err; 1107 1108 return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1109 } 1110 EXPORT_SYMBOL_GPL(btintel_download_firmware); 1111 1112 static int btintel_download_fw_tlv(struct hci_dev *hdev, 1113 struct intel_version_tlv *ver, 1114 const struct firmware *fw, u32 *boot_param, 1115 u8 hw_variant, u8 sbe_type) 1116 { 1117 int err; 1118 u32 css_header_ver; 1119 1120 /* Skip download if firmware has the same version */ 1121 if (btintel_firmware_version(hdev, ver->min_fw_build_nn, 1122 ver->min_fw_build_cw, 1123 ver->min_fw_build_yy, 1124 fw, boot_param)) { 1125 bt_dev_info(hdev, "Firmware already loaded"); 1126 /* Return -EALREADY to indicate that firmware has 1127 * already been loaded. 1128 */ 1129 return -EALREADY; 1130 } 1131 1132 /* The firmware variant determines if the device is in bootloader 1133 * mode or is running operational firmware. The value 0x01 identifies 1134 * the bootloader and the value 0x03 identifies the operational 1135 * firmware. 1136 * 1137 * If the firmware version has changed that means it needs to be reset 1138 * to bootloader when operational so the new firmware can be loaded. 1139 */ 1140 if (ver->img_type == 0x03) 1141 return -EINVAL; 1142 1143 /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support 1144 * only RSA secure boot engine. Hence, the corresponding sfi file will 1145 * have RSA header of 644 bytes followed by Command Buffer. 1146 * 1147 * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA 1148 * secure boot engine. As a result, the corresponding sfi file will 1149 * have RSA header of 644, ECDSA header of 320 bytes followed by 1150 * Command Buffer. 1151 * 1152 * CSS Header byte positions 0x08 to 0x0B represent the CSS Header 1153 * version: RSA(0x00010000) , ECDSA (0x00020000) 1154 */ 1155 css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET); 1156 if (css_header_ver != 0x00010000) { 1157 bt_dev_err(hdev, "Invalid CSS Header version"); 1158 return -EINVAL; 1159 } 1160 1161 if (hw_variant <= 0x14) { 1162 if (sbe_type != 0x00) { 1163 bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)", 1164 hw_variant); 1165 return -EINVAL; 1166 } 1167 1168 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1169 if (err) 1170 return err; 1171 1172 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1173 if (err) 1174 return err; 1175 } else if (hw_variant >= 0x17) { 1176 /* Check if CSS header for ECDSA follows the RSA header */ 1177 if (fw->data[ECDSA_OFFSET] != 0x06) 1178 return -EINVAL; 1179 1180 /* Check if the CSS Header version is ECDSA(0x00020000) */ 1181 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET); 1182 if (css_header_ver != 0x00020000) { 1183 bt_dev_err(hdev, "Invalid CSS Header version"); 1184 return -EINVAL; 1185 } 1186 1187 if (sbe_type == 0x00) { 1188 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1189 if (err) 1190 return err; 1191 1192 err = btintel_download_firmware_payload(hdev, fw, 1193 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1194 if (err) 1195 return err; 1196 } else if (sbe_type == 0x01) { 1197 err = btintel_sfi_ecdsa_header_secure_send(hdev, fw); 1198 if (err) 1199 return err; 1200 1201 err = btintel_download_firmware_payload(hdev, fw, 1202 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1203 if (err) 1204 return err; 1205 } 1206 } 1207 return 0; 1208 } 1209 1210 static void btintel_reset_to_bootloader(struct hci_dev *hdev) 1211 { 1212 struct intel_reset params; 1213 struct sk_buff *skb; 1214 1215 /* Send Intel Reset command. This will result in 1216 * re-enumeration of BT controller. 1217 * 1218 * Intel Reset parameter description: 1219 * reset_type : 0x00 (Soft reset), 1220 * 0x01 (Hard reset) 1221 * patch_enable : 0x00 (Do not enable), 1222 * 0x01 (Enable) 1223 * ddc_reload : 0x00 (Do not reload), 1224 * 0x01 (Reload) 1225 * boot_option: 0x00 (Current image), 1226 * 0x01 (Specified boot address) 1227 * boot_param: Boot address 1228 * 1229 */ 1230 params.reset_type = 0x01; 1231 params.patch_enable = 0x01; 1232 params.ddc_reload = 0x01; 1233 params.boot_option = 0x00; 1234 params.boot_param = cpu_to_le32(0x00000000); 1235 1236 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), 1237 ¶ms, HCI_INIT_TIMEOUT); 1238 if (IS_ERR(skb)) { 1239 bt_dev_err(hdev, "FW download error recovery failed (%ld)", 1240 PTR_ERR(skb)); 1241 return; 1242 } 1243 bt_dev_info(hdev, "Intel reset sent to retry FW download"); 1244 kfree_skb(skb); 1245 1246 /* Current Intel BT controllers(ThP/JfP) hold the USB reset 1247 * lines for 2ms when it receives Intel Reset in bootloader mode. 1248 * Whereas, the upcoming Intel BT controllers will hold USB reset 1249 * for 150ms. To keep the delay generic, 150ms is chosen here. 1250 */ 1251 msleep(150); 1252 } 1253 1254 static int btintel_read_debug_features(struct hci_dev *hdev, 1255 struct intel_debug_features *features) 1256 { 1257 struct sk_buff *skb; 1258 u8 page_no = 1; 1259 1260 /* Intel controller supports two pages, each page is of 128-bit 1261 * feature bit mask. And each bit defines specific feature support 1262 */ 1263 skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no, 1264 HCI_INIT_TIMEOUT); 1265 if (IS_ERR(skb)) { 1266 bt_dev_err(hdev, "Reading supported features failed (%ld)", 1267 PTR_ERR(skb)); 1268 return PTR_ERR(skb); 1269 } 1270 1271 if (skb->len != (sizeof(features->page1) + 3)) { 1272 bt_dev_err(hdev, "Supported features event size mismatch"); 1273 kfree_skb(skb); 1274 return -EILSEQ; 1275 } 1276 1277 memcpy(features->page1, skb->data + 3, sizeof(features->page1)); 1278 1279 /* Read the supported features page2 if required in future. 1280 */ 1281 kfree_skb(skb); 1282 return 0; 1283 } 1284 1285 static acpi_status btintel_ppag_callback(acpi_handle handle, u32 lvl, void *data, 1286 void **ret) 1287 { 1288 acpi_status status; 1289 size_t len; 1290 struct btintel_ppag *ppag = data; 1291 union acpi_object *p, *elements; 1292 struct acpi_buffer string = {ACPI_ALLOCATE_BUFFER, NULL}; 1293 struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL}; 1294 struct hci_dev *hdev = ppag->hdev; 1295 1296 status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &string); 1297 if (ACPI_FAILURE(status)) { 1298 bt_dev_warn(hdev, "ACPI Failure: %s", acpi_format_exception(status)); 1299 return status; 1300 } 1301 1302 if (strncmp(BTINTEL_PPAG_PREFIX, string.pointer, 1303 strlen(BTINTEL_PPAG_PREFIX))) { 1304 kfree(string.pointer); 1305 return AE_OK; 1306 } 1307 1308 len = strlen(string.pointer); 1309 if (strncmp((char *)string.pointer + len - 4, BTINTEL_PPAG_NAME, 4)) { 1310 kfree(string.pointer); 1311 return AE_OK; 1312 } 1313 kfree(string.pointer); 1314 1315 status = acpi_evaluate_object(handle, NULL, NULL, &buffer); 1316 if (ACPI_FAILURE(status)) { 1317 bt_dev_warn(hdev, "ACPI Failure: %s", acpi_format_exception(status)); 1318 return status; 1319 } 1320 1321 p = buffer.pointer; 1322 ppag = (struct btintel_ppag *)data; 1323 1324 if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) { 1325 kfree(buffer.pointer); 1326 bt_dev_warn(hdev, "Invalid object type: %d or package count: %d", 1327 p->type, p->package.count); 1328 return AE_ERROR; 1329 } 1330 1331 elements = p->package.elements; 1332 1333 /* PPAG table is located at element[1] */ 1334 p = &elements[1]; 1335 1336 ppag->domain = (u32)p->package.elements[0].integer.value; 1337 ppag->mode = (u32)p->package.elements[1].integer.value; 1338 kfree(buffer.pointer); 1339 return AE_CTRL_TERMINATE; 1340 } 1341 1342 static int btintel_set_debug_features(struct hci_dev *hdev, 1343 const struct intel_debug_features *features) 1344 { 1345 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00, 1346 0x00, 0x00, 0x00 }; 1347 u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 }; 1348 u8 trace_enable = 0x02; 1349 struct sk_buff *skb; 1350 1351 if (!features) { 1352 bt_dev_warn(hdev, "Debug features not read"); 1353 return -EINVAL; 1354 } 1355 1356 if (!(features->page1[0] & 0x3f)) { 1357 bt_dev_info(hdev, "Telemetry exception format not supported"); 1358 return 0; 1359 } 1360 1361 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1362 if (IS_ERR(skb)) { 1363 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1364 PTR_ERR(skb)); 1365 return PTR_ERR(skb); 1366 } 1367 kfree_skb(skb); 1368 1369 skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT); 1370 if (IS_ERR(skb)) { 1371 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)", 1372 PTR_ERR(skb)); 1373 return PTR_ERR(skb); 1374 } 1375 kfree_skb(skb); 1376 1377 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1378 if (IS_ERR(skb)) { 1379 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)", 1380 PTR_ERR(skb)); 1381 return PTR_ERR(skb); 1382 } 1383 kfree_skb(skb); 1384 1385 bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x", 1386 trace_enable, mask[3]); 1387 1388 return 0; 1389 } 1390 1391 static int btintel_reset_debug_features(struct hci_dev *hdev, 1392 const struct intel_debug_features *features) 1393 { 1394 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 1395 0x00, 0x00, 0x00 }; 1396 u8 trace_enable = 0x00; 1397 struct sk_buff *skb; 1398 1399 if (!features) { 1400 bt_dev_warn(hdev, "Debug features not read"); 1401 return -EINVAL; 1402 } 1403 1404 if (!(features->page1[0] & 0x3f)) { 1405 bt_dev_info(hdev, "Telemetry exception format not supported"); 1406 return 0; 1407 } 1408 1409 /* Should stop the trace before writing ddc event mask. */ 1410 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1411 if (IS_ERR(skb)) { 1412 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)", 1413 PTR_ERR(skb)); 1414 return PTR_ERR(skb); 1415 } 1416 kfree_skb(skb); 1417 1418 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1419 if (IS_ERR(skb)) { 1420 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1421 PTR_ERR(skb)); 1422 return PTR_ERR(skb); 1423 } 1424 kfree_skb(skb); 1425 1426 bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x", 1427 trace_enable, mask[3]); 1428 1429 return 0; 1430 } 1431 1432 int btintel_set_quality_report(struct hci_dev *hdev, bool enable) 1433 { 1434 struct intel_debug_features features; 1435 int err; 1436 1437 bt_dev_dbg(hdev, "enable %d", enable); 1438 1439 /* Read the Intel supported features and if new exception formats 1440 * supported, need to load the additional DDC config to enable. 1441 */ 1442 err = btintel_read_debug_features(hdev, &features); 1443 if (err) 1444 return err; 1445 1446 /* Set or reset the debug features. */ 1447 if (enable) 1448 err = btintel_set_debug_features(hdev, &features); 1449 else 1450 err = btintel_reset_debug_features(hdev, &features); 1451 1452 return err; 1453 } 1454 EXPORT_SYMBOL_GPL(btintel_set_quality_report); 1455 1456 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev, 1457 struct intel_version *ver) 1458 { 1459 const struct firmware *fw; 1460 char fwname[64]; 1461 int ret; 1462 1463 snprintf(fwname, sizeof(fwname), 1464 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1465 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1466 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1467 ver->fw_build_ww, ver->fw_build_yy); 1468 1469 ret = request_firmware(&fw, fwname, &hdev->dev); 1470 if (ret < 0) { 1471 if (ret == -EINVAL) { 1472 bt_dev_err(hdev, "Intel firmware file request failed (%d)", 1473 ret); 1474 return NULL; 1475 } 1476 1477 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)", 1478 fwname, ret); 1479 1480 /* If the correct firmware patch file is not found, use the 1481 * default firmware patch file instead 1482 */ 1483 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1484 ver->hw_platform, ver->hw_variant); 1485 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1486 bt_dev_err(hdev, "failed to open default fw file: %s", 1487 fwname); 1488 return NULL; 1489 } 1490 } 1491 1492 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1493 1494 return fw; 1495 } 1496 1497 static int btintel_legacy_rom_patching(struct hci_dev *hdev, 1498 const struct firmware *fw, 1499 const u8 **fw_ptr, int *disable_patch) 1500 { 1501 struct sk_buff *skb; 1502 struct hci_command_hdr *cmd; 1503 const u8 *cmd_param; 1504 struct hci_event_hdr *evt = NULL; 1505 const u8 *evt_param = NULL; 1506 int remain = fw->size - (*fw_ptr - fw->data); 1507 1508 /* The first byte indicates the types of the patch command or event. 1509 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1510 * in the current firmware buffer doesn't start with 0x01 or 1511 * the size of remain buffer is smaller than HCI command header, 1512 * the firmware file is corrupted and it should stop the patching 1513 * process. 1514 */ 1515 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1516 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read"); 1517 return -EINVAL; 1518 } 1519 (*fw_ptr)++; 1520 remain--; 1521 1522 cmd = (struct hci_command_hdr *)(*fw_ptr); 1523 *fw_ptr += sizeof(*cmd); 1524 remain -= sizeof(*cmd); 1525 1526 /* Ensure that the remain firmware data is long enough than the length 1527 * of command parameter. If not, the firmware file is corrupted. 1528 */ 1529 if (remain < cmd->plen) { 1530 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len"); 1531 return -EFAULT; 1532 } 1533 1534 /* If there is a command that loads a patch in the firmware 1535 * file, then enable the patch upon success, otherwise just 1536 * disable the manufacturer mode, for example patch activation 1537 * is not required when the default firmware patch file is used 1538 * because there are no patch data to load. 1539 */ 1540 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1541 *disable_patch = 0; 1542 1543 cmd_param = *fw_ptr; 1544 *fw_ptr += cmd->plen; 1545 remain -= cmd->plen; 1546 1547 /* This reads the expected events when the above command is sent to the 1548 * device. Some vendor commands expects more than one events, for 1549 * example command status event followed by vendor specific event. 1550 * For this case, it only keeps the last expected event. so the command 1551 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1552 * last expected event. 1553 */ 1554 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1555 (*fw_ptr)++; 1556 remain--; 1557 1558 evt = (struct hci_event_hdr *)(*fw_ptr); 1559 *fw_ptr += sizeof(*evt); 1560 remain -= sizeof(*evt); 1561 1562 if (remain < evt->plen) { 1563 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len"); 1564 return -EFAULT; 1565 } 1566 1567 evt_param = *fw_ptr; 1568 *fw_ptr += evt->plen; 1569 remain -= evt->plen; 1570 } 1571 1572 /* Every HCI commands in the firmware file has its correspond event. 1573 * If event is not found or remain is smaller than zero, the firmware 1574 * file is corrupted. 1575 */ 1576 if (!evt || !evt_param || remain < 0) { 1577 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read"); 1578 return -EFAULT; 1579 } 1580 1581 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1582 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1583 if (IS_ERR(skb)) { 1584 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)", 1585 cmd->opcode, PTR_ERR(skb)); 1586 return PTR_ERR(skb); 1587 } 1588 1589 /* It ensures that the returned event matches the event data read from 1590 * the firmware file. At fist, it checks the length and then 1591 * the contents of the event. 1592 */ 1593 if (skb->len != evt->plen) { 1594 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)", 1595 le16_to_cpu(cmd->opcode)); 1596 kfree_skb(skb); 1597 return -EFAULT; 1598 } 1599 1600 if (memcmp(skb->data, evt_param, evt->plen)) { 1601 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)", 1602 le16_to_cpu(cmd->opcode)); 1603 kfree_skb(skb); 1604 return -EFAULT; 1605 } 1606 kfree_skb(skb); 1607 1608 return 0; 1609 } 1610 1611 static int btintel_legacy_rom_setup(struct hci_dev *hdev, 1612 struct intel_version *ver) 1613 { 1614 const struct firmware *fw; 1615 const u8 *fw_ptr; 1616 int disable_patch, err; 1617 struct intel_version new_ver; 1618 1619 BT_DBG("%s", hdev->name); 1620 1621 /* fw_patch_num indicates the version of patch the device currently 1622 * have. If there is no patch data in the device, it is always 0x00. 1623 * So, if it is other than 0x00, no need to patch the device again. 1624 */ 1625 if (ver->fw_patch_num) { 1626 bt_dev_info(hdev, 1627 "Intel device is already patched. patch num: %02x", 1628 ver->fw_patch_num); 1629 goto complete; 1630 } 1631 1632 /* Opens the firmware patch file based on the firmware version read 1633 * from the controller. If it fails to open the matching firmware 1634 * patch file, it tries to open the default firmware patch file. 1635 * If no patch file is found, allow the device to operate without 1636 * a patch. 1637 */ 1638 fw = btintel_legacy_rom_get_fw(hdev, ver); 1639 if (!fw) 1640 goto complete; 1641 fw_ptr = fw->data; 1642 1643 /* Enable the manufacturer mode of the controller. 1644 * Only while this mode is enabled, the driver can download the 1645 * firmware patch data and configuration parameters. 1646 */ 1647 err = btintel_enter_mfg(hdev); 1648 if (err) { 1649 release_firmware(fw); 1650 return err; 1651 } 1652 1653 disable_patch = 1; 1654 1655 /* The firmware data file consists of list of Intel specific HCI 1656 * commands and its expected events. The first byte indicates the 1657 * type of the message, either HCI command or HCI event. 1658 * 1659 * It reads the command and its expected event from the firmware file, 1660 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1661 * the returned event is compared with the event read from the firmware 1662 * file and it will continue until all the messages are downloaded to 1663 * the controller. 1664 * 1665 * Once the firmware patching is completed successfully, 1666 * the manufacturer mode is disabled with reset and activating the 1667 * downloaded patch. 1668 * 1669 * If the firmware patching fails, the manufacturer mode is 1670 * disabled with reset and deactivating the patch. 1671 * 1672 * If the default patch file is used, no reset is done when disabling 1673 * the manufacturer. 1674 */ 1675 while (fw->size > fw_ptr - fw->data) { 1676 int ret; 1677 1678 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr, 1679 &disable_patch); 1680 if (ret < 0) 1681 goto exit_mfg_deactivate; 1682 } 1683 1684 release_firmware(fw); 1685 1686 if (disable_patch) 1687 goto exit_mfg_disable; 1688 1689 /* Patching completed successfully and disable the manufacturer mode 1690 * with reset and activate the downloaded firmware patches. 1691 */ 1692 err = btintel_exit_mfg(hdev, true, true); 1693 if (err) 1694 return err; 1695 1696 /* Need build number for downloaded fw patches in 1697 * every power-on boot 1698 */ 1699 err = btintel_read_version(hdev, &new_ver); 1700 if (err) 1701 return err; 1702 1703 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated", 1704 new_ver.fw_patch_num); 1705 1706 goto complete; 1707 1708 exit_mfg_disable: 1709 /* Disable the manufacturer mode without reset */ 1710 err = btintel_exit_mfg(hdev, false, false); 1711 if (err) 1712 return err; 1713 1714 bt_dev_info(hdev, "Intel firmware patch completed"); 1715 1716 goto complete; 1717 1718 exit_mfg_deactivate: 1719 release_firmware(fw); 1720 1721 /* Patching failed. Disable the manufacturer mode with reset and 1722 * deactivate the downloaded firmware patches. 1723 */ 1724 err = btintel_exit_mfg(hdev, true, false); 1725 if (err) 1726 return err; 1727 1728 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1729 1730 complete: 1731 /* Set the event mask for Intel specific vendor events. This enables 1732 * a few extra events that are useful during general operation. 1733 */ 1734 btintel_set_event_mask_mfg(hdev, false); 1735 1736 btintel_check_bdaddr(hdev); 1737 1738 return 0; 1739 } 1740 1741 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1742 { 1743 ktime_t delta, rettime; 1744 unsigned long long duration; 1745 int err; 1746 1747 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1748 1749 bt_dev_info(hdev, "Waiting for firmware download to complete"); 1750 1751 err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING, 1752 TASK_INTERRUPTIBLE, 1753 msecs_to_jiffies(msec)); 1754 if (err == -EINTR) { 1755 bt_dev_err(hdev, "Firmware loading interrupted"); 1756 return err; 1757 } 1758 1759 if (err) { 1760 bt_dev_err(hdev, "Firmware loading timeout"); 1761 return -ETIMEDOUT; 1762 } 1763 1764 if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) { 1765 bt_dev_err(hdev, "Firmware loading failed"); 1766 return -ENOEXEC; 1767 } 1768 1769 rettime = ktime_get(); 1770 delta = ktime_sub(rettime, calltime); 1771 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1772 1773 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 1774 1775 return 0; 1776 } 1777 1778 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1779 { 1780 ktime_t delta, rettime; 1781 unsigned long long duration; 1782 int err; 1783 1784 bt_dev_info(hdev, "Waiting for device to boot"); 1785 1786 err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING, 1787 TASK_INTERRUPTIBLE, 1788 msecs_to_jiffies(msec)); 1789 if (err == -EINTR) { 1790 bt_dev_err(hdev, "Device boot interrupted"); 1791 return -EINTR; 1792 } 1793 1794 if (err) { 1795 bt_dev_err(hdev, "Device boot timeout"); 1796 return -ETIMEDOUT; 1797 } 1798 1799 rettime = ktime_get(); 1800 delta = ktime_sub(rettime, calltime); 1801 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 1802 1803 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 1804 1805 return 0; 1806 } 1807 1808 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr) 1809 { 1810 ktime_t calltime; 1811 int err; 1812 1813 calltime = ktime_get(); 1814 1815 btintel_set_flag(hdev, INTEL_BOOTING); 1816 1817 err = btintel_send_intel_reset(hdev, boot_addr); 1818 if (err) { 1819 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err); 1820 btintel_reset_to_bootloader(hdev); 1821 return err; 1822 } 1823 1824 /* The bootloader will not indicate when the device is ready. This 1825 * is done by the operational firmware sending bootup notification. 1826 * 1827 * Booting into operational firmware should not take longer than 1828 * 1 second. However if that happens, then just fail the setup 1829 * since something went wrong. 1830 */ 1831 err = btintel_boot_wait(hdev, calltime, 1000); 1832 if (err == -ETIMEDOUT) 1833 btintel_reset_to_bootloader(hdev); 1834 1835 return err; 1836 } 1837 1838 static int btintel_get_fw_name(struct intel_version *ver, 1839 struct intel_boot_params *params, 1840 char *fw_name, size_t len, 1841 const char *suffix) 1842 { 1843 switch (ver->hw_variant) { 1844 case 0x0b: /* SfP */ 1845 case 0x0c: /* WsP */ 1846 snprintf(fw_name, len, "intel/ibt-%u-%u.%s", 1847 ver->hw_variant, 1848 le16_to_cpu(params->dev_revid), 1849 suffix); 1850 break; 1851 case 0x11: /* JfP */ 1852 case 0x12: /* ThP */ 1853 case 0x13: /* HrP */ 1854 case 0x14: /* CcP */ 1855 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s", 1856 ver->hw_variant, 1857 ver->hw_revision, 1858 ver->fw_revision, 1859 suffix); 1860 break; 1861 default: 1862 return -EINVAL; 1863 } 1864 1865 return 0; 1866 } 1867 1868 static int btintel_download_fw(struct hci_dev *hdev, 1869 struct intel_version *ver, 1870 struct intel_boot_params *params, 1871 u32 *boot_param) 1872 { 1873 const struct firmware *fw; 1874 char fwname[64]; 1875 int err; 1876 ktime_t calltime; 1877 1878 if (!ver || !params) 1879 return -EINVAL; 1880 1881 /* The firmware variant determines if the device is in bootloader 1882 * mode or is running operational firmware. The value 0x06 identifies 1883 * the bootloader and the value 0x23 identifies the operational 1884 * firmware. 1885 * 1886 * When the operational firmware is already present, then only 1887 * the check for valid Bluetooth device address is needed. This 1888 * determines if the device will be added as configured or 1889 * unconfigured controller. 1890 * 1891 * It is not possible to use the Secure Boot Parameters in this 1892 * case since that command is only available in bootloader mode. 1893 */ 1894 if (ver->fw_variant == 0x23) { 1895 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 1896 btintel_check_bdaddr(hdev); 1897 1898 /* SfP and WsP don't seem to update the firmware version on file 1899 * so version checking is currently possible. 1900 */ 1901 switch (ver->hw_variant) { 1902 case 0x0b: /* SfP */ 1903 case 0x0c: /* WsP */ 1904 return 0; 1905 } 1906 1907 /* Proceed to download to check if the version matches */ 1908 goto download; 1909 } 1910 1911 /* Read the secure boot parameters to identify the operating 1912 * details of the bootloader. 1913 */ 1914 err = btintel_read_boot_params(hdev, params); 1915 if (err) 1916 return err; 1917 1918 /* It is required that every single firmware fragment is acknowledged 1919 * with a command complete event. If the boot parameters indicate 1920 * that this bootloader does not send them, then abort the setup. 1921 */ 1922 if (params->limited_cce != 0x00) { 1923 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 1924 params->limited_cce); 1925 return -EINVAL; 1926 } 1927 1928 /* If the OTP has no valid Bluetooth device address, then there will 1929 * also be no valid address for the operational firmware. 1930 */ 1931 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 1932 bt_dev_info(hdev, "No device address configured"); 1933 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1934 } 1935 1936 download: 1937 /* With this Intel bootloader only the hardware variant and device 1938 * revision information are used to select the right firmware for SfP 1939 * and WsP. 1940 * 1941 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 1942 * 1943 * Currently the supported hardware variants are: 1944 * 11 (0x0b) for iBT3.0 (LnP/SfP) 1945 * 12 (0x0c) for iBT3.5 (WsP) 1946 * 1947 * For ThP/JfP and for future SKU's, the FW name varies based on HW 1948 * variant, HW revision and FW revision, as these are dependent on CNVi 1949 * and RF Combination. 1950 * 1951 * 17 (0x11) for iBT3.5 (JfP) 1952 * 18 (0x12) for iBT3.5 (ThP) 1953 * 1954 * The firmware file name for these will be 1955 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 1956 * 1957 */ 1958 err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi"); 1959 if (err < 0) { 1960 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1961 /* Firmware has already been loaded */ 1962 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1963 return 0; 1964 } 1965 1966 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 1967 return -EINVAL; 1968 } 1969 1970 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 1971 if (err < 0) { 1972 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1973 /* Firmware has already been loaded */ 1974 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1975 return 0; 1976 } 1977 1978 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 1979 fwname, err); 1980 return err; 1981 } 1982 1983 bt_dev_info(hdev, "Found device firmware: %s", fwname); 1984 1985 if (fw->size < 644) { 1986 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 1987 fw->size); 1988 err = -EBADF; 1989 goto done; 1990 } 1991 1992 calltime = ktime_get(); 1993 1994 btintel_set_flag(hdev, INTEL_DOWNLOADING); 1995 1996 /* Start firmware downloading and get boot parameter */ 1997 err = btintel_download_firmware(hdev, ver, fw, boot_param); 1998 if (err < 0) { 1999 if (err == -EALREADY) { 2000 /* Firmware has already been loaded */ 2001 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2002 err = 0; 2003 goto done; 2004 } 2005 2006 /* When FW download fails, send Intel Reset to retry 2007 * FW download. 2008 */ 2009 btintel_reset_to_bootloader(hdev); 2010 goto done; 2011 } 2012 2013 /* Before switching the device into operational mode and with that 2014 * booting the loaded firmware, wait for the bootloader notification 2015 * that all fragments have been successfully received. 2016 * 2017 * When the event processing receives the notification, then the 2018 * INTEL_DOWNLOADING flag will be cleared. 2019 * 2020 * The firmware loading should not take longer than 5 seconds 2021 * and thus just timeout if that happens and fail the setup 2022 * of this device. 2023 */ 2024 err = btintel_download_wait(hdev, calltime, 5000); 2025 if (err == -ETIMEDOUT) 2026 btintel_reset_to_bootloader(hdev); 2027 2028 done: 2029 release_firmware(fw); 2030 return err; 2031 } 2032 2033 static int btintel_bootloader_setup(struct hci_dev *hdev, 2034 struct intel_version *ver) 2035 { 2036 struct intel_version new_ver; 2037 struct intel_boot_params params; 2038 u32 boot_param; 2039 char ddcname[64]; 2040 int err; 2041 2042 BT_DBG("%s", hdev->name); 2043 2044 /* Set the default boot parameter to 0x0 and it is updated to 2045 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2046 * command while downloading the firmware. 2047 */ 2048 boot_param = 0x00000000; 2049 2050 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2051 2052 err = btintel_download_fw(hdev, ver, ¶ms, &boot_param); 2053 if (err) 2054 return err; 2055 2056 /* controller is already having an operational firmware */ 2057 if (ver->fw_variant == 0x23) 2058 goto finish; 2059 2060 err = btintel_boot(hdev, boot_param); 2061 if (err) 2062 return err; 2063 2064 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2065 2066 err = btintel_get_fw_name(ver, ¶ms, ddcname, 2067 sizeof(ddcname), "ddc"); 2068 2069 if (err < 0) { 2070 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2071 } else { 2072 /* Once the device is running in operational mode, it needs to 2073 * apply the device configuration (DDC) parameters. 2074 * 2075 * The device can work without DDC parameters, so even if it 2076 * fails to load the file, no need to fail the setup. 2077 */ 2078 btintel_load_ddc_config(hdev, ddcname); 2079 } 2080 2081 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2082 2083 /* Read the Intel version information after loading the FW */ 2084 err = btintel_read_version(hdev, &new_ver); 2085 if (err) 2086 return err; 2087 2088 btintel_version_info(hdev, &new_ver); 2089 2090 finish: 2091 /* Set the event mask for Intel specific vendor events. This enables 2092 * a few extra events that are useful during general operation. It 2093 * does not enable any debugging related events. 2094 * 2095 * The device will function correctly without these events enabled 2096 * and thus no need to fail the setup. 2097 */ 2098 btintel_set_event_mask(hdev, false); 2099 2100 return 0; 2101 } 2102 2103 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver, 2104 char *fw_name, size_t len, 2105 const char *suffix) 2106 { 2107 /* The firmware file name for new generation controllers will be 2108 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step> 2109 */ 2110 snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s", 2111 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top), 2112 INTEL_CNVX_TOP_STEP(ver->cnvi_top)), 2113 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top), 2114 INTEL_CNVX_TOP_STEP(ver->cnvr_top)), 2115 suffix); 2116 } 2117 2118 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev, 2119 struct intel_version_tlv *ver, 2120 u32 *boot_param) 2121 { 2122 const struct firmware *fw; 2123 char fwname[64]; 2124 int err; 2125 ktime_t calltime; 2126 2127 if (!ver || !boot_param) 2128 return -EINVAL; 2129 2130 /* The firmware variant determines if the device is in bootloader 2131 * mode or is running operational firmware. The value 0x03 identifies 2132 * the bootloader and the value 0x23 identifies the operational 2133 * firmware. 2134 * 2135 * When the operational firmware is already present, then only 2136 * the check for valid Bluetooth device address is needed. This 2137 * determines if the device will be added as configured or 2138 * unconfigured controller. 2139 * 2140 * It is not possible to use the Secure Boot Parameters in this 2141 * case since that command is only available in bootloader mode. 2142 */ 2143 if (ver->img_type == 0x03) { 2144 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2145 btintel_check_bdaddr(hdev); 2146 } else { 2147 /* 2148 * Check for valid bd address in boot loader mode. Device 2149 * will be marked as unconfigured if empty bd address is 2150 * found. 2151 */ 2152 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) { 2153 bt_dev_info(hdev, "No device address configured"); 2154 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2155 } 2156 } 2157 2158 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi"); 2159 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 2160 if (err < 0) { 2161 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2162 /* Firmware has already been loaded */ 2163 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2164 return 0; 2165 } 2166 2167 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 2168 fwname, err); 2169 2170 return err; 2171 } 2172 2173 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2174 2175 if (fw->size < 644) { 2176 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 2177 fw->size); 2178 err = -EBADF; 2179 goto done; 2180 } 2181 2182 calltime = ktime_get(); 2183 2184 btintel_set_flag(hdev, INTEL_DOWNLOADING); 2185 2186 /* Start firmware downloading and get boot parameter */ 2187 err = btintel_download_fw_tlv(hdev, ver, fw, boot_param, 2188 INTEL_HW_VARIANT(ver->cnvi_bt), 2189 ver->sbe_type); 2190 if (err < 0) { 2191 if (err == -EALREADY) { 2192 /* Firmware has already been loaded */ 2193 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2194 err = 0; 2195 goto done; 2196 } 2197 2198 /* When FW download fails, send Intel Reset to retry 2199 * FW download. 2200 */ 2201 btintel_reset_to_bootloader(hdev); 2202 goto done; 2203 } 2204 2205 /* Before switching the device into operational mode and with that 2206 * booting the loaded firmware, wait for the bootloader notification 2207 * that all fragments have been successfully received. 2208 * 2209 * When the event processing receives the notification, then the 2210 * BTUSB_DOWNLOADING flag will be cleared. 2211 * 2212 * The firmware loading should not take longer than 5 seconds 2213 * and thus just timeout if that happens and fail the setup 2214 * of this device. 2215 */ 2216 err = btintel_download_wait(hdev, calltime, 5000); 2217 if (err == -ETIMEDOUT) 2218 btintel_reset_to_bootloader(hdev); 2219 2220 done: 2221 release_firmware(fw); 2222 return err; 2223 } 2224 2225 static int btintel_get_codec_config_data(struct hci_dev *hdev, 2226 __u8 link, struct bt_codec *codec, 2227 __u8 *ven_len, __u8 **ven_data) 2228 { 2229 int err = 0; 2230 2231 if (!ven_data || !ven_len) 2232 return -EINVAL; 2233 2234 *ven_len = 0; 2235 *ven_data = NULL; 2236 2237 if (link != ESCO_LINK) { 2238 bt_dev_err(hdev, "Invalid link type(%u)", link); 2239 return -EINVAL; 2240 } 2241 2242 *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL); 2243 if (!*ven_data) { 2244 err = -ENOMEM; 2245 goto error; 2246 } 2247 2248 /* supports only CVSD and mSBC offload codecs */ 2249 switch (codec->id) { 2250 case 0x02: 2251 **ven_data = 0x00; 2252 break; 2253 case 0x05: 2254 **ven_data = 0x01; 2255 break; 2256 default: 2257 err = -EINVAL; 2258 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id); 2259 goto error; 2260 } 2261 /* codec and its capabilities are pre-defined to ids 2262 * preset id = 0x00 represents CVSD codec with sampling rate 8K 2263 * preset id = 0x01 represents mSBC codec with sampling rate 16K 2264 */ 2265 *ven_len = sizeof(__u8); 2266 return err; 2267 2268 error: 2269 kfree(*ven_data); 2270 *ven_data = NULL; 2271 return err; 2272 } 2273 2274 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id) 2275 { 2276 /* Intel uses 1 as data path id for all the usecases */ 2277 *data_path_id = 1; 2278 return 0; 2279 } 2280 2281 static int btintel_configure_offload(struct hci_dev *hdev) 2282 { 2283 struct sk_buff *skb; 2284 int err = 0; 2285 struct intel_offload_use_cases *use_cases; 2286 2287 skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT); 2288 if (IS_ERR(skb)) { 2289 bt_dev_err(hdev, "Reading offload use cases failed (%ld)", 2290 PTR_ERR(skb)); 2291 return PTR_ERR(skb); 2292 } 2293 2294 if (skb->len < sizeof(*use_cases)) { 2295 err = -EIO; 2296 goto error; 2297 } 2298 2299 use_cases = (void *)skb->data; 2300 2301 if (use_cases->status) { 2302 err = -bt_to_errno(skb->data[0]); 2303 goto error; 2304 } 2305 2306 if (use_cases->preset[0] & 0x03) { 2307 hdev->get_data_path_id = btintel_get_data_path_id; 2308 hdev->get_codec_config_data = btintel_get_codec_config_data; 2309 } 2310 error: 2311 kfree_skb(skb); 2312 return err; 2313 } 2314 2315 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver) 2316 { 2317 acpi_status status; 2318 struct btintel_ppag ppag; 2319 struct sk_buff *skb; 2320 struct btintel_loc_aware_reg ppag_cmd; 2321 2322 /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */ 2323 switch (ver->cnvr_top & 0xFFF) { 2324 case 0x504: /* Hrp2 */ 2325 case 0x202: /* Jfp2 */ 2326 case 0x201: /* Jfp1 */ 2327 return; 2328 } 2329 2330 memset(&ppag, 0, sizeof(ppag)); 2331 2332 ppag.hdev = hdev; 2333 status = acpi_walk_namespace(ACPI_TYPE_ANY, ACPI_ROOT_OBJECT, 2334 ACPI_UINT32_MAX, NULL, 2335 btintel_ppag_callback, &ppag, NULL); 2336 2337 if (ACPI_FAILURE(status)) { 2338 /* Do not log warning message if ACPI entry is not found */ 2339 if (status == AE_NOT_FOUND) 2340 return; 2341 bt_dev_warn(hdev, "PPAG: ACPI Failure: %s", acpi_format_exception(status)); 2342 return; 2343 } 2344 2345 if (ppag.domain != 0x12) { 2346 bt_dev_warn(hdev, "PPAG-BT Domain disabled"); 2347 return; 2348 } 2349 2350 /* PPAG mode, BIT0 = 0 Disabled, BIT0 = 1 Enabled */ 2351 if (!(ppag.mode & BIT(0))) { 2352 bt_dev_dbg(hdev, "PPAG disabled"); 2353 return; 2354 } 2355 2356 ppag_cmd.mcc = cpu_to_le32(0); 2357 ppag_cmd.sel = cpu_to_le32(0); /* 0 - Enable , 1 - Disable, 2 - Testing mode */ 2358 ppag_cmd.delta = cpu_to_le32(0); 2359 skb = __hci_cmd_sync(hdev, 0xfe19, sizeof(ppag_cmd), &ppag_cmd, HCI_CMD_TIMEOUT); 2360 if (IS_ERR(skb)) { 2361 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb)); 2362 return; 2363 } 2364 kfree_skb(skb); 2365 } 2366 2367 static int btintel_bootloader_setup_tlv(struct hci_dev *hdev, 2368 struct intel_version_tlv *ver) 2369 { 2370 u32 boot_param; 2371 char ddcname[64]; 2372 int err; 2373 struct intel_version_tlv new_ver; 2374 2375 bt_dev_dbg(hdev, ""); 2376 2377 /* Set the default boot parameter to 0x0 and it is updated to 2378 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2379 * command while downloading the firmware. 2380 */ 2381 boot_param = 0x00000000; 2382 2383 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2384 2385 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param); 2386 if (err) 2387 return err; 2388 2389 /* check if controller is already having an operational firmware */ 2390 if (ver->img_type == 0x03) 2391 goto finish; 2392 2393 err = btintel_boot(hdev, boot_param); 2394 if (err) 2395 return err; 2396 2397 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2398 2399 btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc"); 2400 /* Once the device is running in operational mode, it needs to 2401 * apply the device configuration (DDC) parameters. 2402 * 2403 * The device can work without DDC parameters, so even if it 2404 * fails to load the file, no need to fail the setup. 2405 */ 2406 btintel_load_ddc_config(hdev, ddcname); 2407 2408 /* Read supported use cases and set callbacks to fetch datapath id */ 2409 btintel_configure_offload(hdev); 2410 2411 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2412 2413 /* Set PPAG feature */ 2414 btintel_set_ppag(hdev, ver); 2415 2416 /* Read the Intel version information after loading the FW */ 2417 err = btintel_read_version_tlv(hdev, &new_ver); 2418 if (err) 2419 return err; 2420 2421 btintel_version_info_tlv(hdev, &new_ver); 2422 2423 finish: 2424 /* Set the event mask for Intel specific vendor events. This enables 2425 * a few extra events that are useful during general operation. It 2426 * does not enable any debugging related events. 2427 * 2428 * The device will function correctly without these events enabled 2429 * and thus no need to fail the setup. 2430 */ 2431 btintel_set_event_mask(hdev, false); 2432 2433 return 0; 2434 } 2435 2436 static void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant) 2437 { 2438 switch (hw_variant) { 2439 /* Legacy bootloader devices that supports MSFT Extension */ 2440 case 0x11: /* JfP */ 2441 case 0x12: /* ThP */ 2442 case 0x13: /* HrP */ 2443 case 0x14: /* CcP */ 2444 /* All Intel new genration controllers support the Microsoft vendor 2445 * extension are using 0xFC1E for VsMsftOpCode. 2446 */ 2447 case 0x17: 2448 case 0x18: 2449 case 0x19: 2450 case 0x1b: 2451 hci_set_msft_opcode(hdev, 0xFC1E); 2452 break; 2453 default: 2454 /* Not supported */ 2455 break; 2456 } 2457 } 2458 2459 static int btintel_setup_combined(struct hci_dev *hdev) 2460 { 2461 const u8 param[1] = { 0xFF }; 2462 struct intel_version ver; 2463 struct intel_version_tlv ver_tlv; 2464 struct sk_buff *skb; 2465 int err; 2466 2467 BT_DBG("%s", hdev->name); 2468 2469 /* The some controllers have a bug with the first HCI command sent to it 2470 * returning number of completed commands as zero. This would stall the 2471 * command processing in the Bluetooth core. 2472 * 2473 * As a workaround, send HCI Reset command first which will reset the 2474 * number of completed commands and allow normal command processing 2475 * from now on. 2476 * 2477 * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe 2478 * in the SW_RFKILL ON state as a workaround of fixing LED issue during 2479 * the shutdown() procedure, and once the device is in SW_RFKILL ON 2480 * state, the only way to exit out of it is sending the HCI_Reset 2481 * command. 2482 */ 2483 if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) || 2484 btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2485 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, 2486 HCI_INIT_TIMEOUT); 2487 if (IS_ERR(skb)) { 2488 bt_dev_err(hdev, 2489 "sending initial HCI reset failed (%ld)", 2490 PTR_ERR(skb)); 2491 return PTR_ERR(skb); 2492 } 2493 kfree_skb(skb); 2494 } 2495 2496 /* Starting from TyP device, the command parameter and response are 2497 * changed even though the OCF for HCI_Intel_Read_Version command 2498 * remains same. The legacy devices can handle even if the 2499 * command has a parameter and returns a correct version information. 2500 * So, it uses new format to support both legacy and new format. 2501 */ 2502 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 2503 if (IS_ERR(skb)) { 2504 bt_dev_err(hdev, "Reading Intel version command failed (%ld)", 2505 PTR_ERR(skb)); 2506 return PTR_ERR(skb); 2507 } 2508 2509 /* Check the status */ 2510 if (skb->data[0]) { 2511 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 2512 skb->data[0]); 2513 err = -EIO; 2514 goto exit_error; 2515 } 2516 2517 /* Apply the common HCI quirks for Intel device */ 2518 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2519 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2520 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 2521 2522 /* Set up the quality report callback for Intel devices */ 2523 hdev->set_quality_report = btintel_set_quality_report; 2524 2525 /* For Legacy device, check the HW platform value and size */ 2526 if (skb->len == sizeof(ver) && skb->data[1] == 0x37) { 2527 bt_dev_dbg(hdev, "Read the legacy Intel version information"); 2528 2529 memcpy(&ver, skb->data, sizeof(ver)); 2530 2531 /* Display version information */ 2532 btintel_version_info(hdev, &ver); 2533 2534 /* Check for supported iBT hardware variants of this firmware 2535 * loading method. 2536 * 2537 * This check has been put in place to ensure correct forward 2538 * compatibility options when newer hardware variants come 2539 * along. 2540 */ 2541 switch (ver.hw_variant) { 2542 case 0x07: /* WP */ 2543 case 0x08: /* StP */ 2544 /* Legacy ROM product */ 2545 btintel_set_flag(hdev, INTEL_ROM_LEGACY); 2546 2547 /* Apply the device specific HCI quirks 2548 * 2549 * WBS for SdP - For the Legacy ROM products, only SdP 2550 * supports the WBS. But the version information is not 2551 * enough to use here because the StP2 and SdP have same 2552 * hw_variant and fw_variant. So, this flag is set by 2553 * the transport driver (btusb) based on the HW info 2554 * (idProduct) 2555 */ 2556 if (!btintel_test_flag(hdev, 2557 INTEL_ROM_LEGACY_NO_WBS_SUPPORT)) 2558 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2559 &hdev->quirks); 2560 if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22) 2561 set_bit(HCI_QUIRK_VALID_LE_STATES, 2562 &hdev->quirks); 2563 2564 err = btintel_legacy_rom_setup(hdev, &ver); 2565 break; 2566 case 0x0b: /* SfP */ 2567 case 0x11: /* JfP */ 2568 case 0x12: /* ThP */ 2569 case 0x13: /* HrP */ 2570 case 0x14: /* CcP */ 2571 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2572 fallthrough; 2573 case 0x0c: /* WsP */ 2574 /* Apply the device specific HCI quirks 2575 * 2576 * All Legacy bootloader devices support WBS 2577 */ 2578 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2579 &hdev->quirks); 2580 2581 /* Setup MSFT Extension support */ 2582 btintel_set_msft_opcode(hdev, ver.hw_variant); 2583 2584 err = btintel_bootloader_setup(hdev, &ver); 2585 break; 2586 default: 2587 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2588 ver.hw_variant); 2589 err = -EINVAL; 2590 } 2591 2592 goto exit_error; 2593 } 2594 2595 /* memset ver_tlv to start with clean state as few fields are exclusive 2596 * to bootloader mode and are not populated in operational mode 2597 */ 2598 memset(&ver_tlv, 0, sizeof(ver_tlv)); 2599 /* For TLV type device, parse the tlv data */ 2600 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); 2601 if (err) { 2602 bt_dev_err(hdev, "Failed to parse TLV version information"); 2603 goto exit_error; 2604 } 2605 2606 if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) { 2607 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 2608 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); 2609 err = -EINVAL; 2610 goto exit_error; 2611 } 2612 2613 /* Check for supported iBT hardware variants of this firmware 2614 * loading method. 2615 * 2616 * This check has been put in place to ensure correct forward 2617 * compatibility options when newer hardware variants come 2618 * along. 2619 */ 2620 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { 2621 case 0x11: /* JfP */ 2622 case 0x12: /* ThP */ 2623 case 0x13: /* HrP */ 2624 case 0x14: /* CcP */ 2625 /* Some legacy bootloader devices starting from JfP, 2626 * the operational firmware supports both old and TLV based 2627 * HCI_Intel_Read_Version command based on the command 2628 * parameter. 2629 * 2630 * For upgrading firmware case, the TLV based version cannot 2631 * be used because the firmware filename for legacy bootloader 2632 * is based on the old format. 2633 * 2634 * Also, it is not easy to convert TLV based version from the 2635 * legacy version format. 2636 * 2637 * So, as a workaround for those devices, use the legacy 2638 * HCI_Intel_Read_Version to get the version information and 2639 * run the legacy bootloader setup. 2640 */ 2641 err = btintel_read_version(hdev, &ver); 2642 if (err) 2643 break; 2644 2645 /* Apply the device specific HCI quirks 2646 * 2647 * All Legacy bootloader devices support WBS 2648 */ 2649 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2650 2651 /* Set Valid LE States quirk */ 2652 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2653 2654 /* Setup MSFT Extension support */ 2655 btintel_set_msft_opcode(hdev, ver.hw_variant); 2656 2657 err = btintel_bootloader_setup(hdev, &ver); 2658 break; 2659 case 0x17: 2660 case 0x18: 2661 case 0x19: 2662 case 0x1b: 2663 /* Display version information of TLV type */ 2664 btintel_version_info_tlv(hdev, &ver_tlv); 2665 2666 /* Apply the device specific HCI quirks for TLV based devices 2667 * 2668 * All TLV based devices support WBS 2669 */ 2670 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2671 2672 /* Valid LE States quirk for GfP */ 2673 if (INTEL_HW_VARIANT(ver_tlv.cnvi_bt) == 0x18) 2674 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2675 2676 /* Setup MSFT Extension support */ 2677 btintel_set_msft_opcode(hdev, 2678 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2679 2680 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); 2681 break; 2682 default: 2683 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2684 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2685 err = -EINVAL; 2686 break; 2687 } 2688 2689 exit_error: 2690 kfree_skb(skb); 2691 2692 return err; 2693 } 2694 2695 static int btintel_shutdown_combined(struct hci_dev *hdev) 2696 { 2697 struct sk_buff *skb; 2698 int ret; 2699 2700 /* Send HCI Reset to the controller to stop any BT activity which 2701 * were triggered. This will help to save power and maintain the 2702 * sync b/w Host and controller 2703 */ 2704 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 2705 if (IS_ERR(skb)) { 2706 bt_dev_err(hdev, "HCI reset during shutdown failed"); 2707 return PTR_ERR(skb); 2708 } 2709 kfree_skb(skb); 2710 2711 2712 /* Some platforms have an issue with BT LED when the interface is 2713 * down or BT radio is turned off, which takes 5 seconds to BT LED 2714 * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the 2715 * device in the RFKILL ON state which turns off the BT LED immediately. 2716 */ 2717 if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2718 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2719 if (IS_ERR(skb)) { 2720 ret = PTR_ERR(skb); 2721 bt_dev_err(hdev, "turning off Intel device LED failed"); 2722 return ret; 2723 } 2724 kfree_skb(skb); 2725 } 2726 2727 return 0; 2728 } 2729 2730 int btintel_configure_setup(struct hci_dev *hdev) 2731 { 2732 hdev->manufacturer = 2; 2733 hdev->setup = btintel_setup_combined; 2734 hdev->shutdown = btintel_shutdown_combined; 2735 hdev->hw_error = btintel_hw_error; 2736 hdev->set_diag = btintel_set_diag_combined; 2737 hdev->set_bdaddr = btintel_set_bdaddr; 2738 2739 return 0; 2740 } 2741 EXPORT_SYMBOL_GPL(btintel_configure_setup); 2742 2743 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len) 2744 { 2745 const struct intel_bootup *evt = ptr; 2746 2747 if (len != sizeof(*evt)) 2748 return; 2749 2750 if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING)) 2751 btintel_wake_up_flag(hdev, INTEL_BOOTING); 2752 } 2753 EXPORT_SYMBOL_GPL(btintel_bootup); 2754 2755 void btintel_secure_send_result(struct hci_dev *hdev, 2756 const void *ptr, unsigned int len) 2757 { 2758 const struct intel_secure_send_result *evt = ptr; 2759 2760 if (len != sizeof(*evt)) 2761 return; 2762 2763 if (evt->result) 2764 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED); 2765 2766 if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) && 2767 btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED)) 2768 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING); 2769 } 2770 EXPORT_SYMBOL_GPL(btintel_secure_send_result); 2771 2772 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2773 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 2774 MODULE_VERSION(VERSION); 2775 MODULE_LICENSE("GPL"); 2776 MODULE_FIRMWARE("intel/ibt-11-5.sfi"); 2777 MODULE_FIRMWARE("intel/ibt-11-5.ddc"); 2778 MODULE_FIRMWARE("intel/ibt-12-16.sfi"); 2779 MODULE_FIRMWARE("intel/ibt-12-16.ddc"); 2780