1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth support for Intel devices 5 * 6 * Copyright (C) 2015 Intel Corporation 7 */ 8 9 #include <linux/module.h> 10 #include <linux/firmware.h> 11 #include <linux/regmap.h> 12 #include <linux/acpi.h> 13 #include <asm/unaligned.h> 14 15 #include <net/bluetooth/bluetooth.h> 16 #include <net/bluetooth/hci_core.h> 17 18 #include "btintel.h" 19 20 #define VERSION "0.1" 21 22 #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 23 #define RSA_HEADER_LEN 644 24 #define CSS_HEADER_OFFSET 8 25 #define ECDSA_OFFSET 644 26 #define ECDSA_HEADER_LEN 320 27 28 #define BTINTEL_PPAG_NAME "PPAG" 29 30 /* structure to store the PPAG data read from ACPI table */ 31 struct btintel_ppag { 32 u32 domain; 33 u32 mode; 34 acpi_status status; 35 struct hci_dev *hdev; 36 }; 37 38 #define CMD_WRITE_BOOT_PARAMS 0xfc0e 39 struct cmd_write_boot_params { 40 __le32 boot_addr; 41 u8 fw_build_num; 42 u8 fw_build_ww; 43 u8 fw_build_yy; 44 } __packed; 45 46 int btintel_check_bdaddr(struct hci_dev *hdev) 47 { 48 struct hci_rp_read_bd_addr *bda; 49 struct sk_buff *skb; 50 51 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 52 HCI_INIT_TIMEOUT); 53 if (IS_ERR(skb)) { 54 int err = PTR_ERR(skb); 55 bt_dev_err(hdev, "Reading Intel device address failed (%d)", 56 err); 57 return err; 58 } 59 60 if (skb->len != sizeof(*bda)) { 61 bt_dev_err(hdev, "Intel device address length mismatch"); 62 kfree_skb(skb); 63 return -EIO; 64 } 65 66 bda = (struct hci_rp_read_bd_addr *)skb->data; 67 68 /* For some Intel based controllers, the default Bluetooth device 69 * address 00:03:19:9E:8B:00 can be found. These controllers are 70 * fully operational, but have the danger of duplicate addresses 71 * and that in turn can cause problems with Bluetooth operation. 72 */ 73 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { 74 bt_dev_err(hdev, "Found Intel default device address (%pMR)", 75 &bda->bdaddr); 76 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 77 } 78 79 kfree_skb(skb); 80 81 return 0; 82 } 83 EXPORT_SYMBOL_GPL(btintel_check_bdaddr); 84 85 int btintel_enter_mfg(struct hci_dev *hdev) 86 { 87 static const u8 param[] = { 0x01, 0x00 }; 88 struct sk_buff *skb; 89 90 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 91 if (IS_ERR(skb)) { 92 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)", 93 PTR_ERR(skb)); 94 return PTR_ERR(skb); 95 } 96 kfree_skb(skb); 97 98 return 0; 99 } 100 EXPORT_SYMBOL_GPL(btintel_enter_mfg); 101 102 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched) 103 { 104 u8 param[] = { 0x00, 0x00 }; 105 struct sk_buff *skb; 106 107 /* The 2nd command parameter specifies the manufacturing exit method: 108 * 0x00: Just disable the manufacturing mode (0x00). 109 * 0x01: Disable manufacturing mode and reset with patches deactivated. 110 * 0x02: Disable manufacturing mode and reset with patches activated. 111 */ 112 if (reset) 113 param[1] |= patched ? 0x02 : 0x01; 114 115 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 116 if (IS_ERR(skb)) { 117 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)", 118 PTR_ERR(skb)); 119 return PTR_ERR(skb); 120 } 121 kfree_skb(skb); 122 123 return 0; 124 } 125 EXPORT_SYMBOL_GPL(btintel_exit_mfg); 126 127 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 128 { 129 struct sk_buff *skb; 130 int err; 131 132 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 133 if (IS_ERR(skb)) { 134 err = PTR_ERR(skb); 135 bt_dev_err(hdev, "Changing Intel device address failed (%d)", 136 err); 137 return err; 138 } 139 kfree_skb(skb); 140 141 return 0; 142 } 143 EXPORT_SYMBOL_GPL(btintel_set_bdaddr); 144 145 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug) 146 { 147 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 148 struct sk_buff *skb; 149 int err; 150 151 if (debug) 152 mask[1] |= 0x62; 153 154 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); 155 if (IS_ERR(skb)) { 156 err = PTR_ERR(skb); 157 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err); 158 return err; 159 } 160 kfree_skb(skb); 161 162 return 0; 163 } 164 165 int btintel_set_diag(struct hci_dev *hdev, bool enable) 166 { 167 struct sk_buff *skb; 168 u8 param[3]; 169 int err; 170 171 if (enable) { 172 param[0] = 0x03; 173 param[1] = 0x03; 174 param[2] = 0x03; 175 } else { 176 param[0] = 0x00; 177 param[1] = 0x00; 178 param[2] = 0x00; 179 } 180 181 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); 182 if (IS_ERR(skb)) { 183 err = PTR_ERR(skb); 184 if (err == -ENODATA) 185 goto done; 186 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)", 187 err); 188 return err; 189 } 190 kfree_skb(skb); 191 192 done: 193 btintel_set_event_mask(hdev, enable); 194 return 0; 195 } 196 EXPORT_SYMBOL_GPL(btintel_set_diag); 197 198 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) 199 { 200 int err, ret; 201 202 err = btintel_enter_mfg(hdev); 203 if (err) 204 return err; 205 206 ret = btintel_set_diag(hdev, enable); 207 208 err = btintel_exit_mfg(hdev, false, false); 209 if (err) 210 return err; 211 212 return ret; 213 } 214 215 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable) 216 { 217 int ret; 218 219 /* Legacy ROM device needs to be in the manufacturer mode to apply 220 * diagnostic setting 221 * 222 * This flag is set after reading the Intel version. 223 */ 224 if (btintel_test_flag(hdev, INTEL_ROM_LEGACY)) 225 ret = btintel_set_diag_mfg(hdev, enable); 226 else 227 ret = btintel_set_diag(hdev, enable); 228 229 return ret; 230 } 231 232 static void btintel_hw_error(struct hci_dev *hdev, u8 code) 233 { 234 struct sk_buff *skb; 235 u8 type = 0x00; 236 237 bt_dev_err(hdev, "Hardware error 0x%2.2x", code); 238 239 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 240 if (IS_ERR(skb)) { 241 bt_dev_err(hdev, "Reset after hardware error failed (%ld)", 242 PTR_ERR(skb)); 243 return; 244 } 245 kfree_skb(skb); 246 247 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); 248 if (IS_ERR(skb)) { 249 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)", 250 PTR_ERR(skb)); 251 return; 252 } 253 254 if (skb->len != 13) { 255 bt_dev_err(hdev, "Exception info size mismatch"); 256 kfree_skb(skb); 257 return; 258 } 259 260 bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1)); 261 262 kfree_skb(skb); 263 } 264 265 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) 266 { 267 const char *variant; 268 269 /* The hardware platform number has a fixed value of 0x37 and 270 * for now only accept this single value. 271 */ 272 if (ver->hw_platform != 0x37) { 273 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 274 ver->hw_platform); 275 return -EINVAL; 276 } 277 278 /* Check for supported iBT hardware variants of this firmware 279 * loading method. 280 * 281 * This check has been put in place to ensure correct forward 282 * compatibility options when newer hardware variants come along. 283 */ 284 switch (ver->hw_variant) { 285 case 0x07: /* WP - Legacy ROM */ 286 case 0x08: /* StP - Legacy ROM */ 287 case 0x0b: /* SfP */ 288 case 0x0c: /* WsP */ 289 case 0x11: /* JfP */ 290 case 0x12: /* ThP */ 291 case 0x13: /* HrP */ 292 case 0x14: /* CcP */ 293 break; 294 default: 295 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 296 ver->hw_variant); 297 return -EINVAL; 298 } 299 300 switch (ver->fw_variant) { 301 case 0x01: 302 variant = "Legacy ROM 2.5"; 303 break; 304 case 0x06: 305 variant = "Bootloader"; 306 break; 307 case 0x22: 308 variant = "Legacy ROM 2.x"; 309 break; 310 case 0x23: 311 variant = "Firmware"; 312 break; 313 default: 314 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant); 315 return -EINVAL; 316 } 317 318 bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u", 319 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, 320 ver->fw_build_num, ver->fw_build_ww, 321 2000 + ver->fw_build_yy); 322 323 return 0; 324 } 325 EXPORT_SYMBOL_GPL(btintel_version_info); 326 327 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, 328 const void *param) 329 { 330 while (plen > 0) { 331 struct sk_buff *skb; 332 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; 333 334 cmd_param[0] = fragment_type; 335 memcpy(cmd_param + 1, param, fragment_len); 336 337 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, 338 cmd_param, HCI_INIT_TIMEOUT); 339 if (IS_ERR(skb)) 340 return PTR_ERR(skb); 341 342 kfree_skb(skb); 343 344 plen -= fragment_len; 345 param += fragment_len; 346 } 347 348 return 0; 349 } 350 351 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) 352 { 353 const struct firmware *fw; 354 struct sk_buff *skb; 355 const u8 *fw_ptr; 356 int err; 357 358 err = request_firmware_direct(&fw, ddc_name, &hdev->dev); 359 if (err < 0) { 360 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", 361 ddc_name, err); 362 return err; 363 } 364 365 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); 366 367 fw_ptr = fw->data; 368 369 /* DDC file contains one or more DDC structure which has 370 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). 371 */ 372 while (fw->size > fw_ptr - fw->data) { 373 u8 cmd_plen = fw_ptr[0] + sizeof(u8); 374 375 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, 376 HCI_INIT_TIMEOUT); 377 if (IS_ERR(skb)) { 378 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", 379 PTR_ERR(skb)); 380 release_firmware(fw); 381 return PTR_ERR(skb); 382 } 383 384 fw_ptr += cmd_plen; 385 kfree_skb(skb); 386 } 387 388 release_firmware(fw); 389 390 bt_dev_info(hdev, "Applying Intel DDC parameters completed"); 391 392 return 0; 393 } 394 EXPORT_SYMBOL_GPL(btintel_load_ddc_config); 395 396 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) 397 { 398 int err, ret; 399 400 err = btintel_enter_mfg(hdev); 401 if (err) 402 return err; 403 404 ret = btintel_set_event_mask(hdev, debug); 405 406 err = btintel_exit_mfg(hdev, false, false); 407 if (err) 408 return err; 409 410 return ret; 411 } 412 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); 413 414 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver) 415 { 416 struct sk_buff *skb; 417 418 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 419 if (IS_ERR(skb)) { 420 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 421 PTR_ERR(skb)); 422 return PTR_ERR(skb); 423 } 424 425 if (skb->len != sizeof(*ver)) { 426 bt_dev_err(hdev, "Intel version event size mismatch"); 427 kfree_skb(skb); 428 return -EILSEQ; 429 } 430 431 memcpy(ver, skb->data, sizeof(*ver)); 432 433 kfree_skb(skb); 434 435 return 0; 436 } 437 EXPORT_SYMBOL_GPL(btintel_read_version); 438 439 static int btintel_version_info_tlv(struct hci_dev *hdev, 440 struct intel_version_tlv *version) 441 { 442 const char *variant; 443 444 /* The hardware platform number has a fixed value of 0x37 and 445 * for now only accept this single value. 446 */ 447 if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) { 448 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 449 INTEL_HW_PLATFORM(version->cnvi_bt)); 450 return -EINVAL; 451 } 452 453 /* Check for supported iBT hardware variants of this firmware 454 * loading method. 455 * 456 * This check has been put in place to ensure correct forward 457 * compatibility options when newer hardware variants come along. 458 */ 459 switch (INTEL_HW_VARIANT(version->cnvi_bt)) { 460 case 0x17: /* TyP */ 461 case 0x18: /* Slr */ 462 case 0x19: /* Slr-F */ 463 case 0x1b: /* Mgr */ 464 break; 465 default: 466 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)", 467 INTEL_HW_VARIANT(version->cnvi_bt)); 468 return -EINVAL; 469 } 470 471 switch (version->img_type) { 472 case 0x01: 473 variant = "Bootloader"; 474 /* It is required that every single firmware fragment is acknowledged 475 * with a command complete event. If the boot parameters indicate 476 * that this bootloader does not send them, then abort the setup. 477 */ 478 if (version->limited_cce != 0x00) { 479 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)", 480 version->limited_cce); 481 return -EINVAL; 482 } 483 484 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */ 485 if (version->sbe_type > 0x01) { 486 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)", 487 version->sbe_type); 488 return -EINVAL; 489 } 490 491 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id); 492 bt_dev_info(hdev, "Secure boot is %s", 493 version->secure_boot ? "enabled" : "disabled"); 494 bt_dev_info(hdev, "OTP lock is %s", 495 version->otp_lock ? "enabled" : "disabled"); 496 bt_dev_info(hdev, "API lock is %s", 497 version->api_lock ? "enabled" : "disabled"); 498 bt_dev_info(hdev, "Debug lock is %s", 499 version->debug_lock ? "enabled" : "disabled"); 500 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 501 version->min_fw_build_nn, version->min_fw_build_cw, 502 2000 + version->min_fw_build_yy); 503 break; 504 case 0x03: 505 variant = "Firmware"; 506 break; 507 default: 508 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type); 509 return -EINVAL; 510 } 511 512 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant, 513 2000 + (version->timestamp >> 8), version->timestamp & 0xff, 514 version->build_type, version->build_num); 515 516 return 0; 517 } 518 519 static int btintel_parse_version_tlv(struct hci_dev *hdev, 520 struct intel_version_tlv *version, 521 struct sk_buff *skb) 522 { 523 /* Consume Command Complete Status field */ 524 skb_pull(skb, 1); 525 526 /* Event parameters contatin multiple TLVs. Read each of them 527 * and only keep the required data. Also, it use existing legacy 528 * version field like hw_platform, hw_variant, and fw_variant 529 * to keep the existing setup flow 530 */ 531 while (skb->len) { 532 struct intel_tlv *tlv; 533 534 /* Make sure skb has a minimum length of the header */ 535 if (skb->len < sizeof(*tlv)) 536 return -EINVAL; 537 538 tlv = (struct intel_tlv *)skb->data; 539 540 /* Make sure skb has a enough data */ 541 if (skb->len < tlv->len + sizeof(*tlv)) 542 return -EINVAL; 543 544 switch (tlv->type) { 545 case INTEL_TLV_CNVI_TOP: 546 version->cnvi_top = get_unaligned_le32(tlv->val); 547 break; 548 case INTEL_TLV_CNVR_TOP: 549 version->cnvr_top = get_unaligned_le32(tlv->val); 550 break; 551 case INTEL_TLV_CNVI_BT: 552 version->cnvi_bt = get_unaligned_le32(tlv->val); 553 break; 554 case INTEL_TLV_CNVR_BT: 555 version->cnvr_bt = get_unaligned_le32(tlv->val); 556 break; 557 case INTEL_TLV_DEV_REV_ID: 558 version->dev_rev_id = get_unaligned_le16(tlv->val); 559 break; 560 case INTEL_TLV_IMAGE_TYPE: 561 version->img_type = tlv->val[0]; 562 break; 563 case INTEL_TLV_TIME_STAMP: 564 /* If image type is Operational firmware (0x03), then 565 * running FW Calendar Week and Year information can 566 * be extracted from Timestamp information 567 */ 568 version->min_fw_build_cw = tlv->val[0]; 569 version->min_fw_build_yy = tlv->val[1]; 570 version->timestamp = get_unaligned_le16(tlv->val); 571 break; 572 case INTEL_TLV_BUILD_TYPE: 573 version->build_type = tlv->val[0]; 574 break; 575 case INTEL_TLV_BUILD_NUM: 576 /* If image type is Operational firmware (0x03), then 577 * running FW build number can be extracted from the 578 * Build information 579 */ 580 version->min_fw_build_nn = tlv->val[0]; 581 version->build_num = get_unaligned_le32(tlv->val); 582 break; 583 case INTEL_TLV_SECURE_BOOT: 584 version->secure_boot = tlv->val[0]; 585 break; 586 case INTEL_TLV_OTP_LOCK: 587 version->otp_lock = tlv->val[0]; 588 break; 589 case INTEL_TLV_API_LOCK: 590 version->api_lock = tlv->val[0]; 591 break; 592 case INTEL_TLV_DEBUG_LOCK: 593 version->debug_lock = tlv->val[0]; 594 break; 595 case INTEL_TLV_MIN_FW: 596 version->min_fw_build_nn = tlv->val[0]; 597 version->min_fw_build_cw = tlv->val[1]; 598 version->min_fw_build_yy = tlv->val[2]; 599 break; 600 case INTEL_TLV_LIMITED_CCE: 601 version->limited_cce = tlv->val[0]; 602 break; 603 case INTEL_TLV_SBE_TYPE: 604 version->sbe_type = tlv->val[0]; 605 break; 606 case INTEL_TLV_OTP_BDADDR: 607 memcpy(&version->otp_bd_addr, tlv->val, 608 sizeof(bdaddr_t)); 609 break; 610 default: 611 /* Ignore rest of information */ 612 break; 613 } 614 /* consume the current tlv and move to next*/ 615 skb_pull(skb, tlv->len + sizeof(*tlv)); 616 } 617 618 return 0; 619 } 620 621 static int btintel_read_version_tlv(struct hci_dev *hdev, 622 struct intel_version_tlv *version) 623 { 624 struct sk_buff *skb; 625 const u8 param[1] = { 0xFF }; 626 627 if (!version) 628 return -EINVAL; 629 630 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 631 if (IS_ERR(skb)) { 632 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 633 PTR_ERR(skb)); 634 return PTR_ERR(skb); 635 } 636 637 if (skb->data[0]) { 638 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 639 skb->data[0]); 640 kfree_skb(skb); 641 return -EIO; 642 } 643 644 btintel_parse_version_tlv(hdev, version, skb); 645 646 kfree_skb(skb); 647 return 0; 648 } 649 650 /* ------- REGMAP IBT SUPPORT ------- */ 651 652 #define IBT_REG_MODE_8BIT 0x00 653 #define IBT_REG_MODE_16BIT 0x01 654 #define IBT_REG_MODE_32BIT 0x02 655 656 struct regmap_ibt_context { 657 struct hci_dev *hdev; 658 __u16 op_write; 659 __u16 op_read; 660 }; 661 662 struct ibt_cp_reg_access { 663 __le32 addr; 664 __u8 mode; 665 __u8 len; 666 __u8 data[]; 667 } __packed; 668 669 struct ibt_rp_reg_access { 670 __u8 status; 671 __le32 addr; 672 __u8 data[]; 673 } __packed; 674 675 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, 676 void *val, size_t val_size) 677 { 678 struct regmap_ibt_context *ctx = context; 679 struct ibt_cp_reg_access cp; 680 struct ibt_rp_reg_access *rp; 681 struct sk_buff *skb; 682 int err = 0; 683 684 if (reg_size != sizeof(__le32)) 685 return -EINVAL; 686 687 switch (val_size) { 688 case 1: 689 cp.mode = IBT_REG_MODE_8BIT; 690 break; 691 case 2: 692 cp.mode = IBT_REG_MODE_16BIT; 693 break; 694 case 4: 695 cp.mode = IBT_REG_MODE_32BIT; 696 break; 697 default: 698 return -EINVAL; 699 } 700 701 /* regmap provides a little-endian formatted addr */ 702 cp.addr = *(__le32 *)addr; 703 cp.len = val_size; 704 705 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); 706 707 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, 708 HCI_CMD_TIMEOUT); 709 if (IS_ERR(skb)) { 710 err = PTR_ERR(skb); 711 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", 712 le32_to_cpu(cp.addr), err); 713 return err; 714 } 715 716 if (skb->len != sizeof(*rp) + val_size) { 717 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", 718 le32_to_cpu(cp.addr)); 719 err = -EINVAL; 720 goto done; 721 } 722 723 rp = (struct ibt_rp_reg_access *)skb->data; 724 725 if (rp->addr != cp.addr) { 726 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", 727 le32_to_cpu(rp->addr)); 728 err = -EINVAL; 729 goto done; 730 } 731 732 memcpy(val, rp->data, val_size); 733 734 done: 735 kfree_skb(skb); 736 return err; 737 } 738 739 static int regmap_ibt_gather_write(void *context, 740 const void *addr, size_t reg_size, 741 const void *val, size_t val_size) 742 { 743 struct regmap_ibt_context *ctx = context; 744 struct ibt_cp_reg_access *cp; 745 struct sk_buff *skb; 746 int plen = sizeof(*cp) + val_size; 747 u8 mode; 748 int err = 0; 749 750 if (reg_size != sizeof(__le32)) 751 return -EINVAL; 752 753 switch (val_size) { 754 case 1: 755 mode = IBT_REG_MODE_8BIT; 756 break; 757 case 2: 758 mode = IBT_REG_MODE_16BIT; 759 break; 760 case 4: 761 mode = IBT_REG_MODE_32BIT; 762 break; 763 default: 764 return -EINVAL; 765 } 766 767 cp = kmalloc(plen, GFP_KERNEL); 768 if (!cp) 769 return -ENOMEM; 770 771 /* regmap provides a little-endian formatted addr/value */ 772 cp->addr = *(__le32 *)addr; 773 cp->mode = mode; 774 cp->len = val_size; 775 memcpy(&cp->data, val, val_size); 776 777 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); 778 779 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); 780 if (IS_ERR(skb)) { 781 err = PTR_ERR(skb); 782 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", 783 le32_to_cpu(cp->addr), err); 784 goto done; 785 } 786 kfree_skb(skb); 787 788 done: 789 kfree(cp); 790 return err; 791 } 792 793 static int regmap_ibt_write(void *context, const void *data, size_t count) 794 { 795 /* data contains register+value, since we only support 32bit addr, 796 * minimum data size is 4 bytes. 797 */ 798 if (WARN_ONCE(count < 4, "Invalid register access")) 799 return -EINVAL; 800 801 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); 802 } 803 804 static void regmap_ibt_free_context(void *context) 805 { 806 kfree(context); 807 } 808 809 static const struct regmap_bus regmap_ibt = { 810 .read = regmap_ibt_read, 811 .write = regmap_ibt_write, 812 .gather_write = regmap_ibt_gather_write, 813 .free_context = regmap_ibt_free_context, 814 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, 815 .val_format_endian_default = REGMAP_ENDIAN_LITTLE, 816 }; 817 818 /* Config is the same for all register regions */ 819 static const struct regmap_config regmap_ibt_cfg = { 820 .name = "btintel_regmap", 821 .reg_bits = 32, 822 .val_bits = 32, 823 }; 824 825 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, 826 u16 opcode_write) 827 { 828 struct regmap_ibt_context *ctx; 829 830 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, 831 opcode_write); 832 833 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 834 if (!ctx) 835 return ERR_PTR(-ENOMEM); 836 837 ctx->op_read = opcode_read; 838 ctx->op_write = opcode_write; 839 ctx->hdev = hdev; 840 841 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); 842 } 843 EXPORT_SYMBOL_GPL(btintel_regmap_init); 844 845 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param) 846 { 847 struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 }; 848 struct sk_buff *skb; 849 850 params.boot_param = cpu_to_le32(boot_param); 851 852 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms, 853 HCI_INIT_TIMEOUT); 854 if (IS_ERR(skb)) { 855 bt_dev_err(hdev, "Failed to send Intel Reset command"); 856 return PTR_ERR(skb); 857 } 858 859 kfree_skb(skb); 860 861 return 0; 862 } 863 EXPORT_SYMBOL_GPL(btintel_send_intel_reset); 864 865 int btintel_read_boot_params(struct hci_dev *hdev, 866 struct intel_boot_params *params) 867 { 868 struct sk_buff *skb; 869 870 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); 871 if (IS_ERR(skb)) { 872 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 873 PTR_ERR(skb)); 874 return PTR_ERR(skb); 875 } 876 877 if (skb->len != sizeof(*params)) { 878 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 879 kfree_skb(skb); 880 return -EILSEQ; 881 } 882 883 memcpy(params, skb->data, sizeof(*params)); 884 885 kfree_skb(skb); 886 887 if (params->status) { 888 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)", 889 params->status); 890 return -bt_to_errno(params->status); 891 } 892 893 bt_dev_info(hdev, "Device revision is %u", 894 le16_to_cpu(params->dev_revid)); 895 896 bt_dev_info(hdev, "Secure boot is %s", 897 params->secure_boot ? "enabled" : "disabled"); 898 899 bt_dev_info(hdev, "OTP lock is %s", 900 params->otp_lock ? "enabled" : "disabled"); 901 902 bt_dev_info(hdev, "API lock is %s", 903 params->api_lock ? "enabled" : "disabled"); 904 905 bt_dev_info(hdev, "Debug lock is %s", 906 params->debug_lock ? "enabled" : "disabled"); 907 908 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 909 params->min_fw_build_nn, params->min_fw_build_cw, 910 2000 + params->min_fw_build_yy); 911 912 return 0; 913 } 914 EXPORT_SYMBOL_GPL(btintel_read_boot_params); 915 916 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev, 917 const struct firmware *fw) 918 { 919 int err; 920 921 /* Start the firmware download transaction with the Init fragment 922 * represented by the 128 bytes of CSS header. 923 */ 924 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 925 if (err < 0) { 926 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 927 goto done; 928 } 929 930 /* Send the 256 bytes of public key information from the firmware 931 * as the PKey fragment. 932 */ 933 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 934 if (err < 0) { 935 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 936 goto done; 937 } 938 939 /* Send the 256 bytes of signature information from the firmware 940 * as the Sign fragment. 941 */ 942 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 943 if (err < 0) { 944 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err); 945 goto done; 946 } 947 948 done: 949 return err; 950 } 951 952 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev, 953 const struct firmware *fw) 954 { 955 int err; 956 957 /* Start the firmware download transaction with the Init fragment 958 * represented by the 128 bytes of CSS header. 959 */ 960 err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644); 961 if (err < 0) { 962 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 963 return err; 964 } 965 966 /* Send the 96 bytes of public key information from the firmware 967 * as the PKey fragment. 968 */ 969 err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128); 970 if (err < 0) { 971 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 972 return err; 973 } 974 975 /* Send the 96 bytes of signature information from the firmware 976 * as the Sign fragment 977 */ 978 err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224); 979 if (err < 0) { 980 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 981 err); 982 return err; 983 } 984 return 0; 985 } 986 987 static int btintel_download_firmware_payload(struct hci_dev *hdev, 988 const struct firmware *fw, 989 size_t offset) 990 { 991 int err; 992 const u8 *fw_ptr; 993 u32 frag_len; 994 995 fw_ptr = fw->data + offset; 996 frag_len = 0; 997 err = -EINVAL; 998 999 while (fw_ptr - fw->data < fw->size) { 1000 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 1001 1002 frag_len += sizeof(*cmd) + cmd->plen; 1003 1004 /* The parameter length of the secure send command requires 1005 * a 4 byte alignment. It happens so that the firmware file 1006 * contains proper Intel_NOP commands to align the fragments 1007 * as needed. 1008 * 1009 * Send set of commands with 4 byte alignment from the 1010 * firmware data buffer as a single Data fragement. 1011 */ 1012 if (!(frag_len % 4)) { 1013 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 1014 if (err < 0) { 1015 bt_dev_err(hdev, 1016 "Failed to send firmware data (%d)", 1017 err); 1018 goto done; 1019 } 1020 1021 fw_ptr += frag_len; 1022 frag_len = 0; 1023 } 1024 } 1025 1026 done: 1027 return err; 1028 } 1029 1030 static bool btintel_firmware_version(struct hci_dev *hdev, 1031 u8 num, u8 ww, u8 yy, 1032 const struct firmware *fw, 1033 u32 *boot_addr) 1034 { 1035 const u8 *fw_ptr; 1036 1037 fw_ptr = fw->data; 1038 1039 while (fw_ptr - fw->data < fw->size) { 1040 struct hci_command_hdr *cmd = (void *)(fw_ptr); 1041 1042 /* Each SKU has a different reset parameter to use in the 1043 * HCI_Intel_Reset command and it is embedded in the firmware 1044 * data. So, instead of using static value per SKU, check 1045 * the firmware data and save it for later use. 1046 */ 1047 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) { 1048 struct cmd_write_boot_params *params; 1049 1050 params = (void *)(fw_ptr + sizeof(*cmd)); 1051 1052 *boot_addr = le32_to_cpu(params->boot_addr); 1053 1054 bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr); 1055 1056 bt_dev_info(hdev, "Firmware Version: %u-%u.%u", 1057 params->fw_build_num, params->fw_build_ww, 1058 params->fw_build_yy); 1059 1060 return (num == params->fw_build_num && 1061 ww == params->fw_build_ww && 1062 yy == params->fw_build_yy); 1063 } 1064 1065 fw_ptr += sizeof(*cmd) + cmd->plen; 1066 } 1067 1068 return false; 1069 } 1070 1071 int btintel_download_firmware(struct hci_dev *hdev, 1072 struct intel_version *ver, 1073 const struct firmware *fw, 1074 u32 *boot_param) 1075 { 1076 int err; 1077 1078 /* SfP and WsP don't seem to update the firmware version on file 1079 * so version checking is currently not possible. 1080 */ 1081 switch (ver->hw_variant) { 1082 case 0x0b: /* SfP */ 1083 case 0x0c: /* WsP */ 1084 /* Skip version checking */ 1085 break; 1086 default: 1087 1088 /* Skip download if firmware has the same version */ 1089 if (btintel_firmware_version(hdev, ver->fw_build_num, 1090 ver->fw_build_ww, ver->fw_build_yy, 1091 fw, boot_param)) { 1092 bt_dev_info(hdev, "Firmware already loaded"); 1093 /* Return -EALREADY to indicate that the firmware has 1094 * already been loaded. 1095 */ 1096 return -EALREADY; 1097 } 1098 } 1099 1100 /* The firmware variant determines if the device is in bootloader 1101 * mode or is running operational firmware. The value 0x06 identifies 1102 * the bootloader and the value 0x23 identifies the operational 1103 * firmware. 1104 * 1105 * If the firmware version has changed that means it needs to be reset 1106 * to bootloader when operational so the new firmware can be loaded. 1107 */ 1108 if (ver->fw_variant == 0x23) 1109 return -EINVAL; 1110 1111 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1112 if (err) 1113 return err; 1114 1115 return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1116 } 1117 EXPORT_SYMBOL_GPL(btintel_download_firmware); 1118 1119 static int btintel_download_fw_tlv(struct hci_dev *hdev, 1120 struct intel_version_tlv *ver, 1121 const struct firmware *fw, u32 *boot_param, 1122 u8 hw_variant, u8 sbe_type) 1123 { 1124 int err; 1125 u32 css_header_ver; 1126 1127 /* Skip download if firmware has the same version */ 1128 if (btintel_firmware_version(hdev, ver->min_fw_build_nn, 1129 ver->min_fw_build_cw, 1130 ver->min_fw_build_yy, 1131 fw, boot_param)) { 1132 bt_dev_info(hdev, "Firmware already loaded"); 1133 /* Return -EALREADY to indicate that firmware has 1134 * already been loaded. 1135 */ 1136 return -EALREADY; 1137 } 1138 1139 /* The firmware variant determines if the device is in bootloader 1140 * mode or is running operational firmware. The value 0x01 identifies 1141 * the bootloader and the value 0x03 identifies the operational 1142 * firmware. 1143 * 1144 * If the firmware version has changed that means it needs to be reset 1145 * to bootloader when operational so the new firmware can be loaded. 1146 */ 1147 if (ver->img_type == 0x03) 1148 return -EINVAL; 1149 1150 /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support 1151 * only RSA secure boot engine. Hence, the corresponding sfi file will 1152 * have RSA header of 644 bytes followed by Command Buffer. 1153 * 1154 * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA 1155 * secure boot engine. As a result, the corresponding sfi file will 1156 * have RSA header of 644, ECDSA header of 320 bytes followed by 1157 * Command Buffer. 1158 * 1159 * CSS Header byte positions 0x08 to 0x0B represent the CSS Header 1160 * version: RSA(0x00010000) , ECDSA (0x00020000) 1161 */ 1162 css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET); 1163 if (css_header_ver != 0x00010000) { 1164 bt_dev_err(hdev, "Invalid CSS Header version"); 1165 return -EINVAL; 1166 } 1167 1168 if (hw_variant <= 0x14) { 1169 if (sbe_type != 0x00) { 1170 bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)", 1171 hw_variant); 1172 return -EINVAL; 1173 } 1174 1175 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1176 if (err) 1177 return err; 1178 1179 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1180 if (err) 1181 return err; 1182 } else if (hw_variant >= 0x17) { 1183 /* Check if CSS header for ECDSA follows the RSA header */ 1184 if (fw->data[ECDSA_OFFSET] != 0x06) 1185 return -EINVAL; 1186 1187 /* Check if the CSS Header version is ECDSA(0x00020000) */ 1188 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET); 1189 if (css_header_ver != 0x00020000) { 1190 bt_dev_err(hdev, "Invalid CSS Header version"); 1191 return -EINVAL; 1192 } 1193 1194 if (sbe_type == 0x00) { 1195 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1196 if (err) 1197 return err; 1198 1199 err = btintel_download_firmware_payload(hdev, fw, 1200 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1201 if (err) 1202 return err; 1203 } else if (sbe_type == 0x01) { 1204 err = btintel_sfi_ecdsa_header_secure_send(hdev, fw); 1205 if (err) 1206 return err; 1207 1208 err = btintel_download_firmware_payload(hdev, fw, 1209 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1210 if (err) 1211 return err; 1212 } 1213 } 1214 return 0; 1215 } 1216 1217 static void btintel_reset_to_bootloader(struct hci_dev *hdev) 1218 { 1219 struct intel_reset params; 1220 struct sk_buff *skb; 1221 1222 /* Send Intel Reset command. This will result in 1223 * re-enumeration of BT controller. 1224 * 1225 * Intel Reset parameter description: 1226 * reset_type : 0x00 (Soft reset), 1227 * 0x01 (Hard reset) 1228 * patch_enable : 0x00 (Do not enable), 1229 * 0x01 (Enable) 1230 * ddc_reload : 0x00 (Do not reload), 1231 * 0x01 (Reload) 1232 * boot_option: 0x00 (Current image), 1233 * 0x01 (Specified boot address) 1234 * boot_param: Boot address 1235 * 1236 */ 1237 params.reset_type = 0x01; 1238 params.patch_enable = 0x01; 1239 params.ddc_reload = 0x01; 1240 params.boot_option = 0x00; 1241 params.boot_param = cpu_to_le32(0x00000000); 1242 1243 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), 1244 ¶ms, HCI_INIT_TIMEOUT); 1245 if (IS_ERR(skb)) { 1246 bt_dev_err(hdev, "FW download error recovery failed (%ld)", 1247 PTR_ERR(skb)); 1248 return; 1249 } 1250 bt_dev_info(hdev, "Intel reset sent to retry FW download"); 1251 kfree_skb(skb); 1252 1253 /* Current Intel BT controllers(ThP/JfP) hold the USB reset 1254 * lines for 2ms when it receives Intel Reset in bootloader mode. 1255 * Whereas, the upcoming Intel BT controllers will hold USB reset 1256 * for 150ms. To keep the delay generic, 150ms is chosen here. 1257 */ 1258 msleep(150); 1259 } 1260 1261 static int btintel_read_debug_features(struct hci_dev *hdev, 1262 struct intel_debug_features *features) 1263 { 1264 struct sk_buff *skb; 1265 u8 page_no = 1; 1266 1267 /* Intel controller supports two pages, each page is of 128-bit 1268 * feature bit mask. And each bit defines specific feature support 1269 */ 1270 skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no, 1271 HCI_INIT_TIMEOUT); 1272 if (IS_ERR(skb)) { 1273 bt_dev_err(hdev, "Reading supported features failed (%ld)", 1274 PTR_ERR(skb)); 1275 return PTR_ERR(skb); 1276 } 1277 1278 if (skb->len != (sizeof(features->page1) + 3)) { 1279 bt_dev_err(hdev, "Supported features event size mismatch"); 1280 kfree_skb(skb); 1281 return -EILSEQ; 1282 } 1283 1284 memcpy(features->page1, skb->data + 3, sizeof(features->page1)); 1285 1286 /* Read the supported features page2 if required in future. 1287 */ 1288 kfree_skb(skb); 1289 return 0; 1290 } 1291 1292 static acpi_status btintel_ppag_callback(acpi_handle handle, u32 lvl, void *data, 1293 void **ret) 1294 { 1295 acpi_status status; 1296 size_t len; 1297 struct btintel_ppag *ppag = data; 1298 union acpi_object *p, *elements; 1299 struct acpi_buffer string = {ACPI_ALLOCATE_BUFFER, NULL}; 1300 struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL}; 1301 struct hci_dev *hdev = ppag->hdev; 1302 1303 status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &string); 1304 if (ACPI_FAILURE(status)) { 1305 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); 1306 return status; 1307 } 1308 1309 len = strlen(string.pointer); 1310 if (len < strlen(BTINTEL_PPAG_NAME)) { 1311 kfree(string.pointer); 1312 return AE_OK; 1313 } 1314 1315 if (strncmp((char *)string.pointer + len - 4, BTINTEL_PPAG_NAME, 4)) { 1316 kfree(string.pointer); 1317 return AE_OK; 1318 } 1319 kfree(string.pointer); 1320 1321 status = acpi_evaluate_object(handle, NULL, NULL, &buffer); 1322 if (ACPI_FAILURE(status)) { 1323 ppag->status = status; 1324 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); 1325 return status; 1326 } 1327 1328 p = buffer.pointer; 1329 ppag = (struct btintel_ppag *)data; 1330 1331 if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) { 1332 kfree(buffer.pointer); 1333 bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d", 1334 p->type, p->package.count); 1335 ppag->status = AE_ERROR; 1336 return AE_ERROR; 1337 } 1338 1339 elements = p->package.elements; 1340 1341 /* PPAG table is located at element[1] */ 1342 p = &elements[1]; 1343 1344 ppag->domain = (u32)p->package.elements[0].integer.value; 1345 ppag->mode = (u32)p->package.elements[1].integer.value; 1346 ppag->status = AE_OK; 1347 kfree(buffer.pointer); 1348 return AE_CTRL_TERMINATE; 1349 } 1350 1351 static int btintel_set_debug_features(struct hci_dev *hdev, 1352 const struct intel_debug_features *features) 1353 { 1354 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00, 1355 0x00, 0x00, 0x00 }; 1356 u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 }; 1357 u8 trace_enable = 0x02; 1358 struct sk_buff *skb; 1359 1360 if (!features) { 1361 bt_dev_warn(hdev, "Debug features not read"); 1362 return -EINVAL; 1363 } 1364 1365 if (!(features->page1[0] & 0x3f)) { 1366 bt_dev_info(hdev, "Telemetry exception format not supported"); 1367 return 0; 1368 } 1369 1370 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1371 if (IS_ERR(skb)) { 1372 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1373 PTR_ERR(skb)); 1374 return PTR_ERR(skb); 1375 } 1376 kfree_skb(skb); 1377 1378 skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT); 1379 if (IS_ERR(skb)) { 1380 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)", 1381 PTR_ERR(skb)); 1382 return PTR_ERR(skb); 1383 } 1384 kfree_skb(skb); 1385 1386 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1387 if (IS_ERR(skb)) { 1388 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)", 1389 PTR_ERR(skb)); 1390 return PTR_ERR(skb); 1391 } 1392 kfree_skb(skb); 1393 1394 bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x", 1395 trace_enable, mask[3]); 1396 1397 return 0; 1398 } 1399 1400 static int btintel_reset_debug_features(struct hci_dev *hdev, 1401 const struct intel_debug_features *features) 1402 { 1403 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 1404 0x00, 0x00, 0x00 }; 1405 u8 trace_enable = 0x00; 1406 struct sk_buff *skb; 1407 1408 if (!features) { 1409 bt_dev_warn(hdev, "Debug features not read"); 1410 return -EINVAL; 1411 } 1412 1413 if (!(features->page1[0] & 0x3f)) { 1414 bt_dev_info(hdev, "Telemetry exception format not supported"); 1415 return 0; 1416 } 1417 1418 /* Should stop the trace before writing ddc event mask. */ 1419 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1420 if (IS_ERR(skb)) { 1421 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)", 1422 PTR_ERR(skb)); 1423 return PTR_ERR(skb); 1424 } 1425 kfree_skb(skb); 1426 1427 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1428 if (IS_ERR(skb)) { 1429 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1430 PTR_ERR(skb)); 1431 return PTR_ERR(skb); 1432 } 1433 kfree_skb(skb); 1434 1435 bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x", 1436 trace_enable, mask[3]); 1437 1438 return 0; 1439 } 1440 1441 int btintel_set_quality_report(struct hci_dev *hdev, bool enable) 1442 { 1443 struct intel_debug_features features; 1444 int err; 1445 1446 bt_dev_dbg(hdev, "enable %d", enable); 1447 1448 /* Read the Intel supported features and if new exception formats 1449 * supported, need to load the additional DDC config to enable. 1450 */ 1451 err = btintel_read_debug_features(hdev, &features); 1452 if (err) 1453 return err; 1454 1455 /* Set or reset the debug features. */ 1456 if (enable) 1457 err = btintel_set_debug_features(hdev, &features); 1458 else 1459 err = btintel_reset_debug_features(hdev, &features); 1460 1461 return err; 1462 } 1463 EXPORT_SYMBOL_GPL(btintel_set_quality_report); 1464 1465 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev, 1466 struct intel_version *ver) 1467 { 1468 const struct firmware *fw; 1469 char fwname[64]; 1470 int ret; 1471 1472 snprintf(fwname, sizeof(fwname), 1473 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1474 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1475 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1476 ver->fw_build_ww, ver->fw_build_yy); 1477 1478 ret = request_firmware(&fw, fwname, &hdev->dev); 1479 if (ret < 0) { 1480 if (ret == -EINVAL) { 1481 bt_dev_err(hdev, "Intel firmware file request failed (%d)", 1482 ret); 1483 return NULL; 1484 } 1485 1486 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)", 1487 fwname, ret); 1488 1489 /* If the correct firmware patch file is not found, use the 1490 * default firmware patch file instead 1491 */ 1492 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1493 ver->hw_platform, ver->hw_variant); 1494 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1495 bt_dev_err(hdev, "failed to open default fw file: %s", 1496 fwname); 1497 return NULL; 1498 } 1499 } 1500 1501 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1502 1503 return fw; 1504 } 1505 1506 static int btintel_legacy_rom_patching(struct hci_dev *hdev, 1507 const struct firmware *fw, 1508 const u8 **fw_ptr, int *disable_patch) 1509 { 1510 struct sk_buff *skb; 1511 struct hci_command_hdr *cmd; 1512 const u8 *cmd_param; 1513 struct hci_event_hdr *evt = NULL; 1514 const u8 *evt_param = NULL; 1515 int remain = fw->size - (*fw_ptr - fw->data); 1516 1517 /* The first byte indicates the types of the patch command or event. 1518 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1519 * in the current firmware buffer doesn't start with 0x01 or 1520 * the size of remain buffer is smaller than HCI command header, 1521 * the firmware file is corrupted and it should stop the patching 1522 * process. 1523 */ 1524 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1525 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read"); 1526 return -EINVAL; 1527 } 1528 (*fw_ptr)++; 1529 remain--; 1530 1531 cmd = (struct hci_command_hdr *)(*fw_ptr); 1532 *fw_ptr += sizeof(*cmd); 1533 remain -= sizeof(*cmd); 1534 1535 /* Ensure that the remain firmware data is long enough than the length 1536 * of command parameter. If not, the firmware file is corrupted. 1537 */ 1538 if (remain < cmd->plen) { 1539 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len"); 1540 return -EFAULT; 1541 } 1542 1543 /* If there is a command that loads a patch in the firmware 1544 * file, then enable the patch upon success, otherwise just 1545 * disable the manufacturer mode, for example patch activation 1546 * is not required when the default firmware patch file is used 1547 * because there are no patch data to load. 1548 */ 1549 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1550 *disable_patch = 0; 1551 1552 cmd_param = *fw_ptr; 1553 *fw_ptr += cmd->plen; 1554 remain -= cmd->plen; 1555 1556 /* This reads the expected events when the above command is sent to the 1557 * device. Some vendor commands expects more than one events, for 1558 * example command status event followed by vendor specific event. 1559 * For this case, it only keeps the last expected event. so the command 1560 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1561 * last expected event. 1562 */ 1563 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1564 (*fw_ptr)++; 1565 remain--; 1566 1567 evt = (struct hci_event_hdr *)(*fw_ptr); 1568 *fw_ptr += sizeof(*evt); 1569 remain -= sizeof(*evt); 1570 1571 if (remain < evt->plen) { 1572 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len"); 1573 return -EFAULT; 1574 } 1575 1576 evt_param = *fw_ptr; 1577 *fw_ptr += evt->plen; 1578 remain -= evt->plen; 1579 } 1580 1581 /* Every HCI commands in the firmware file has its correspond event. 1582 * If event is not found or remain is smaller than zero, the firmware 1583 * file is corrupted. 1584 */ 1585 if (!evt || !evt_param || remain < 0) { 1586 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read"); 1587 return -EFAULT; 1588 } 1589 1590 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1591 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1592 if (IS_ERR(skb)) { 1593 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)", 1594 cmd->opcode, PTR_ERR(skb)); 1595 return PTR_ERR(skb); 1596 } 1597 1598 /* It ensures that the returned event matches the event data read from 1599 * the firmware file. At fist, it checks the length and then 1600 * the contents of the event. 1601 */ 1602 if (skb->len != evt->plen) { 1603 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)", 1604 le16_to_cpu(cmd->opcode)); 1605 kfree_skb(skb); 1606 return -EFAULT; 1607 } 1608 1609 if (memcmp(skb->data, evt_param, evt->plen)) { 1610 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)", 1611 le16_to_cpu(cmd->opcode)); 1612 kfree_skb(skb); 1613 return -EFAULT; 1614 } 1615 kfree_skb(skb); 1616 1617 return 0; 1618 } 1619 1620 static int btintel_legacy_rom_setup(struct hci_dev *hdev, 1621 struct intel_version *ver) 1622 { 1623 const struct firmware *fw; 1624 const u8 *fw_ptr; 1625 int disable_patch, err; 1626 struct intel_version new_ver; 1627 1628 BT_DBG("%s", hdev->name); 1629 1630 /* fw_patch_num indicates the version of patch the device currently 1631 * have. If there is no patch data in the device, it is always 0x00. 1632 * So, if it is other than 0x00, no need to patch the device again. 1633 */ 1634 if (ver->fw_patch_num) { 1635 bt_dev_info(hdev, 1636 "Intel device is already patched. patch num: %02x", 1637 ver->fw_patch_num); 1638 goto complete; 1639 } 1640 1641 /* Opens the firmware patch file based on the firmware version read 1642 * from the controller. If it fails to open the matching firmware 1643 * patch file, it tries to open the default firmware patch file. 1644 * If no patch file is found, allow the device to operate without 1645 * a patch. 1646 */ 1647 fw = btintel_legacy_rom_get_fw(hdev, ver); 1648 if (!fw) 1649 goto complete; 1650 fw_ptr = fw->data; 1651 1652 /* Enable the manufacturer mode of the controller. 1653 * Only while this mode is enabled, the driver can download the 1654 * firmware patch data and configuration parameters. 1655 */ 1656 err = btintel_enter_mfg(hdev); 1657 if (err) { 1658 release_firmware(fw); 1659 return err; 1660 } 1661 1662 disable_patch = 1; 1663 1664 /* The firmware data file consists of list of Intel specific HCI 1665 * commands and its expected events. The first byte indicates the 1666 * type of the message, either HCI command or HCI event. 1667 * 1668 * It reads the command and its expected event from the firmware file, 1669 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1670 * the returned event is compared with the event read from the firmware 1671 * file and it will continue until all the messages are downloaded to 1672 * the controller. 1673 * 1674 * Once the firmware patching is completed successfully, 1675 * the manufacturer mode is disabled with reset and activating the 1676 * downloaded patch. 1677 * 1678 * If the firmware patching fails, the manufacturer mode is 1679 * disabled with reset and deactivating the patch. 1680 * 1681 * If the default patch file is used, no reset is done when disabling 1682 * the manufacturer. 1683 */ 1684 while (fw->size > fw_ptr - fw->data) { 1685 int ret; 1686 1687 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr, 1688 &disable_patch); 1689 if (ret < 0) 1690 goto exit_mfg_deactivate; 1691 } 1692 1693 release_firmware(fw); 1694 1695 if (disable_patch) 1696 goto exit_mfg_disable; 1697 1698 /* Patching completed successfully and disable the manufacturer mode 1699 * with reset and activate the downloaded firmware patches. 1700 */ 1701 err = btintel_exit_mfg(hdev, true, true); 1702 if (err) 1703 return err; 1704 1705 /* Need build number for downloaded fw patches in 1706 * every power-on boot 1707 */ 1708 err = btintel_read_version(hdev, &new_ver); 1709 if (err) 1710 return err; 1711 1712 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated", 1713 new_ver.fw_patch_num); 1714 1715 goto complete; 1716 1717 exit_mfg_disable: 1718 /* Disable the manufacturer mode without reset */ 1719 err = btintel_exit_mfg(hdev, false, false); 1720 if (err) 1721 return err; 1722 1723 bt_dev_info(hdev, "Intel firmware patch completed"); 1724 1725 goto complete; 1726 1727 exit_mfg_deactivate: 1728 release_firmware(fw); 1729 1730 /* Patching failed. Disable the manufacturer mode with reset and 1731 * deactivate the downloaded firmware patches. 1732 */ 1733 err = btintel_exit_mfg(hdev, true, false); 1734 if (err) 1735 return err; 1736 1737 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1738 1739 complete: 1740 /* Set the event mask for Intel specific vendor events. This enables 1741 * a few extra events that are useful during general operation. 1742 */ 1743 btintel_set_event_mask_mfg(hdev, false); 1744 1745 btintel_check_bdaddr(hdev); 1746 1747 return 0; 1748 } 1749 1750 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1751 { 1752 ktime_t delta, rettime; 1753 unsigned long long duration; 1754 int err; 1755 1756 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1757 1758 bt_dev_info(hdev, "Waiting for firmware download to complete"); 1759 1760 err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING, 1761 TASK_INTERRUPTIBLE, 1762 msecs_to_jiffies(msec)); 1763 if (err == -EINTR) { 1764 bt_dev_err(hdev, "Firmware loading interrupted"); 1765 return err; 1766 } 1767 1768 if (err) { 1769 bt_dev_err(hdev, "Firmware loading timeout"); 1770 return -ETIMEDOUT; 1771 } 1772 1773 if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) { 1774 bt_dev_err(hdev, "Firmware loading failed"); 1775 return -ENOEXEC; 1776 } 1777 1778 rettime = ktime_get(); 1779 delta = ktime_sub(rettime, calltime); 1780 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1781 1782 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 1783 1784 return 0; 1785 } 1786 1787 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1788 { 1789 ktime_t delta, rettime; 1790 unsigned long long duration; 1791 int err; 1792 1793 bt_dev_info(hdev, "Waiting for device to boot"); 1794 1795 err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING, 1796 TASK_INTERRUPTIBLE, 1797 msecs_to_jiffies(msec)); 1798 if (err == -EINTR) { 1799 bt_dev_err(hdev, "Device boot interrupted"); 1800 return -EINTR; 1801 } 1802 1803 if (err) { 1804 bt_dev_err(hdev, "Device boot timeout"); 1805 return -ETIMEDOUT; 1806 } 1807 1808 rettime = ktime_get(); 1809 delta = ktime_sub(rettime, calltime); 1810 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 1811 1812 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 1813 1814 return 0; 1815 } 1816 1817 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr) 1818 { 1819 ktime_t calltime; 1820 int err; 1821 1822 calltime = ktime_get(); 1823 1824 btintel_set_flag(hdev, INTEL_BOOTING); 1825 1826 err = btintel_send_intel_reset(hdev, boot_addr); 1827 if (err) { 1828 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err); 1829 btintel_reset_to_bootloader(hdev); 1830 return err; 1831 } 1832 1833 /* The bootloader will not indicate when the device is ready. This 1834 * is done by the operational firmware sending bootup notification. 1835 * 1836 * Booting into operational firmware should not take longer than 1837 * 1 second. However if that happens, then just fail the setup 1838 * since something went wrong. 1839 */ 1840 err = btintel_boot_wait(hdev, calltime, 1000); 1841 if (err == -ETIMEDOUT) 1842 btintel_reset_to_bootloader(hdev); 1843 1844 return err; 1845 } 1846 1847 static int btintel_get_fw_name(struct intel_version *ver, 1848 struct intel_boot_params *params, 1849 char *fw_name, size_t len, 1850 const char *suffix) 1851 { 1852 switch (ver->hw_variant) { 1853 case 0x0b: /* SfP */ 1854 case 0x0c: /* WsP */ 1855 snprintf(fw_name, len, "intel/ibt-%u-%u.%s", 1856 ver->hw_variant, 1857 le16_to_cpu(params->dev_revid), 1858 suffix); 1859 break; 1860 case 0x11: /* JfP */ 1861 case 0x12: /* ThP */ 1862 case 0x13: /* HrP */ 1863 case 0x14: /* CcP */ 1864 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s", 1865 ver->hw_variant, 1866 ver->hw_revision, 1867 ver->fw_revision, 1868 suffix); 1869 break; 1870 default: 1871 return -EINVAL; 1872 } 1873 1874 return 0; 1875 } 1876 1877 static int btintel_download_fw(struct hci_dev *hdev, 1878 struct intel_version *ver, 1879 struct intel_boot_params *params, 1880 u32 *boot_param) 1881 { 1882 const struct firmware *fw; 1883 char fwname[64]; 1884 int err; 1885 ktime_t calltime; 1886 1887 if (!ver || !params) 1888 return -EINVAL; 1889 1890 /* The firmware variant determines if the device is in bootloader 1891 * mode or is running operational firmware. The value 0x06 identifies 1892 * the bootloader and the value 0x23 identifies the operational 1893 * firmware. 1894 * 1895 * When the operational firmware is already present, then only 1896 * the check for valid Bluetooth device address is needed. This 1897 * determines if the device will be added as configured or 1898 * unconfigured controller. 1899 * 1900 * It is not possible to use the Secure Boot Parameters in this 1901 * case since that command is only available in bootloader mode. 1902 */ 1903 if (ver->fw_variant == 0x23) { 1904 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 1905 btintel_check_bdaddr(hdev); 1906 1907 /* SfP and WsP don't seem to update the firmware version on file 1908 * so version checking is currently possible. 1909 */ 1910 switch (ver->hw_variant) { 1911 case 0x0b: /* SfP */ 1912 case 0x0c: /* WsP */ 1913 return 0; 1914 } 1915 1916 /* Proceed to download to check if the version matches */ 1917 goto download; 1918 } 1919 1920 /* Read the secure boot parameters to identify the operating 1921 * details of the bootloader. 1922 */ 1923 err = btintel_read_boot_params(hdev, params); 1924 if (err) 1925 return err; 1926 1927 /* It is required that every single firmware fragment is acknowledged 1928 * with a command complete event. If the boot parameters indicate 1929 * that this bootloader does not send them, then abort the setup. 1930 */ 1931 if (params->limited_cce != 0x00) { 1932 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 1933 params->limited_cce); 1934 return -EINVAL; 1935 } 1936 1937 /* If the OTP has no valid Bluetooth device address, then there will 1938 * also be no valid address for the operational firmware. 1939 */ 1940 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 1941 bt_dev_info(hdev, "No device address configured"); 1942 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 1943 } 1944 1945 download: 1946 /* With this Intel bootloader only the hardware variant and device 1947 * revision information are used to select the right firmware for SfP 1948 * and WsP. 1949 * 1950 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 1951 * 1952 * Currently the supported hardware variants are: 1953 * 11 (0x0b) for iBT3.0 (LnP/SfP) 1954 * 12 (0x0c) for iBT3.5 (WsP) 1955 * 1956 * For ThP/JfP and for future SKU's, the FW name varies based on HW 1957 * variant, HW revision and FW revision, as these are dependent on CNVi 1958 * and RF Combination. 1959 * 1960 * 17 (0x11) for iBT3.5 (JfP) 1961 * 18 (0x12) for iBT3.5 (ThP) 1962 * 1963 * The firmware file name for these will be 1964 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 1965 * 1966 */ 1967 err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi"); 1968 if (err < 0) { 1969 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1970 /* Firmware has already been loaded */ 1971 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1972 return 0; 1973 } 1974 1975 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 1976 return -EINVAL; 1977 } 1978 1979 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 1980 if (err < 0) { 1981 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 1982 /* Firmware has already been loaded */ 1983 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1984 return 0; 1985 } 1986 1987 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 1988 fwname, err); 1989 return err; 1990 } 1991 1992 bt_dev_info(hdev, "Found device firmware: %s", fwname); 1993 1994 if (fw->size < 644) { 1995 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 1996 fw->size); 1997 err = -EBADF; 1998 goto done; 1999 } 2000 2001 calltime = ktime_get(); 2002 2003 btintel_set_flag(hdev, INTEL_DOWNLOADING); 2004 2005 /* Start firmware downloading and get boot parameter */ 2006 err = btintel_download_firmware(hdev, ver, fw, boot_param); 2007 if (err < 0) { 2008 if (err == -EALREADY) { 2009 /* Firmware has already been loaded */ 2010 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2011 err = 0; 2012 goto done; 2013 } 2014 2015 /* When FW download fails, send Intel Reset to retry 2016 * FW download. 2017 */ 2018 btintel_reset_to_bootloader(hdev); 2019 goto done; 2020 } 2021 2022 /* Before switching the device into operational mode and with that 2023 * booting the loaded firmware, wait for the bootloader notification 2024 * that all fragments have been successfully received. 2025 * 2026 * When the event processing receives the notification, then the 2027 * INTEL_DOWNLOADING flag will be cleared. 2028 * 2029 * The firmware loading should not take longer than 5 seconds 2030 * and thus just timeout if that happens and fail the setup 2031 * of this device. 2032 */ 2033 err = btintel_download_wait(hdev, calltime, 5000); 2034 if (err == -ETIMEDOUT) 2035 btintel_reset_to_bootloader(hdev); 2036 2037 done: 2038 release_firmware(fw); 2039 return err; 2040 } 2041 2042 static int btintel_bootloader_setup(struct hci_dev *hdev, 2043 struct intel_version *ver) 2044 { 2045 struct intel_version new_ver; 2046 struct intel_boot_params params; 2047 u32 boot_param; 2048 char ddcname[64]; 2049 int err; 2050 2051 BT_DBG("%s", hdev->name); 2052 2053 /* Set the default boot parameter to 0x0 and it is updated to 2054 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2055 * command while downloading the firmware. 2056 */ 2057 boot_param = 0x00000000; 2058 2059 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2060 2061 err = btintel_download_fw(hdev, ver, ¶ms, &boot_param); 2062 if (err) 2063 return err; 2064 2065 /* controller is already having an operational firmware */ 2066 if (ver->fw_variant == 0x23) 2067 goto finish; 2068 2069 err = btintel_boot(hdev, boot_param); 2070 if (err) 2071 return err; 2072 2073 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2074 2075 err = btintel_get_fw_name(ver, ¶ms, ddcname, 2076 sizeof(ddcname), "ddc"); 2077 2078 if (err < 0) { 2079 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2080 } else { 2081 /* Once the device is running in operational mode, it needs to 2082 * apply the device configuration (DDC) parameters. 2083 * 2084 * The device can work without DDC parameters, so even if it 2085 * fails to load the file, no need to fail the setup. 2086 */ 2087 btintel_load_ddc_config(hdev, ddcname); 2088 } 2089 2090 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2091 2092 /* Read the Intel version information after loading the FW */ 2093 err = btintel_read_version(hdev, &new_ver); 2094 if (err) 2095 return err; 2096 2097 btintel_version_info(hdev, &new_ver); 2098 2099 finish: 2100 /* Set the event mask for Intel specific vendor events. This enables 2101 * a few extra events that are useful during general operation. It 2102 * does not enable any debugging related events. 2103 * 2104 * The device will function correctly without these events enabled 2105 * and thus no need to fail the setup. 2106 */ 2107 btintel_set_event_mask(hdev, false); 2108 2109 return 0; 2110 } 2111 2112 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver, 2113 char *fw_name, size_t len, 2114 const char *suffix) 2115 { 2116 /* The firmware file name for new generation controllers will be 2117 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step> 2118 */ 2119 snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s", 2120 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top), 2121 INTEL_CNVX_TOP_STEP(ver->cnvi_top)), 2122 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top), 2123 INTEL_CNVX_TOP_STEP(ver->cnvr_top)), 2124 suffix); 2125 } 2126 2127 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev, 2128 struct intel_version_tlv *ver, 2129 u32 *boot_param) 2130 { 2131 const struct firmware *fw; 2132 char fwname[64]; 2133 int err; 2134 ktime_t calltime; 2135 2136 if (!ver || !boot_param) 2137 return -EINVAL; 2138 2139 /* The firmware variant determines if the device is in bootloader 2140 * mode or is running operational firmware. The value 0x03 identifies 2141 * the bootloader and the value 0x23 identifies the operational 2142 * firmware. 2143 * 2144 * When the operational firmware is already present, then only 2145 * the check for valid Bluetooth device address is needed. This 2146 * determines if the device will be added as configured or 2147 * unconfigured controller. 2148 * 2149 * It is not possible to use the Secure Boot Parameters in this 2150 * case since that command is only available in bootloader mode. 2151 */ 2152 if (ver->img_type == 0x03) { 2153 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2154 btintel_check_bdaddr(hdev); 2155 } else { 2156 /* 2157 * Check for valid bd address in boot loader mode. Device 2158 * will be marked as unconfigured if empty bd address is 2159 * found. 2160 */ 2161 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) { 2162 bt_dev_info(hdev, "No device address configured"); 2163 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2164 } 2165 } 2166 2167 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi"); 2168 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 2169 if (err < 0) { 2170 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2171 /* Firmware has already been loaded */ 2172 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2173 return 0; 2174 } 2175 2176 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 2177 fwname, err); 2178 2179 return err; 2180 } 2181 2182 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2183 2184 if (fw->size < 644) { 2185 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 2186 fw->size); 2187 err = -EBADF; 2188 goto done; 2189 } 2190 2191 calltime = ktime_get(); 2192 2193 btintel_set_flag(hdev, INTEL_DOWNLOADING); 2194 2195 /* Start firmware downloading and get boot parameter */ 2196 err = btintel_download_fw_tlv(hdev, ver, fw, boot_param, 2197 INTEL_HW_VARIANT(ver->cnvi_bt), 2198 ver->sbe_type); 2199 if (err < 0) { 2200 if (err == -EALREADY) { 2201 /* Firmware has already been loaded */ 2202 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2203 err = 0; 2204 goto done; 2205 } 2206 2207 /* When FW download fails, send Intel Reset to retry 2208 * FW download. 2209 */ 2210 btintel_reset_to_bootloader(hdev); 2211 goto done; 2212 } 2213 2214 /* Before switching the device into operational mode and with that 2215 * booting the loaded firmware, wait for the bootloader notification 2216 * that all fragments have been successfully received. 2217 * 2218 * When the event processing receives the notification, then the 2219 * BTUSB_DOWNLOADING flag will be cleared. 2220 * 2221 * The firmware loading should not take longer than 5 seconds 2222 * and thus just timeout if that happens and fail the setup 2223 * of this device. 2224 */ 2225 err = btintel_download_wait(hdev, calltime, 5000); 2226 if (err == -ETIMEDOUT) 2227 btintel_reset_to_bootloader(hdev); 2228 2229 done: 2230 release_firmware(fw); 2231 return err; 2232 } 2233 2234 static int btintel_get_codec_config_data(struct hci_dev *hdev, 2235 __u8 link, struct bt_codec *codec, 2236 __u8 *ven_len, __u8 **ven_data) 2237 { 2238 int err = 0; 2239 2240 if (!ven_data || !ven_len) 2241 return -EINVAL; 2242 2243 *ven_len = 0; 2244 *ven_data = NULL; 2245 2246 if (link != ESCO_LINK) { 2247 bt_dev_err(hdev, "Invalid link type(%u)", link); 2248 return -EINVAL; 2249 } 2250 2251 *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL); 2252 if (!*ven_data) { 2253 err = -ENOMEM; 2254 goto error; 2255 } 2256 2257 /* supports only CVSD and mSBC offload codecs */ 2258 switch (codec->id) { 2259 case 0x02: 2260 **ven_data = 0x00; 2261 break; 2262 case 0x05: 2263 **ven_data = 0x01; 2264 break; 2265 default: 2266 err = -EINVAL; 2267 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id); 2268 goto error; 2269 } 2270 /* codec and its capabilities are pre-defined to ids 2271 * preset id = 0x00 represents CVSD codec with sampling rate 8K 2272 * preset id = 0x01 represents mSBC codec with sampling rate 16K 2273 */ 2274 *ven_len = sizeof(__u8); 2275 return err; 2276 2277 error: 2278 kfree(*ven_data); 2279 *ven_data = NULL; 2280 return err; 2281 } 2282 2283 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id) 2284 { 2285 /* Intel uses 1 as data path id for all the usecases */ 2286 *data_path_id = 1; 2287 return 0; 2288 } 2289 2290 static int btintel_configure_offload(struct hci_dev *hdev) 2291 { 2292 struct sk_buff *skb; 2293 int err = 0; 2294 struct intel_offload_use_cases *use_cases; 2295 2296 skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT); 2297 if (IS_ERR(skb)) { 2298 bt_dev_err(hdev, "Reading offload use cases failed (%ld)", 2299 PTR_ERR(skb)); 2300 return PTR_ERR(skb); 2301 } 2302 2303 if (skb->len < sizeof(*use_cases)) { 2304 err = -EIO; 2305 goto error; 2306 } 2307 2308 use_cases = (void *)skb->data; 2309 2310 if (use_cases->status) { 2311 err = -bt_to_errno(skb->data[0]); 2312 goto error; 2313 } 2314 2315 if (use_cases->preset[0] & 0x03) { 2316 hdev->get_data_path_id = btintel_get_data_path_id; 2317 hdev->get_codec_config_data = btintel_get_codec_config_data; 2318 } 2319 error: 2320 kfree_skb(skb); 2321 return err; 2322 } 2323 2324 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver) 2325 { 2326 struct btintel_ppag ppag; 2327 struct sk_buff *skb; 2328 struct btintel_loc_aware_reg ppag_cmd; 2329 acpi_handle handle; 2330 2331 /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */ 2332 switch (ver->cnvr_top & 0xFFF) { 2333 case 0x504: /* Hrp2 */ 2334 case 0x202: /* Jfp2 */ 2335 case 0x201: /* Jfp1 */ 2336 return; 2337 } 2338 2339 handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev)); 2340 if (!handle) { 2341 bt_dev_info(hdev, "No support for BT device in ACPI firmware"); 2342 return; 2343 } 2344 2345 memset(&ppag, 0, sizeof(ppag)); 2346 2347 ppag.hdev = hdev; 2348 ppag.status = AE_NOT_FOUND; 2349 acpi_walk_namespace(ACPI_TYPE_PACKAGE, handle, 1, NULL, 2350 btintel_ppag_callback, &ppag, NULL); 2351 2352 if (ACPI_FAILURE(ppag.status)) { 2353 if (ppag.status == AE_NOT_FOUND) { 2354 bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found"); 2355 return; 2356 } 2357 return; 2358 } 2359 2360 if (ppag.domain != 0x12) { 2361 bt_dev_warn(hdev, "PPAG-BT: domain is not bluetooth"); 2362 return; 2363 } 2364 2365 /* PPAG mode, BIT0 = 0 Disabled, BIT0 = 1 Enabled */ 2366 if (!(ppag.mode & BIT(0))) { 2367 bt_dev_dbg(hdev, "PPAG-BT: disabled"); 2368 return; 2369 } 2370 2371 ppag_cmd.mcc = cpu_to_le32(0); 2372 ppag_cmd.sel = cpu_to_le32(0); /* 0 - Enable , 1 - Disable, 2 - Testing mode */ 2373 ppag_cmd.delta = cpu_to_le32(0); 2374 skb = __hci_cmd_sync(hdev, 0xfe19, sizeof(ppag_cmd), &ppag_cmd, HCI_CMD_TIMEOUT); 2375 if (IS_ERR(skb)) { 2376 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb)); 2377 return; 2378 } 2379 kfree_skb(skb); 2380 } 2381 2382 static int btintel_bootloader_setup_tlv(struct hci_dev *hdev, 2383 struct intel_version_tlv *ver) 2384 { 2385 u32 boot_param; 2386 char ddcname[64]; 2387 int err; 2388 struct intel_version_tlv new_ver; 2389 2390 bt_dev_dbg(hdev, ""); 2391 2392 /* Set the default boot parameter to 0x0 and it is updated to 2393 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2394 * command while downloading the firmware. 2395 */ 2396 boot_param = 0x00000000; 2397 2398 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2399 2400 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param); 2401 if (err) 2402 return err; 2403 2404 /* check if controller is already having an operational firmware */ 2405 if (ver->img_type == 0x03) 2406 goto finish; 2407 2408 err = btintel_boot(hdev, boot_param); 2409 if (err) 2410 return err; 2411 2412 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2413 2414 btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc"); 2415 /* Once the device is running in operational mode, it needs to 2416 * apply the device configuration (DDC) parameters. 2417 * 2418 * The device can work without DDC parameters, so even if it 2419 * fails to load the file, no need to fail the setup. 2420 */ 2421 btintel_load_ddc_config(hdev, ddcname); 2422 2423 /* Read supported use cases and set callbacks to fetch datapath id */ 2424 btintel_configure_offload(hdev); 2425 2426 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2427 2428 /* Set PPAG feature */ 2429 btintel_set_ppag(hdev, ver); 2430 2431 /* Read the Intel version information after loading the FW */ 2432 err = btintel_read_version_tlv(hdev, &new_ver); 2433 if (err) 2434 return err; 2435 2436 btintel_version_info_tlv(hdev, &new_ver); 2437 2438 finish: 2439 /* Set the event mask for Intel specific vendor events. This enables 2440 * a few extra events that are useful during general operation. It 2441 * does not enable any debugging related events. 2442 * 2443 * The device will function correctly without these events enabled 2444 * and thus no need to fail the setup. 2445 */ 2446 btintel_set_event_mask(hdev, false); 2447 2448 return 0; 2449 } 2450 2451 static void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant) 2452 { 2453 switch (hw_variant) { 2454 /* Legacy bootloader devices that supports MSFT Extension */ 2455 case 0x11: /* JfP */ 2456 case 0x12: /* ThP */ 2457 case 0x13: /* HrP */ 2458 case 0x14: /* CcP */ 2459 /* All Intel new genration controllers support the Microsoft vendor 2460 * extension are using 0xFC1E for VsMsftOpCode. 2461 */ 2462 case 0x17: 2463 case 0x18: 2464 case 0x19: 2465 case 0x1b: 2466 hci_set_msft_opcode(hdev, 0xFC1E); 2467 break; 2468 default: 2469 /* Not supported */ 2470 break; 2471 } 2472 } 2473 2474 static int btintel_setup_combined(struct hci_dev *hdev) 2475 { 2476 const u8 param[1] = { 0xFF }; 2477 struct intel_version ver; 2478 struct intel_version_tlv ver_tlv; 2479 struct sk_buff *skb; 2480 int err; 2481 2482 BT_DBG("%s", hdev->name); 2483 2484 /* The some controllers have a bug with the first HCI command sent to it 2485 * returning number of completed commands as zero. This would stall the 2486 * command processing in the Bluetooth core. 2487 * 2488 * As a workaround, send HCI Reset command first which will reset the 2489 * number of completed commands and allow normal command processing 2490 * from now on. 2491 * 2492 * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe 2493 * in the SW_RFKILL ON state as a workaround of fixing LED issue during 2494 * the shutdown() procedure, and once the device is in SW_RFKILL ON 2495 * state, the only way to exit out of it is sending the HCI_Reset 2496 * command. 2497 */ 2498 if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) || 2499 btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2500 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, 2501 HCI_INIT_TIMEOUT); 2502 if (IS_ERR(skb)) { 2503 bt_dev_err(hdev, 2504 "sending initial HCI reset failed (%ld)", 2505 PTR_ERR(skb)); 2506 return PTR_ERR(skb); 2507 } 2508 kfree_skb(skb); 2509 } 2510 2511 /* Starting from TyP device, the command parameter and response are 2512 * changed even though the OCF for HCI_Intel_Read_Version command 2513 * remains same. The legacy devices can handle even if the 2514 * command has a parameter and returns a correct version information. 2515 * So, it uses new format to support both legacy and new format. 2516 */ 2517 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 2518 if (IS_ERR(skb)) { 2519 bt_dev_err(hdev, "Reading Intel version command failed (%ld)", 2520 PTR_ERR(skb)); 2521 return PTR_ERR(skb); 2522 } 2523 2524 /* Check the status */ 2525 if (skb->data[0]) { 2526 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 2527 skb->data[0]); 2528 err = -EIO; 2529 goto exit_error; 2530 } 2531 2532 /* Apply the common HCI quirks for Intel device */ 2533 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2534 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2535 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 2536 2537 /* Set up the quality report callback for Intel devices */ 2538 hdev->set_quality_report = btintel_set_quality_report; 2539 2540 /* For Legacy device, check the HW platform value and size */ 2541 if (skb->len == sizeof(ver) && skb->data[1] == 0x37) { 2542 bt_dev_dbg(hdev, "Read the legacy Intel version information"); 2543 2544 memcpy(&ver, skb->data, sizeof(ver)); 2545 2546 /* Display version information */ 2547 btintel_version_info(hdev, &ver); 2548 2549 /* Check for supported iBT hardware variants of this firmware 2550 * loading method. 2551 * 2552 * This check has been put in place to ensure correct forward 2553 * compatibility options when newer hardware variants come 2554 * along. 2555 */ 2556 switch (ver.hw_variant) { 2557 case 0x07: /* WP */ 2558 case 0x08: /* StP */ 2559 /* Legacy ROM product */ 2560 btintel_set_flag(hdev, INTEL_ROM_LEGACY); 2561 2562 /* Apply the device specific HCI quirks 2563 * 2564 * WBS for SdP - For the Legacy ROM products, only SdP 2565 * supports the WBS. But the version information is not 2566 * enough to use here because the StP2 and SdP have same 2567 * hw_variant and fw_variant. So, this flag is set by 2568 * the transport driver (btusb) based on the HW info 2569 * (idProduct) 2570 */ 2571 if (!btintel_test_flag(hdev, 2572 INTEL_ROM_LEGACY_NO_WBS_SUPPORT)) 2573 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2574 &hdev->quirks); 2575 if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22) 2576 set_bit(HCI_QUIRK_VALID_LE_STATES, 2577 &hdev->quirks); 2578 2579 err = btintel_legacy_rom_setup(hdev, &ver); 2580 break; 2581 case 0x0b: /* SfP */ 2582 case 0x11: /* JfP */ 2583 case 0x12: /* ThP */ 2584 case 0x13: /* HrP */ 2585 case 0x14: /* CcP */ 2586 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2587 fallthrough; 2588 case 0x0c: /* WsP */ 2589 /* Apply the device specific HCI quirks 2590 * 2591 * All Legacy bootloader devices support WBS 2592 */ 2593 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2594 &hdev->quirks); 2595 2596 /* Setup MSFT Extension support */ 2597 btintel_set_msft_opcode(hdev, ver.hw_variant); 2598 2599 err = btintel_bootloader_setup(hdev, &ver); 2600 break; 2601 default: 2602 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2603 ver.hw_variant); 2604 err = -EINVAL; 2605 } 2606 2607 goto exit_error; 2608 } 2609 2610 /* memset ver_tlv to start with clean state as few fields are exclusive 2611 * to bootloader mode and are not populated in operational mode 2612 */ 2613 memset(&ver_tlv, 0, sizeof(ver_tlv)); 2614 /* For TLV type device, parse the tlv data */ 2615 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); 2616 if (err) { 2617 bt_dev_err(hdev, "Failed to parse TLV version information"); 2618 goto exit_error; 2619 } 2620 2621 if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) { 2622 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 2623 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); 2624 err = -EINVAL; 2625 goto exit_error; 2626 } 2627 2628 /* Check for supported iBT hardware variants of this firmware 2629 * loading method. 2630 * 2631 * This check has been put in place to ensure correct forward 2632 * compatibility options when newer hardware variants come 2633 * along. 2634 */ 2635 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { 2636 case 0x11: /* JfP */ 2637 case 0x12: /* ThP */ 2638 case 0x13: /* HrP */ 2639 case 0x14: /* CcP */ 2640 /* Some legacy bootloader devices starting from JfP, 2641 * the operational firmware supports both old and TLV based 2642 * HCI_Intel_Read_Version command based on the command 2643 * parameter. 2644 * 2645 * For upgrading firmware case, the TLV based version cannot 2646 * be used because the firmware filename for legacy bootloader 2647 * is based on the old format. 2648 * 2649 * Also, it is not easy to convert TLV based version from the 2650 * legacy version format. 2651 * 2652 * So, as a workaround for those devices, use the legacy 2653 * HCI_Intel_Read_Version to get the version information and 2654 * run the legacy bootloader setup. 2655 */ 2656 err = btintel_read_version(hdev, &ver); 2657 if (err) 2658 break; 2659 2660 /* Apply the device specific HCI quirks 2661 * 2662 * All Legacy bootloader devices support WBS 2663 */ 2664 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2665 2666 /* Set Valid LE States quirk */ 2667 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2668 2669 /* Setup MSFT Extension support */ 2670 btintel_set_msft_opcode(hdev, ver.hw_variant); 2671 2672 err = btintel_bootloader_setup(hdev, &ver); 2673 break; 2674 case 0x17: 2675 case 0x18: 2676 case 0x19: 2677 case 0x1b: 2678 /* Display version information of TLV type */ 2679 btintel_version_info_tlv(hdev, &ver_tlv); 2680 2681 /* Apply the device specific HCI quirks for TLV based devices 2682 * 2683 * All TLV based devices support WBS 2684 */ 2685 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2686 2687 /* Valid LE States quirk for GfP */ 2688 if (INTEL_HW_VARIANT(ver_tlv.cnvi_bt) == 0x18) 2689 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2690 2691 /* Setup MSFT Extension support */ 2692 btintel_set_msft_opcode(hdev, 2693 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2694 2695 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); 2696 break; 2697 default: 2698 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2699 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2700 err = -EINVAL; 2701 break; 2702 } 2703 2704 exit_error: 2705 kfree_skb(skb); 2706 2707 return err; 2708 } 2709 2710 static int btintel_shutdown_combined(struct hci_dev *hdev) 2711 { 2712 struct sk_buff *skb; 2713 int ret; 2714 2715 /* Send HCI Reset to the controller to stop any BT activity which 2716 * were triggered. This will help to save power and maintain the 2717 * sync b/w Host and controller 2718 */ 2719 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 2720 if (IS_ERR(skb)) { 2721 bt_dev_err(hdev, "HCI reset during shutdown failed"); 2722 return PTR_ERR(skb); 2723 } 2724 kfree_skb(skb); 2725 2726 2727 /* Some platforms have an issue with BT LED when the interface is 2728 * down or BT radio is turned off, which takes 5 seconds to BT LED 2729 * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the 2730 * device in the RFKILL ON state which turns off the BT LED immediately. 2731 */ 2732 if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2733 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2734 if (IS_ERR(skb)) { 2735 ret = PTR_ERR(skb); 2736 bt_dev_err(hdev, "turning off Intel device LED failed"); 2737 return ret; 2738 } 2739 kfree_skb(skb); 2740 } 2741 2742 return 0; 2743 } 2744 2745 int btintel_configure_setup(struct hci_dev *hdev) 2746 { 2747 hdev->manufacturer = 2; 2748 hdev->setup = btintel_setup_combined; 2749 hdev->shutdown = btintel_shutdown_combined; 2750 hdev->hw_error = btintel_hw_error; 2751 hdev->set_diag = btintel_set_diag_combined; 2752 hdev->set_bdaddr = btintel_set_bdaddr; 2753 2754 return 0; 2755 } 2756 EXPORT_SYMBOL_GPL(btintel_configure_setup); 2757 2758 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len) 2759 { 2760 const struct intel_bootup *evt = ptr; 2761 2762 if (len != sizeof(*evt)) 2763 return; 2764 2765 if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING)) 2766 btintel_wake_up_flag(hdev, INTEL_BOOTING); 2767 } 2768 EXPORT_SYMBOL_GPL(btintel_bootup); 2769 2770 void btintel_secure_send_result(struct hci_dev *hdev, 2771 const void *ptr, unsigned int len) 2772 { 2773 const struct intel_secure_send_result *evt = ptr; 2774 2775 if (len != sizeof(*evt)) 2776 return; 2777 2778 if (evt->result) 2779 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED); 2780 2781 if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) && 2782 btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED)) 2783 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING); 2784 } 2785 EXPORT_SYMBOL_GPL(btintel_secure_send_result); 2786 2787 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2788 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 2789 MODULE_VERSION(VERSION); 2790 MODULE_LICENSE("GPL"); 2791 MODULE_FIRMWARE("intel/ibt-11-5.sfi"); 2792 MODULE_FIRMWARE("intel/ibt-11-5.ddc"); 2793 MODULE_FIRMWARE("intel/ibt-12-16.sfi"); 2794 MODULE_FIRMWARE("intel/ibt-12-16.ddc"); 2795