1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * 4 * Bluetooth support for Intel devices 5 * 6 * Copyright (C) 2015 Intel Corporation 7 */ 8 9 #include <linux/module.h> 10 #include <linux/firmware.h> 11 #include <linux/regmap.h> 12 #include <linux/acpi.h> 13 #include <asm/unaligned.h> 14 15 #include <net/bluetooth/bluetooth.h> 16 #include <net/bluetooth/hci_core.h> 17 18 #include "btintel.h" 19 20 #define VERSION "0.1" 21 22 #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}}) 23 #define RSA_HEADER_LEN 644 24 #define CSS_HEADER_OFFSET 8 25 #define ECDSA_OFFSET 644 26 #define ECDSA_HEADER_LEN 320 27 28 #define BTINTEL_PPAG_NAME "PPAG" 29 30 /* structure to store the PPAG data read from ACPI table */ 31 struct btintel_ppag { 32 u32 domain; 33 u32 mode; 34 acpi_status status; 35 struct hci_dev *hdev; 36 }; 37 38 #define CMD_WRITE_BOOT_PARAMS 0xfc0e 39 struct cmd_write_boot_params { 40 __le32 boot_addr; 41 u8 fw_build_num; 42 u8 fw_build_ww; 43 u8 fw_build_yy; 44 } __packed; 45 46 static struct { 47 const char *driver_name; 48 u8 hw_variant; 49 u32 fw_build_num; 50 } coredump_info; 51 52 int btintel_check_bdaddr(struct hci_dev *hdev) 53 { 54 struct hci_rp_read_bd_addr *bda; 55 struct sk_buff *skb; 56 57 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL, 58 HCI_INIT_TIMEOUT); 59 if (IS_ERR(skb)) { 60 int err = PTR_ERR(skb); 61 bt_dev_err(hdev, "Reading Intel device address failed (%d)", 62 err); 63 return err; 64 } 65 66 if (skb->len != sizeof(*bda)) { 67 bt_dev_err(hdev, "Intel device address length mismatch"); 68 kfree_skb(skb); 69 return -EIO; 70 } 71 72 bda = (struct hci_rp_read_bd_addr *)skb->data; 73 74 /* For some Intel based controllers, the default Bluetooth device 75 * address 00:03:19:9E:8B:00 can be found. These controllers are 76 * fully operational, but have the danger of duplicate addresses 77 * and that in turn can cause problems with Bluetooth operation. 78 */ 79 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) { 80 bt_dev_err(hdev, "Found Intel default device address (%pMR)", 81 &bda->bdaddr); 82 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 83 } 84 85 kfree_skb(skb); 86 87 return 0; 88 } 89 EXPORT_SYMBOL_GPL(btintel_check_bdaddr); 90 91 int btintel_enter_mfg(struct hci_dev *hdev) 92 { 93 static const u8 param[] = { 0x01, 0x00 }; 94 struct sk_buff *skb; 95 96 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 97 if (IS_ERR(skb)) { 98 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)", 99 PTR_ERR(skb)); 100 return PTR_ERR(skb); 101 } 102 kfree_skb(skb); 103 104 return 0; 105 } 106 EXPORT_SYMBOL_GPL(btintel_enter_mfg); 107 108 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched) 109 { 110 u8 param[] = { 0x00, 0x00 }; 111 struct sk_buff *skb; 112 113 /* The 2nd command parameter specifies the manufacturing exit method: 114 * 0x00: Just disable the manufacturing mode (0x00). 115 * 0x01: Disable manufacturing mode and reset with patches deactivated. 116 * 0x02: Disable manufacturing mode and reset with patches activated. 117 */ 118 if (reset) 119 param[1] |= patched ? 0x02 : 0x01; 120 121 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT); 122 if (IS_ERR(skb)) { 123 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)", 124 PTR_ERR(skb)); 125 return PTR_ERR(skb); 126 } 127 kfree_skb(skb); 128 129 return 0; 130 } 131 EXPORT_SYMBOL_GPL(btintel_exit_mfg); 132 133 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) 134 { 135 struct sk_buff *skb; 136 int err; 137 138 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT); 139 if (IS_ERR(skb)) { 140 err = PTR_ERR(skb); 141 bt_dev_err(hdev, "Changing Intel device address failed (%d)", 142 err); 143 return err; 144 } 145 kfree_skb(skb); 146 147 return 0; 148 } 149 EXPORT_SYMBOL_GPL(btintel_set_bdaddr); 150 151 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug) 152 { 153 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 154 struct sk_buff *skb; 155 int err; 156 157 if (debug) 158 mask[1] |= 0x62; 159 160 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT); 161 if (IS_ERR(skb)) { 162 err = PTR_ERR(skb); 163 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err); 164 return err; 165 } 166 kfree_skb(skb); 167 168 return 0; 169 } 170 171 int btintel_set_diag(struct hci_dev *hdev, bool enable) 172 { 173 struct sk_buff *skb; 174 u8 param[3]; 175 int err; 176 177 if (enable) { 178 param[0] = 0x03; 179 param[1] = 0x03; 180 param[2] = 0x03; 181 } else { 182 param[0] = 0x00; 183 param[1] = 0x00; 184 param[2] = 0x00; 185 } 186 187 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT); 188 if (IS_ERR(skb)) { 189 err = PTR_ERR(skb); 190 if (err == -ENODATA) 191 goto done; 192 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)", 193 err); 194 return err; 195 } 196 kfree_skb(skb); 197 198 done: 199 btintel_set_event_mask(hdev, enable); 200 return 0; 201 } 202 EXPORT_SYMBOL_GPL(btintel_set_diag); 203 204 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable) 205 { 206 int err, ret; 207 208 err = btintel_enter_mfg(hdev); 209 if (err) 210 return err; 211 212 ret = btintel_set_diag(hdev, enable); 213 214 err = btintel_exit_mfg(hdev, false, false); 215 if (err) 216 return err; 217 218 return ret; 219 } 220 221 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable) 222 { 223 int ret; 224 225 /* Legacy ROM device needs to be in the manufacturer mode to apply 226 * diagnostic setting 227 * 228 * This flag is set after reading the Intel version. 229 */ 230 if (btintel_test_flag(hdev, INTEL_ROM_LEGACY)) 231 ret = btintel_set_diag_mfg(hdev, enable); 232 else 233 ret = btintel_set_diag(hdev, enable); 234 235 return ret; 236 } 237 238 static void btintel_hw_error(struct hci_dev *hdev, u8 code) 239 { 240 struct sk_buff *skb; 241 u8 type = 0x00; 242 243 bt_dev_err(hdev, "Hardware error 0x%2.2x", code); 244 245 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 246 if (IS_ERR(skb)) { 247 bt_dev_err(hdev, "Reset after hardware error failed (%ld)", 248 PTR_ERR(skb)); 249 return; 250 } 251 kfree_skb(skb); 252 253 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT); 254 if (IS_ERR(skb)) { 255 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)", 256 PTR_ERR(skb)); 257 return; 258 } 259 260 if (skb->len != 13) { 261 bt_dev_err(hdev, "Exception info size mismatch"); 262 kfree_skb(skb); 263 return; 264 } 265 266 bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1)); 267 268 kfree_skb(skb); 269 } 270 271 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver) 272 { 273 const char *variant; 274 275 /* The hardware platform number has a fixed value of 0x37 and 276 * for now only accept this single value. 277 */ 278 if (ver->hw_platform != 0x37) { 279 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 280 ver->hw_platform); 281 return -EINVAL; 282 } 283 284 /* Check for supported iBT hardware variants of this firmware 285 * loading method. 286 * 287 * This check has been put in place to ensure correct forward 288 * compatibility options when newer hardware variants come along. 289 */ 290 switch (ver->hw_variant) { 291 case 0x07: /* WP - Legacy ROM */ 292 case 0x08: /* StP - Legacy ROM */ 293 case 0x0b: /* SfP */ 294 case 0x0c: /* WsP */ 295 case 0x11: /* JfP */ 296 case 0x12: /* ThP */ 297 case 0x13: /* HrP */ 298 case 0x14: /* CcP */ 299 break; 300 default: 301 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 302 ver->hw_variant); 303 return -EINVAL; 304 } 305 306 switch (ver->fw_variant) { 307 case 0x01: 308 variant = "Legacy ROM 2.5"; 309 break; 310 case 0x06: 311 variant = "Bootloader"; 312 break; 313 case 0x22: 314 variant = "Legacy ROM 2.x"; 315 break; 316 case 0x23: 317 variant = "Firmware"; 318 break; 319 default: 320 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant); 321 return -EINVAL; 322 } 323 324 coredump_info.hw_variant = ver->hw_variant; 325 coredump_info.fw_build_num = ver->fw_build_num; 326 327 bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u", 328 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f, 329 ver->fw_build_num, ver->fw_build_ww, 330 2000 + ver->fw_build_yy); 331 332 return 0; 333 } 334 EXPORT_SYMBOL_GPL(btintel_version_info); 335 336 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen, 337 const void *param) 338 { 339 while (plen > 0) { 340 struct sk_buff *skb; 341 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen; 342 343 cmd_param[0] = fragment_type; 344 memcpy(cmd_param + 1, param, fragment_len); 345 346 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1, 347 cmd_param, HCI_INIT_TIMEOUT); 348 if (IS_ERR(skb)) 349 return PTR_ERR(skb); 350 351 kfree_skb(skb); 352 353 plen -= fragment_len; 354 param += fragment_len; 355 } 356 357 return 0; 358 } 359 360 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name) 361 { 362 const struct firmware *fw; 363 struct sk_buff *skb; 364 const u8 *fw_ptr; 365 int err; 366 367 err = request_firmware_direct(&fw, ddc_name, &hdev->dev); 368 if (err < 0) { 369 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)", 370 ddc_name, err); 371 return err; 372 } 373 374 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name); 375 376 fw_ptr = fw->data; 377 378 /* DDC file contains one or more DDC structure which has 379 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2). 380 */ 381 while (fw->size > fw_ptr - fw->data) { 382 u8 cmd_plen = fw_ptr[0] + sizeof(u8); 383 384 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr, 385 HCI_INIT_TIMEOUT); 386 if (IS_ERR(skb)) { 387 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)", 388 PTR_ERR(skb)); 389 release_firmware(fw); 390 return PTR_ERR(skb); 391 } 392 393 fw_ptr += cmd_plen; 394 kfree_skb(skb); 395 } 396 397 release_firmware(fw); 398 399 bt_dev_info(hdev, "Applying Intel DDC parameters completed"); 400 401 return 0; 402 } 403 EXPORT_SYMBOL_GPL(btintel_load_ddc_config); 404 405 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug) 406 { 407 int err, ret; 408 409 err = btintel_enter_mfg(hdev); 410 if (err) 411 return err; 412 413 ret = btintel_set_event_mask(hdev, debug); 414 415 err = btintel_exit_mfg(hdev, false, false); 416 if (err) 417 return err; 418 419 return ret; 420 } 421 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg); 422 423 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver) 424 { 425 struct sk_buff *skb; 426 427 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); 428 if (IS_ERR(skb)) { 429 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 430 PTR_ERR(skb)); 431 return PTR_ERR(skb); 432 } 433 434 if (skb->len != sizeof(*ver)) { 435 bt_dev_err(hdev, "Intel version event size mismatch"); 436 kfree_skb(skb); 437 return -EILSEQ; 438 } 439 440 memcpy(ver, skb->data, sizeof(*ver)); 441 442 kfree_skb(skb); 443 444 return 0; 445 } 446 EXPORT_SYMBOL_GPL(btintel_read_version); 447 448 static int btintel_version_info_tlv(struct hci_dev *hdev, 449 struct intel_version_tlv *version) 450 { 451 const char *variant; 452 453 /* The hardware platform number has a fixed value of 0x37 and 454 * for now only accept this single value. 455 */ 456 if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) { 457 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 458 INTEL_HW_PLATFORM(version->cnvi_bt)); 459 return -EINVAL; 460 } 461 462 /* Check for supported iBT hardware variants of this firmware 463 * loading method. 464 * 465 * This check has been put in place to ensure correct forward 466 * compatibility options when newer hardware variants come along. 467 */ 468 switch (INTEL_HW_VARIANT(version->cnvi_bt)) { 469 case 0x17: /* TyP */ 470 case 0x18: /* Slr */ 471 case 0x19: /* Slr-F */ 472 case 0x1b: /* Mgr */ 473 break; 474 default: 475 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)", 476 INTEL_HW_VARIANT(version->cnvi_bt)); 477 return -EINVAL; 478 } 479 480 switch (version->img_type) { 481 case 0x01: 482 variant = "Bootloader"; 483 /* It is required that every single firmware fragment is acknowledged 484 * with a command complete event. If the boot parameters indicate 485 * that this bootloader does not send them, then abort the setup. 486 */ 487 if (version->limited_cce != 0x00) { 488 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)", 489 version->limited_cce); 490 return -EINVAL; 491 } 492 493 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */ 494 if (version->sbe_type > 0x01) { 495 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)", 496 version->sbe_type); 497 return -EINVAL; 498 } 499 500 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id); 501 bt_dev_info(hdev, "Secure boot is %s", 502 version->secure_boot ? "enabled" : "disabled"); 503 bt_dev_info(hdev, "OTP lock is %s", 504 version->otp_lock ? "enabled" : "disabled"); 505 bt_dev_info(hdev, "API lock is %s", 506 version->api_lock ? "enabled" : "disabled"); 507 bt_dev_info(hdev, "Debug lock is %s", 508 version->debug_lock ? "enabled" : "disabled"); 509 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 510 version->min_fw_build_nn, version->min_fw_build_cw, 511 2000 + version->min_fw_build_yy); 512 break; 513 case 0x03: 514 variant = "Firmware"; 515 break; 516 default: 517 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type); 518 return -EINVAL; 519 } 520 521 coredump_info.hw_variant = INTEL_HW_VARIANT(version->cnvi_bt); 522 coredump_info.fw_build_num = version->build_num; 523 524 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant, 525 2000 + (version->timestamp >> 8), version->timestamp & 0xff, 526 version->build_type, version->build_num); 527 528 return 0; 529 } 530 531 static int btintel_parse_version_tlv(struct hci_dev *hdev, 532 struct intel_version_tlv *version, 533 struct sk_buff *skb) 534 { 535 /* Consume Command Complete Status field */ 536 skb_pull(skb, 1); 537 538 /* Event parameters contatin multiple TLVs. Read each of them 539 * and only keep the required data. Also, it use existing legacy 540 * version field like hw_platform, hw_variant, and fw_variant 541 * to keep the existing setup flow 542 */ 543 while (skb->len) { 544 struct intel_tlv *tlv; 545 546 /* Make sure skb has a minimum length of the header */ 547 if (skb->len < sizeof(*tlv)) 548 return -EINVAL; 549 550 tlv = (struct intel_tlv *)skb->data; 551 552 /* Make sure skb has a enough data */ 553 if (skb->len < tlv->len + sizeof(*tlv)) 554 return -EINVAL; 555 556 switch (tlv->type) { 557 case INTEL_TLV_CNVI_TOP: 558 version->cnvi_top = get_unaligned_le32(tlv->val); 559 break; 560 case INTEL_TLV_CNVR_TOP: 561 version->cnvr_top = get_unaligned_le32(tlv->val); 562 break; 563 case INTEL_TLV_CNVI_BT: 564 version->cnvi_bt = get_unaligned_le32(tlv->val); 565 break; 566 case INTEL_TLV_CNVR_BT: 567 version->cnvr_bt = get_unaligned_le32(tlv->val); 568 break; 569 case INTEL_TLV_DEV_REV_ID: 570 version->dev_rev_id = get_unaligned_le16(tlv->val); 571 break; 572 case INTEL_TLV_IMAGE_TYPE: 573 version->img_type = tlv->val[0]; 574 break; 575 case INTEL_TLV_TIME_STAMP: 576 /* If image type is Operational firmware (0x03), then 577 * running FW Calendar Week and Year information can 578 * be extracted from Timestamp information 579 */ 580 version->min_fw_build_cw = tlv->val[0]; 581 version->min_fw_build_yy = tlv->val[1]; 582 version->timestamp = get_unaligned_le16(tlv->val); 583 break; 584 case INTEL_TLV_BUILD_TYPE: 585 version->build_type = tlv->val[0]; 586 break; 587 case INTEL_TLV_BUILD_NUM: 588 /* If image type is Operational firmware (0x03), then 589 * running FW build number can be extracted from the 590 * Build information 591 */ 592 version->min_fw_build_nn = tlv->val[0]; 593 version->build_num = get_unaligned_le32(tlv->val); 594 break; 595 case INTEL_TLV_SECURE_BOOT: 596 version->secure_boot = tlv->val[0]; 597 break; 598 case INTEL_TLV_OTP_LOCK: 599 version->otp_lock = tlv->val[0]; 600 break; 601 case INTEL_TLV_API_LOCK: 602 version->api_lock = tlv->val[0]; 603 break; 604 case INTEL_TLV_DEBUG_LOCK: 605 version->debug_lock = tlv->val[0]; 606 break; 607 case INTEL_TLV_MIN_FW: 608 version->min_fw_build_nn = tlv->val[0]; 609 version->min_fw_build_cw = tlv->val[1]; 610 version->min_fw_build_yy = tlv->val[2]; 611 break; 612 case INTEL_TLV_LIMITED_CCE: 613 version->limited_cce = tlv->val[0]; 614 break; 615 case INTEL_TLV_SBE_TYPE: 616 version->sbe_type = tlv->val[0]; 617 break; 618 case INTEL_TLV_OTP_BDADDR: 619 memcpy(&version->otp_bd_addr, tlv->val, 620 sizeof(bdaddr_t)); 621 break; 622 default: 623 /* Ignore rest of information */ 624 break; 625 } 626 /* consume the current tlv and move to next*/ 627 skb_pull(skb, tlv->len + sizeof(*tlv)); 628 } 629 630 return 0; 631 } 632 633 static int btintel_read_version_tlv(struct hci_dev *hdev, 634 struct intel_version_tlv *version) 635 { 636 struct sk_buff *skb; 637 const u8 param[1] = { 0xFF }; 638 639 if (!version) 640 return -EINVAL; 641 642 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 643 if (IS_ERR(skb)) { 644 bt_dev_err(hdev, "Reading Intel version information failed (%ld)", 645 PTR_ERR(skb)); 646 return PTR_ERR(skb); 647 } 648 649 if (skb->data[0]) { 650 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 651 skb->data[0]); 652 kfree_skb(skb); 653 return -EIO; 654 } 655 656 btintel_parse_version_tlv(hdev, version, skb); 657 658 kfree_skb(skb); 659 return 0; 660 } 661 662 /* ------- REGMAP IBT SUPPORT ------- */ 663 664 #define IBT_REG_MODE_8BIT 0x00 665 #define IBT_REG_MODE_16BIT 0x01 666 #define IBT_REG_MODE_32BIT 0x02 667 668 struct regmap_ibt_context { 669 struct hci_dev *hdev; 670 __u16 op_write; 671 __u16 op_read; 672 }; 673 674 struct ibt_cp_reg_access { 675 __le32 addr; 676 __u8 mode; 677 __u8 len; 678 __u8 data[]; 679 } __packed; 680 681 struct ibt_rp_reg_access { 682 __u8 status; 683 __le32 addr; 684 __u8 data[]; 685 } __packed; 686 687 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size, 688 void *val, size_t val_size) 689 { 690 struct regmap_ibt_context *ctx = context; 691 struct ibt_cp_reg_access cp; 692 struct ibt_rp_reg_access *rp; 693 struct sk_buff *skb; 694 int err = 0; 695 696 if (reg_size != sizeof(__le32)) 697 return -EINVAL; 698 699 switch (val_size) { 700 case 1: 701 cp.mode = IBT_REG_MODE_8BIT; 702 break; 703 case 2: 704 cp.mode = IBT_REG_MODE_16BIT; 705 break; 706 case 4: 707 cp.mode = IBT_REG_MODE_32BIT; 708 break; 709 default: 710 return -EINVAL; 711 } 712 713 /* regmap provides a little-endian formatted addr */ 714 cp.addr = *(__le32 *)addr; 715 cp.len = val_size; 716 717 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr)); 718 719 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp, 720 HCI_CMD_TIMEOUT); 721 if (IS_ERR(skb)) { 722 err = PTR_ERR(skb); 723 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)", 724 le32_to_cpu(cp.addr), err); 725 return err; 726 } 727 728 if (skb->len != sizeof(*rp) + val_size) { 729 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len", 730 le32_to_cpu(cp.addr)); 731 err = -EINVAL; 732 goto done; 733 } 734 735 rp = (struct ibt_rp_reg_access *)skb->data; 736 737 if (rp->addr != cp.addr) { 738 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr", 739 le32_to_cpu(rp->addr)); 740 err = -EINVAL; 741 goto done; 742 } 743 744 memcpy(val, rp->data, val_size); 745 746 done: 747 kfree_skb(skb); 748 return err; 749 } 750 751 static int regmap_ibt_gather_write(void *context, 752 const void *addr, size_t reg_size, 753 const void *val, size_t val_size) 754 { 755 struct regmap_ibt_context *ctx = context; 756 struct ibt_cp_reg_access *cp; 757 struct sk_buff *skb; 758 int plen = sizeof(*cp) + val_size; 759 u8 mode; 760 int err = 0; 761 762 if (reg_size != sizeof(__le32)) 763 return -EINVAL; 764 765 switch (val_size) { 766 case 1: 767 mode = IBT_REG_MODE_8BIT; 768 break; 769 case 2: 770 mode = IBT_REG_MODE_16BIT; 771 break; 772 case 4: 773 mode = IBT_REG_MODE_32BIT; 774 break; 775 default: 776 return -EINVAL; 777 } 778 779 cp = kmalloc(plen, GFP_KERNEL); 780 if (!cp) 781 return -ENOMEM; 782 783 /* regmap provides a little-endian formatted addr/value */ 784 cp->addr = *(__le32 *)addr; 785 cp->mode = mode; 786 cp->len = val_size; 787 memcpy(&cp->data, val, val_size); 788 789 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr)); 790 791 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT); 792 if (IS_ERR(skb)) { 793 err = PTR_ERR(skb); 794 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)", 795 le32_to_cpu(cp->addr), err); 796 goto done; 797 } 798 kfree_skb(skb); 799 800 done: 801 kfree(cp); 802 return err; 803 } 804 805 static int regmap_ibt_write(void *context, const void *data, size_t count) 806 { 807 /* data contains register+value, since we only support 32bit addr, 808 * minimum data size is 4 bytes. 809 */ 810 if (WARN_ONCE(count < 4, "Invalid register access")) 811 return -EINVAL; 812 813 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4); 814 } 815 816 static void regmap_ibt_free_context(void *context) 817 { 818 kfree(context); 819 } 820 821 static const struct regmap_bus regmap_ibt = { 822 .read = regmap_ibt_read, 823 .write = regmap_ibt_write, 824 .gather_write = regmap_ibt_gather_write, 825 .free_context = regmap_ibt_free_context, 826 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE, 827 .val_format_endian_default = REGMAP_ENDIAN_LITTLE, 828 }; 829 830 /* Config is the same for all register regions */ 831 static const struct regmap_config regmap_ibt_cfg = { 832 .name = "btintel_regmap", 833 .reg_bits = 32, 834 .val_bits = 32, 835 }; 836 837 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read, 838 u16 opcode_write) 839 { 840 struct regmap_ibt_context *ctx; 841 842 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read, 843 opcode_write); 844 845 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 846 if (!ctx) 847 return ERR_PTR(-ENOMEM); 848 849 ctx->op_read = opcode_read; 850 ctx->op_write = opcode_write; 851 ctx->hdev = hdev; 852 853 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg); 854 } 855 EXPORT_SYMBOL_GPL(btintel_regmap_init); 856 857 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param) 858 { 859 struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 }; 860 struct sk_buff *skb; 861 862 params.boot_param = cpu_to_le32(boot_param); 863 864 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms, 865 HCI_INIT_TIMEOUT); 866 if (IS_ERR(skb)) { 867 bt_dev_err(hdev, "Failed to send Intel Reset command"); 868 return PTR_ERR(skb); 869 } 870 871 kfree_skb(skb); 872 873 return 0; 874 } 875 EXPORT_SYMBOL_GPL(btintel_send_intel_reset); 876 877 int btintel_read_boot_params(struct hci_dev *hdev, 878 struct intel_boot_params *params) 879 { 880 struct sk_buff *skb; 881 882 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT); 883 if (IS_ERR(skb)) { 884 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)", 885 PTR_ERR(skb)); 886 return PTR_ERR(skb); 887 } 888 889 if (skb->len != sizeof(*params)) { 890 bt_dev_err(hdev, "Intel boot parameters size mismatch"); 891 kfree_skb(skb); 892 return -EILSEQ; 893 } 894 895 memcpy(params, skb->data, sizeof(*params)); 896 897 kfree_skb(skb); 898 899 if (params->status) { 900 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)", 901 params->status); 902 return -bt_to_errno(params->status); 903 } 904 905 bt_dev_info(hdev, "Device revision is %u", 906 le16_to_cpu(params->dev_revid)); 907 908 bt_dev_info(hdev, "Secure boot is %s", 909 params->secure_boot ? "enabled" : "disabled"); 910 911 bt_dev_info(hdev, "OTP lock is %s", 912 params->otp_lock ? "enabled" : "disabled"); 913 914 bt_dev_info(hdev, "API lock is %s", 915 params->api_lock ? "enabled" : "disabled"); 916 917 bt_dev_info(hdev, "Debug lock is %s", 918 params->debug_lock ? "enabled" : "disabled"); 919 920 bt_dev_info(hdev, "Minimum firmware build %u week %u %u", 921 params->min_fw_build_nn, params->min_fw_build_cw, 922 2000 + params->min_fw_build_yy); 923 924 return 0; 925 } 926 EXPORT_SYMBOL_GPL(btintel_read_boot_params); 927 928 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev, 929 const struct firmware *fw) 930 { 931 int err; 932 933 /* Start the firmware download transaction with the Init fragment 934 * represented by the 128 bytes of CSS header. 935 */ 936 err = btintel_secure_send(hdev, 0x00, 128, fw->data); 937 if (err < 0) { 938 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 939 goto done; 940 } 941 942 /* Send the 256 bytes of public key information from the firmware 943 * as the PKey fragment. 944 */ 945 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128); 946 if (err < 0) { 947 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 948 goto done; 949 } 950 951 /* Send the 256 bytes of signature information from the firmware 952 * as the Sign fragment. 953 */ 954 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388); 955 if (err < 0) { 956 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err); 957 goto done; 958 } 959 960 done: 961 return err; 962 } 963 964 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev, 965 const struct firmware *fw) 966 { 967 int err; 968 969 /* Start the firmware download transaction with the Init fragment 970 * represented by the 128 bytes of CSS header. 971 */ 972 err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644); 973 if (err < 0) { 974 bt_dev_err(hdev, "Failed to send firmware header (%d)", err); 975 return err; 976 } 977 978 /* Send the 96 bytes of public key information from the firmware 979 * as the PKey fragment. 980 */ 981 err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128); 982 if (err < 0) { 983 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err); 984 return err; 985 } 986 987 /* Send the 96 bytes of signature information from the firmware 988 * as the Sign fragment 989 */ 990 err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224); 991 if (err < 0) { 992 bt_dev_err(hdev, "Failed to send firmware signature (%d)", 993 err); 994 return err; 995 } 996 return 0; 997 } 998 999 static int btintel_download_firmware_payload(struct hci_dev *hdev, 1000 const struct firmware *fw, 1001 size_t offset) 1002 { 1003 int err; 1004 const u8 *fw_ptr; 1005 u32 frag_len; 1006 1007 fw_ptr = fw->data + offset; 1008 frag_len = 0; 1009 err = -EINVAL; 1010 1011 while (fw_ptr - fw->data < fw->size) { 1012 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len); 1013 1014 frag_len += sizeof(*cmd) + cmd->plen; 1015 1016 /* The parameter length of the secure send command requires 1017 * a 4 byte alignment. It happens so that the firmware file 1018 * contains proper Intel_NOP commands to align the fragments 1019 * as needed. 1020 * 1021 * Send set of commands with 4 byte alignment from the 1022 * firmware data buffer as a single Data fragement. 1023 */ 1024 if (!(frag_len % 4)) { 1025 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr); 1026 if (err < 0) { 1027 bt_dev_err(hdev, 1028 "Failed to send firmware data (%d)", 1029 err); 1030 goto done; 1031 } 1032 1033 fw_ptr += frag_len; 1034 frag_len = 0; 1035 } 1036 } 1037 1038 done: 1039 return err; 1040 } 1041 1042 static bool btintel_firmware_version(struct hci_dev *hdev, 1043 u8 num, u8 ww, u8 yy, 1044 const struct firmware *fw, 1045 u32 *boot_addr) 1046 { 1047 const u8 *fw_ptr; 1048 1049 fw_ptr = fw->data; 1050 1051 while (fw_ptr - fw->data < fw->size) { 1052 struct hci_command_hdr *cmd = (void *)(fw_ptr); 1053 1054 /* Each SKU has a different reset parameter to use in the 1055 * HCI_Intel_Reset command and it is embedded in the firmware 1056 * data. So, instead of using static value per SKU, check 1057 * the firmware data and save it for later use. 1058 */ 1059 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) { 1060 struct cmd_write_boot_params *params; 1061 1062 params = (void *)(fw_ptr + sizeof(*cmd)); 1063 1064 *boot_addr = le32_to_cpu(params->boot_addr); 1065 1066 bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr); 1067 1068 bt_dev_info(hdev, "Firmware Version: %u-%u.%u", 1069 params->fw_build_num, params->fw_build_ww, 1070 params->fw_build_yy); 1071 1072 return (num == params->fw_build_num && 1073 ww == params->fw_build_ww && 1074 yy == params->fw_build_yy); 1075 } 1076 1077 fw_ptr += sizeof(*cmd) + cmd->plen; 1078 } 1079 1080 return false; 1081 } 1082 1083 int btintel_download_firmware(struct hci_dev *hdev, 1084 struct intel_version *ver, 1085 const struct firmware *fw, 1086 u32 *boot_param) 1087 { 1088 int err; 1089 1090 /* SfP and WsP don't seem to update the firmware version on file 1091 * so version checking is currently not possible. 1092 */ 1093 switch (ver->hw_variant) { 1094 case 0x0b: /* SfP */ 1095 case 0x0c: /* WsP */ 1096 /* Skip version checking */ 1097 break; 1098 default: 1099 1100 /* Skip download if firmware has the same version */ 1101 if (btintel_firmware_version(hdev, ver->fw_build_num, 1102 ver->fw_build_ww, ver->fw_build_yy, 1103 fw, boot_param)) { 1104 bt_dev_info(hdev, "Firmware already loaded"); 1105 /* Return -EALREADY to indicate that the firmware has 1106 * already been loaded. 1107 */ 1108 return -EALREADY; 1109 } 1110 } 1111 1112 /* The firmware variant determines if the device is in bootloader 1113 * mode or is running operational firmware. The value 0x06 identifies 1114 * the bootloader and the value 0x23 identifies the operational 1115 * firmware. 1116 * 1117 * If the firmware version has changed that means it needs to be reset 1118 * to bootloader when operational so the new firmware can be loaded. 1119 */ 1120 if (ver->fw_variant == 0x23) 1121 return -EINVAL; 1122 1123 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1124 if (err) 1125 return err; 1126 1127 return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1128 } 1129 EXPORT_SYMBOL_GPL(btintel_download_firmware); 1130 1131 static int btintel_download_fw_tlv(struct hci_dev *hdev, 1132 struct intel_version_tlv *ver, 1133 const struct firmware *fw, u32 *boot_param, 1134 u8 hw_variant, u8 sbe_type) 1135 { 1136 int err; 1137 u32 css_header_ver; 1138 1139 /* Skip download if firmware has the same version */ 1140 if (btintel_firmware_version(hdev, ver->min_fw_build_nn, 1141 ver->min_fw_build_cw, 1142 ver->min_fw_build_yy, 1143 fw, boot_param)) { 1144 bt_dev_info(hdev, "Firmware already loaded"); 1145 /* Return -EALREADY to indicate that firmware has 1146 * already been loaded. 1147 */ 1148 return -EALREADY; 1149 } 1150 1151 /* The firmware variant determines if the device is in bootloader 1152 * mode or is running operational firmware. The value 0x01 identifies 1153 * the bootloader and the value 0x03 identifies the operational 1154 * firmware. 1155 * 1156 * If the firmware version has changed that means it needs to be reset 1157 * to bootloader when operational so the new firmware can be loaded. 1158 */ 1159 if (ver->img_type == 0x03) 1160 return -EINVAL; 1161 1162 /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support 1163 * only RSA secure boot engine. Hence, the corresponding sfi file will 1164 * have RSA header of 644 bytes followed by Command Buffer. 1165 * 1166 * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA 1167 * secure boot engine. As a result, the corresponding sfi file will 1168 * have RSA header of 644, ECDSA header of 320 bytes followed by 1169 * Command Buffer. 1170 * 1171 * CSS Header byte positions 0x08 to 0x0B represent the CSS Header 1172 * version: RSA(0x00010000) , ECDSA (0x00020000) 1173 */ 1174 css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET); 1175 if (css_header_ver != 0x00010000) { 1176 bt_dev_err(hdev, "Invalid CSS Header version"); 1177 return -EINVAL; 1178 } 1179 1180 if (hw_variant <= 0x14) { 1181 if (sbe_type != 0x00) { 1182 bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)", 1183 hw_variant); 1184 return -EINVAL; 1185 } 1186 1187 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1188 if (err) 1189 return err; 1190 1191 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN); 1192 if (err) 1193 return err; 1194 } else if (hw_variant >= 0x17) { 1195 /* Check if CSS header for ECDSA follows the RSA header */ 1196 if (fw->data[ECDSA_OFFSET] != 0x06) 1197 return -EINVAL; 1198 1199 /* Check if the CSS Header version is ECDSA(0x00020000) */ 1200 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET); 1201 if (css_header_ver != 0x00020000) { 1202 bt_dev_err(hdev, "Invalid CSS Header version"); 1203 return -EINVAL; 1204 } 1205 1206 if (sbe_type == 0x00) { 1207 err = btintel_sfi_rsa_header_secure_send(hdev, fw); 1208 if (err) 1209 return err; 1210 1211 err = btintel_download_firmware_payload(hdev, fw, 1212 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1213 if (err) 1214 return err; 1215 } else if (sbe_type == 0x01) { 1216 err = btintel_sfi_ecdsa_header_secure_send(hdev, fw); 1217 if (err) 1218 return err; 1219 1220 err = btintel_download_firmware_payload(hdev, fw, 1221 RSA_HEADER_LEN + ECDSA_HEADER_LEN); 1222 if (err) 1223 return err; 1224 } 1225 } 1226 return 0; 1227 } 1228 1229 static void btintel_reset_to_bootloader(struct hci_dev *hdev) 1230 { 1231 struct intel_reset params; 1232 struct sk_buff *skb; 1233 1234 /* Send Intel Reset command. This will result in 1235 * re-enumeration of BT controller. 1236 * 1237 * Intel Reset parameter description: 1238 * reset_type : 0x00 (Soft reset), 1239 * 0x01 (Hard reset) 1240 * patch_enable : 0x00 (Do not enable), 1241 * 0x01 (Enable) 1242 * ddc_reload : 0x00 (Do not reload), 1243 * 0x01 (Reload) 1244 * boot_option: 0x00 (Current image), 1245 * 0x01 (Specified boot address) 1246 * boot_param: Boot address 1247 * 1248 */ 1249 params.reset_type = 0x01; 1250 params.patch_enable = 0x01; 1251 params.ddc_reload = 0x01; 1252 params.boot_option = 0x00; 1253 params.boot_param = cpu_to_le32(0x00000000); 1254 1255 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), 1256 ¶ms, HCI_INIT_TIMEOUT); 1257 if (IS_ERR(skb)) { 1258 bt_dev_err(hdev, "FW download error recovery failed (%ld)", 1259 PTR_ERR(skb)); 1260 return; 1261 } 1262 bt_dev_info(hdev, "Intel reset sent to retry FW download"); 1263 kfree_skb(skb); 1264 1265 /* Current Intel BT controllers(ThP/JfP) hold the USB reset 1266 * lines for 2ms when it receives Intel Reset in bootloader mode. 1267 * Whereas, the upcoming Intel BT controllers will hold USB reset 1268 * for 150ms. To keep the delay generic, 150ms is chosen here. 1269 */ 1270 msleep(150); 1271 } 1272 1273 static int btintel_read_debug_features(struct hci_dev *hdev, 1274 struct intel_debug_features *features) 1275 { 1276 struct sk_buff *skb; 1277 u8 page_no = 1; 1278 1279 /* Intel controller supports two pages, each page is of 128-bit 1280 * feature bit mask. And each bit defines specific feature support 1281 */ 1282 skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no, 1283 HCI_INIT_TIMEOUT); 1284 if (IS_ERR(skb)) { 1285 bt_dev_err(hdev, "Reading supported features failed (%ld)", 1286 PTR_ERR(skb)); 1287 return PTR_ERR(skb); 1288 } 1289 1290 if (skb->len != (sizeof(features->page1) + 3)) { 1291 bt_dev_err(hdev, "Supported features event size mismatch"); 1292 kfree_skb(skb); 1293 return -EILSEQ; 1294 } 1295 1296 memcpy(features->page1, skb->data + 3, sizeof(features->page1)); 1297 1298 /* Read the supported features page2 if required in future. 1299 */ 1300 kfree_skb(skb); 1301 return 0; 1302 } 1303 1304 static acpi_status btintel_ppag_callback(acpi_handle handle, u32 lvl, void *data, 1305 void **ret) 1306 { 1307 acpi_status status; 1308 size_t len; 1309 struct btintel_ppag *ppag = data; 1310 union acpi_object *p, *elements; 1311 struct acpi_buffer string = {ACPI_ALLOCATE_BUFFER, NULL}; 1312 struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL}; 1313 struct hci_dev *hdev = ppag->hdev; 1314 1315 status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &string); 1316 if (ACPI_FAILURE(status)) { 1317 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); 1318 return status; 1319 } 1320 1321 len = strlen(string.pointer); 1322 if (len < strlen(BTINTEL_PPAG_NAME)) { 1323 kfree(string.pointer); 1324 return AE_OK; 1325 } 1326 1327 if (strncmp((char *)string.pointer + len - 4, BTINTEL_PPAG_NAME, 4)) { 1328 kfree(string.pointer); 1329 return AE_OK; 1330 } 1331 kfree(string.pointer); 1332 1333 status = acpi_evaluate_object(handle, NULL, NULL, &buffer); 1334 if (ACPI_FAILURE(status)) { 1335 ppag->status = status; 1336 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status)); 1337 return status; 1338 } 1339 1340 p = buffer.pointer; 1341 ppag = (struct btintel_ppag *)data; 1342 1343 if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) { 1344 kfree(buffer.pointer); 1345 bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d", 1346 p->type, p->package.count); 1347 ppag->status = AE_ERROR; 1348 return AE_ERROR; 1349 } 1350 1351 elements = p->package.elements; 1352 1353 /* PPAG table is located at element[1] */ 1354 p = &elements[1]; 1355 1356 ppag->domain = (u32)p->package.elements[0].integer.value; 1357 ppag->mode = (u32)p->package.elements[1].integer.value; 1358 ppag->status = AE_OK; 1359 kfree(buffer.pointer); 1360 return AE_CTRL_TERMINATE; 1361 } 1362 1363 static int btintel_set_debug_features(struct hci_dev *hdev, 1364 const struct intel_debug_features *features) 1365 { 1366 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00, 1367 0x00, 0x00, 0x00 }; 1368 u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 }; 1369 u8 trace_enable = 0x02; 1370 struct sk_buff *skb; 1371 1372 if (!features) { 1373 bt_dev_warn(hdev, "Debug features not read"); 1374 return -EINVAL; 1375 } 1376 1377 if (!(features->page1[0] & 0x3f)) { 1378 bt_dev_info(hdev, "Telemetry exception format not supported"); 1379 return 0; 1380 } 1381 1382 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1383 if (IS_ERR(skb)) { 1384 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1385 PTR_ERR(skb)); 1386 return PTR_ERR(skb); 1387 } 1388 kfree_skb(skb); 1389 1390 skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT); 1391 if (IS_ERR(skb)) { 1392 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)", 1393 PTR_ERR(skb)); 1394 return PTR_ERR(skb); 1395 } 1396 kfree_skb(skb); 1397 1398 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1399 if (IS_ERR(skb)) { 1400 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)", 1401 PTR_ERR(skb)); 1402 return PTR_ERR(skb); 1403 } 1404 kfree_skb(skb); 1405 1406 bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x", 1407 trace_enable, mask[3]); 1408 1409 return 0; 1410 } 1411 1412 static int btintel_reset_debug_features(struct hci_dev *hdev, 1413 const struct intel_debug_features *features) 1414 { 1415 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 1416 0x00, 0x00, 0x00 }; 1417 u8 trace_enable = 0x00; 1418 struct sk_buff *skb; 1419 1420 if (!features) { 1421 bt_dev_warn(hdev, "Debug features not read"); 1422 return -EINVAL; 1423 } 1424 1425 if (!(features->page1[0] & 0x3f)) { 1426 bt_dev_info(hdev, "Telemetry exception format not supported"); 1427 return 0; 1428 } 1429 1430 /* Should stop the trace before writing ddc event mask. */ 1431 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT); 1432 if (IS_ERR(skb)) { 1433 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)", 1434 PTR_ERR(skb)); 1435 return PTR_ERR(skb); 1436 } 1437 kfree_skb(skb); 1438 1439 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 1440 if (IS_ERR(skb)) { 1441 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 1442 PTR_ERR(skb)); 1443 return PTR_ERR(skb); 1444 } 1445 kfree_skb(skb); 1446 1447 bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x", 1448 trace_enable, mask[3]); 1449 1450 return 0; 1451 } 1452 1453 int btintel_set_quality_report(struct hci_dev *hdev, bool enable) 1454 { 1455 struct intel_debug_features features; 1456 int err; 1457 1458 bt_dev_dbg(hdev, "enable %d", enable); 1459 1460 /* Read the Intel supported features and if new exception formats 1461 * supported, need to load the additional DDC config to enable. 1462 */ 1463 err = btintel_read_debug_features(hdev, &features); 1464 if (err) 1465 return err; 1466 1467 /* Set or reset the debug features. */ 1468 if (enable) 1469 err = btintel_set_debug_features(hdev, &features); 1470 else 1471 err = btintel_reset_debug_features(hdev, &features); 1472 1473 return err; 1474 } 1475 EXPORT_SYMBOL_GPL(btintel_set_quality_report); 1476 1477 static void btintel_coredump(struct hci_dev *hdev) 1478 { 1479 struct sk_buff *skb; 1480 1481 skb = __hci_cmd_sync(hdev, 0xfc4e, 0, NULL, HCI_CMD_TIMEOUT); 1482 if (IS_ERR(skb)) { 1483 bt_dev_err(hdev, "Coredump failed (%ld)", PTR_ERR(skb)); 1484 return; 1485 } 1486 1487 kfree_skb(skb); 1488 } 1489 1490 static void btintel_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb) 1491 { 1492 char buf[80]; 1493 1494 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n", 1495 coredump_info.hw_variant); 1496 skb_put_data(skb, buf, strlen(buf)); 1497 1498 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n", 1499 coredump_info.fw_build_num); 1500 skb_put_data(skb, buf, strlen(buf)); 1501 1502 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info.driver_name); 1503 skb_put_data(skb, buf, strlen(buf)); 1504 1505 snprintf(buf, sizeof(buf), "Vendor: Intel\n"); 1506 skb_put_data(skb, buf, strlen(buf)); 1507 } 1508 1509 static int btintel_register_devcoredump_support(struct hci_dev *hdev) 1510 { 1511 struct intel_debug_features features; 1512 int err; 1513 1514 err = btintel_read_debug_features(hdev, &features); 1515 if (err) { 1516 bt_dev_info(hdev, "Error reading debug features"); 1517 return err; 1518 } 1519 1520 if (!(features.page1[0] & 0x3f)) { 1521 bt_dev_dbg(hdev, "Telemetry exception format not supported"); 1522 return -EOPNOTSUPP; 1523 } 1524 1525 hci_devcd_register(hdev, btintel_coredump, btintel_dmp_hdr, NULL); 1526 1527 return err; 1528 } 1529 1530 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev, 1531 struct intel_version *ver) 1532 { 1533 const struct firmware *fw; 1534 char fwname[64]; 1535 int ret; 1536 1537 snprintf(fwname, sizeof(fwname), 1538 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq", 1539 ver->hw_platform, ver->hw_variant, ver->hw_revision, 1540 ver->fw_variant, ver->fw_revision, ver->fw_build_num, 1541 ver->fw_build_ww, ver->fw_build_yy); 1542 1543 ret = request_firmware(&fw, fwname, &hdev->dev); 1544 if (ret < 0) { 1545 if (ret == -EINVAL) { 1546 bt_dev_err(hdev, "Intel firmware file request failed (%d)", 1547 ret); 1548 return NULL; 1549 } 1550 1551 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)", 1552 fwname, ret); 1553 1554 /* If the correct firmware patch file is not found, use the 1555 * default firmware patch file instead 1556 */ 1557 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1558 ver->hw_platform, ver->hw_variant); 1559 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1560 bt_dev_err(hdev, "failed to open default fw file: %s", 1561 fwname); 1562 return NULL; 1563 } 1564 } 1565 1566 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname); 1567 1568 return fw; 1569 } 1570 1571 static int btintel_legacy_rom_patching(struct hci_dev *hdev, 1572 const struct firmware *fw, 1573 const u8 **fw_ptr, int *disable_patch) 1574 { 1575 struct sk_buff *skb; 1576 struct hci_command_hdr *cmd; 1577 const u8 *cmd_param; 1578 struct hci_event_hdr *evt = NULL; 1579 const u8 *evt_param = NULL; 1580 int remain = fw->size - (*fw_ptr - fw->data); 1581 1582 /* The first byte indicates the types of the patch command or event. 1583 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes 1584 * in the current firmware buffer doesn't start with 0x01 or 1585 * the size of remain buffer is smaller than HCI command header, 1586 * the firmware file is corrupted and it should stop the patching 1587 * process. 1588 */ 1589 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1590 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read"); 1591 return -EINVAL; 1592 } 1593 (*fw_ptr)++; 1594 remain--; 1595 1596 cmd = (struct hci_command_hdr *)(*fw_ptr); 1597 *fw_ptr += sizeof(*cmd); 1598 remain -= sizeof(*cmd); 1599 1600 /* Ensure that the remain firmware data is long enough than the length 1601 * of command parameter. If not, the firmware file is corrupted. 1602 */ 1603 if (remain < cmd->plen) { 1604 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len"); 1605 return -EFAULT; 1606 } 1607 1608 /* If there is a command that loads a patch in the firmware 1609 * file, then enable the patch upon success, otherwise just 1610 * disable the manufacturer mode, for example patch activation 1611 * is not required when the default firmware patch file is used 1612 * because there are no patch data to load. 1613 */ 1614 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e) 1615 *disable_patch = 0; 1616 1617 cmd_param = *fw_ptr; 1618 *fw_ptr += cmd->plen; 1619 remain -= cmd->plen; 1620 1621 /* This reads the expected events when the above command is sent to the 1622 * device. Some vendor commands expects more than one events, for 1623 * example command status event followed by vendor specific event. 1624 * For this case, it only keeps the last expected event. so the command 1625 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of 1626 * last expected event. 1627 */ 1628 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) { 1629 (*fw_ptr)++; 1630 remain--; 1631 1632 evt = (struct hci_event_hdr *)(*fw_ptr); 1633 *fw_ptr += sizeof(*evt); 1634 remain -= sizeof(*evt); 1635 1636 if (remain < evt->plen) { 1637 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len"); 1638 return -EFAULT; 1639 } 1640 1641 evt_param = *fw_ptr; 1642 *fw_ptr += evt->plen; 1643 remain -= evt->plen; 1644 } 1645 1646 /* Every HCI commands in the firmware file has its correspond event. 1647 * If event is not found or remain is smaller than zero, the firmware 1648 * file is corrupted. 1649 */ 1650 if (!evt || !evt_param || remain < 0) { 1651 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read"); 1652 return -EFAULT; 1653 } 1654 1655 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1656 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1657 if (IS_ERR(skb)) { 1658 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)", 1659 cmd->opcode, PTR_ERR(skb)); 1660 return PTR_ERR(skb); 1661 } 1662 1663 /* It ensures that the returned event matches the event data read from 1664 * the firmware file. At fist, it checks the length and then 1665 * the contents of the event. 1666 */ 1667 if (skb->len != evt->plen) { 1668 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)", 1669 le16_to_cpu(cmd->opcode)); 1670 kfree_skb(skb); 1671 return -EFAULT; 1672 } 1673 1674 if (memcmp(skb->data, evt_param, evt->plen)) { 1675 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)", 1676 le16_to_cpu(cmd->opcode)); 1677 kfree_skb(skb); 1678 return -EFAULT; 1679 } 1680 kfree_skb(skb); 1681 1682 return 0; 1683 } 1684 1685 static int btintel_legacy_rom_setup(struct hci_dev *hdev, 1686 struct intel_version *ver) 1687 { 1688 const struct firmware *fw; 1689 const u8 *fw_ptr; 1690 int disable_patch, err; 1691 struct intel_version new_ver; 1692 1693 BT_DBG("%s", hdev->name); 1694 1695 /* fw_patch_num indicates the version of patch the device currently 1696 * have. If there is no patch data in the device, it is always 0x00. 1697 * So, if it is other than 0x00, no need to patch the device again. 1698 */ 1699 if (ver->fw_patch_num) { 1700 bt_dev_info(hdev, 1701 "Intel device is already patched. patch num: %02x", 1702 ver->fw_patch_num); 1703 goto complete; 1704 } 1705 1706 /* Opens the firmware patch file based on the firmware version read 1707 * from the controller. If it fails to open the matching firmware 1708 * patch file, it tries to open the default firmware patch file. 1709 * If no patch file is found, allow the device to operate without 1710 * a patch. 1711 */ 1712 fw = btintel_legacy_rom_get_fw(hdev, ver); 1713 if (!fw) 1714 goto complete; 1715 fw_ptr = fw->data; 1716 1717 /* Enable the manufacturer mode of the controller. 1718 * Only while this mode is enabled, the driver can download the 1719 * firmware patch data and configuration parameters. 1720 */ 1721 err = btintel_enter_mfg(hdev); 1722 if (err) { 1723 release_firmware(fw); 1724 return err; 1725 } 1726 1727 disable_patch = 1; 1728 1729 /* The firmware data file consists of list of Intel specific HCI 1730 * commands and its expected events. The first byte indicates the 1731 * type of the message, either HCI command or HCI event. 1732 * 1733 * It reads the command and its expected event from the firmware file, 1734 * and send to the controller. Once __hci_cmd_sync_ev() returns, 1735 * the returned event is compared with the event read from the firmware 1736 * file and it will continue until all the messages are downloaded to 1737 * the controller. 1738 * 1739 * Once the firmware patching is completed successfully, 1740 * the manufacturer mode is disabled with reset and activating the 1741 * downloaded patch. 1742 * 1743 * If the firmware patching fails, the manufacturer mode is 1744 * disabled with reset and deactivating the patch. 1745 * 1746 * If the default patch file is used, no reset is done when disabling 1747 * the manufacturer. 1748 */ 1749 while (fw->size > fw_ptr - fw->data) { 1750 int ret; 1751 1752 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr, 1753 &disable_patch); 1754 if (ret < 0) 1755 goto exit_mfg_deactivate; 1756 } 1757 1758 release_firmware(fw); 1759 1760 if (disable_patch) 1761 goto exit_mfg_disable; 1762 1763 /* Patching completed successfully and disable the manufacturer mode 1764 * with reset and activate the downloaded firmware patches. 1765 */ 1766 err = btintel_exit_mfg(hdev, true, true); 1767 if (err) 1768 return err; 1769 1770 /* Need build number for downloaded fw patches in 1771 * every power-on boot 1772 */ 1773 err = btintel_read_version(hdev, &new_ver); 1774 if (err) 1775 return err; 1776 1777 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated", 1778 new_ver.fw_patch_num); 1779 1780 goto complete; 1781 1782 exit_mfg_disable: 1783 /* Disable the manufacturer mode without reset */ 1784 err = btintel_exit_mfg(hdev, false, false); 1785 if (err) 1786 return err; 1787 1788 bt_dev_info(hdev, "Intel firmware patch completed"); 1789 1790 goto complete; 1791 1792 exit_mfg_deactivate: 1793 release_firmware(fw); 1794 1795 /* Patching failed. Disable the manufacturer mode with reset and 1796 * deactivate the downloaded firmware patches. 1797 */ 1798 err = btintel_exit_mfg(hdev, true, false); 1799 if (err) 1800 return err; 1801 1802 bt_dev_info(hdev, "Intel firmware patch completed and deactivated"); 1803 1804 complete: 1805 /* Set the event mask for Intel specific vendor events. This enables 1806 * a few extra events that are useful during general operation. 1807 */ 1808 btintel_set_event_mask_mfg(hdev, false); 1809 1810 btintel_check_bdaddr(hdev); 1811 1812 return 0; 1813 } 1814 1815 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1816 { 1817 ktime_t delta, rettime; 1818 unsigned long long duration; 1819 int err; 1820 1821 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 1822 1823 bt_dev_info(hdev, "Waiting for firmware download to complete"); 1824 1825 err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING, 1826 TASK_INTERRUPTIBLE, 1827 msecs_to_jiffies(msec)); 1828 if (err == -EINTR) { 1829 bt_dev_err(hdev, "Firmware loading interrupted"); 1830 return err; 1831 } 1832 1833 if (err) { 1834 bt_dev_err(hdev, "Firmware loading timeout"); 1835 return -ETIMEDOUT; 1836 } 1837 1838 if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) { 1839 bt_dev_err(hdev, "Firmware loading failed"); 1840 return -ENOEXEC; 1841 } 1842 1843 rettime = ktime_get(); 1844 delta = ktime_sub(rettime, calltime); 1845 duration = (unsigned long long)ktime_to_ns(delta) >> 10; 1846 1847 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 1848 1849 return 0; 1850 } 1851 1852 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec) 1853 { 1854 ktime_t delta, rettime; 1855 unsigned long long duration; 1856 int err; 1857 1858 bt_dev_info(hdev, "Waiting for device to boot"); 1859 1860 err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING, 1861 TASK_INTERRUPTIBLE, 1862 msecs_to_jiffies(msec)); 1863 if (err == -EINTR) { 1864 bt_dev_err(hdev, "Device boot interrupted"); 1865 return -EINTR; 1866 } 1867 1868 if (err) { 1869 bt_dev_err(hdev, "Device boot timeout"); 1870 return -ETIMEDOUT; 1871 } 1872 1873 rettime = ktime_get(); 1874 delta = ktime_sub(rettime, calltime); 1875 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 1876 1877 bt_dev_info(hdev, "Device booted in %llu usecs", duration); 1878 1879 return 0; 1880 } 1881 1882 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr) 1883 { 1884 ktime_t calltime; 1885 int err; 1886 1887 calltime = ktime_get(); 1888 1889 btintel_set_flag(hdev, INTEL_BOOTING); 1890 1891 err = btintel_send_intel_reset(hdev, boot_addr); 1892 if (err) { 1893 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err); 1894 btintel_reset_to_bootloader(hdev); 1895 return err; 1896 } 1897 1898 /* The bootloader will not indicate when the device is ready. This 1899 * is done by the operational firmware sending bootup notification. 1900 * 1901 * Booting into operational firmware should not take longer than 1902 * 1 second. However if that happens, then just fail the setup 1903 * since something went wrong. 1904 */ 1905 err = btintel_boot_wait(hdev, calltime, 1000); 1906 if (err == -ETIMEDOUT) 1907 btintel_reset_to_bootloader(hdev); 1908 1909 return err; 1910 } 1911 1912 static int btintel_get_fw_name(struct intel_version *ver, 1913 struct intel_boot_params *params, 1914 char *fw_name, size_t len, 1915 const char *suffix) 1916 { 1917 switch (ver->hw_variant) { 1918 case 0x0b: /* SfP */ 1919 case 0x0c: /* WsP */ 1920 snprintf(fw_name, len, "intel/ibt-%u-%u.%s", 1921 ver->hw_variant, 1922 le16_to_cpu(params->dev_revid), 1923 suffix); 1924 break; 1925 case 0x11: /* JfP */ 1926 case 0x12: /* ThP */ 1927 case 0x13: /* HrP */ 1928 case 0x14: /* CcP */ 1929 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s", 1930 ver->hw_variant, 1931 ver->hw_revision, 1932 ver->fw_revision, 1933 suffix); 1934 break; 1935 default: 1936 return -EINVAL; 1937 } 1938 1939 return 0; 1940 } 1941 1942 static int btintel_download_fw(struct hci_dev *hdev, 1943 struct intel_version *ver, 1944 struct intel_boot_params *params, 1945 u32 *boot_param) 1946 { 1947 const struct firmware *fw; 1948 char fwname[64]; 1949 int err; 1950 ktime_t calltime; 1951 1952 if (!ver || !params) 1953 return -EINVAL; 1954 1955 /* The firmware variant determines if the device is in bootloader 1956 * mode or is running operational firmware. The value 0x06 identifies 1957 * the bootloader and the value 0x23 identifies the operational 1958 * firmware. 1959 * 1960 * When the operational firmware is already present, then only 1961 * the check for valid Bluetooth device address is needed. This 1962 * determines if the device will be added as configured or 1963 * unconfigured controller. 1964 * 1965 * It is not possible to use the Secure Boot Parameters in this 1966 * case since that command is only available in bootloader mode. 1967 */ 1968 if (ver->fw_variant == 0x23) { 1969 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 1970 btintel_check_bdaddr(hdev); 1971 1972 /* SfP and WsP don't seem to update the firmware version on file 1973 * so version checking is currently possible. 1974 */ 1975 switch (ver->hw_variant) { 1976 case 0x0b: /* SfP */ 1977 case 0x0c: /* WsP */ 1978 return 0; 1979 } 1980 1981 /* Proceed to download to check if the version matches */ 1982 goto download; 1983 } 1984 1985 /* Read the secure boot parameters to identify the operating 1986 * details of the bootloader. 1987 */ 1988 err = btintel_read_boot_params(hdev, params); 1989 if (err) 1990 return err; 1991 1992 /* It is required that every single firmware fragment is acknowledged 1993 * with a command complete event. If the boot parameters indicate 1994 * that this bootloader does not send them, then abort the setup. 1995 */ 1996 if (params->limited_cce != 0x00) { 1997 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 1998 params->limited_cce); 1999 return -EINVAL; 2000 } 2001 2002 /* If the OTP has no valid Bluetooth device address, then there will 2003 * also be no valid address for the operational firmware. 2004 */ 2005 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) { 2006 bt_dev_info(hdev, "No device address configured"); 2007 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2008 } 2009 2010 download: 2011 /* With this Intel bootloader only the hardware variant and device 2012 * revision information are used to select the right firmware for SfP 2013 * and WsP. 2014 * 2015 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi. 2016 * 2017 * Currently the supported hardware variants are: 2018 * 11 (0x0b) for iBT3.0 (LnP/SfP) 2019 * 12 (0x0c) for iBT3.5 (WsP) 2020 * 2021 * For ThP/JfP and for future SKU's, the FW name varies based on HW 2022 * variant, HW revision and FW revision, as these are dependent on CNVi 2023 * and RF Combination. 2024 * 2025 * 17 (0x11) for iBT3.5 (JfP) 2026 * 18 (0x12) for iBT3.5 (ThP) 2027 * 2028 * The firmware file name for these will be 2029 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 2030 * 2031 */ 2032 err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi"); 2033 if (err < 0) { 2034 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2035 /* Firmware has already been loaded */ 2036 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2037 return 0; 2038 } 2039 2040 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2041 return -EINVAL; 2042 } 2043 2044 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 2045 if (err < 0) { 2046 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2047 /* Firmware has already been loaded */ 2048 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2049 return 0; 2050 } 2051 2052 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 2053 fwname, err); 2054 return err; 2055 } 2056 2057 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2058 2059 if (fw->size < 644) { 2060 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 2061 fw->size); 2062 err = -EBADF; 2063 goto done; 2064 } 2065 2066 calltime = ktime_get(); 2067 2068 btintel_set_flag(hdev, INTEL_DOWNLOADING); 2069 2070 /* Start firmware downloading and get boot parameter */ 2071 err = btintel_download_firmware(hdev, ver, fw, boot_param); 2072 if (err < 0) { 2073 if (err == -EALREADY) { 2074 /* Firmware has already been loaded */ 2075 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2076 err = 0; 2077 goto done; 2078 } 2079 2080 /* When FW download fails, send Intel Reset to retry 2081 * FW download. 2082 */ 2083 btintel_reset_to_bootloader(hdev); 2084 goto done; 2085 } 2086 2087 /* Before switching the device into operational mode and with that 2088 * booting the loaded firmware, wait for the bootloader notification 2089 * that all fragments have been successfully received. 2090 * 2091 * When the event processing receives the notification, then the 2092 * INTEL_DOWNLOADING flag will be cleared. 2093 * 2094 * The firmware loading should not take longer than 5 seconds 2095 * and thus just timeout if that happens and fail the setup 2096 * of this device. 2097 */ 2098 err = btintel_download_wait(hdev, calltime, 5000); 2099 if (err == -ETIMEDOUT) 2100 btintel_reset_to_bootloader(hdev); 2101 2102 done: 2103 release_firmware(fw); 2104 return err; 2105 } 2106 2107 static int btintel_bootloader_setup(struct hci_dev *hdev, 2108 struct intel_version *ver) 2109 { 2110 struct intel_version new_ver; 2111 struct intel_boot_params params; 2112 u32 boot_param; 2113 char ddcname[64]; 2114 int err; 2115 2116 BT_DBG("%s", hdev->name); 2117 2118 /* Set the default boot parameter to 0x0 and it is updated to 2119 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2120 * command while downloading the firmware. 2121 */ 2122 boot_param = 0x00000000; 2123 2124 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2125 2126 err = btintel_download_fw(hdev, ver, ¶ms, &boot_param); 2127 if (err) 2128 return err; 2129 2130 /* controller is already having an operational firmware */ 2131 if (ver->fw_variant == 0x23) 2132 goto finish; 2133 2134 err = btintel_boot(hdev, boot_param); 2135 if (err) 2136 return err; 2137 2138 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2139 2140 err = btintel_get_fw_name(ver, ¶ms, ddcname, 2141 sizeof(ddcname), "ddc"); 2142 2143 if (err < 0) { 2144 bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2145 } else { 2146 /* Once the device is running in operational mode, it needs to 2147 * apply the device configuration (DDC) parameters. 2148 * 2149 * The device can work without DDC parameters, so even if it 2150 * fails to load the file, no need to fail the setup. 2151 */ 2152 btintel_load_ddc_config(hdev, ddcname); 2153 } 2154 2155 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2156 2157 /* Read the Intel version information after loading the FW */ 2158 err = btintel_read_version(hdev, &new_ver); 2159 if (err) 2160 return err; 2161 2162 btintel_version_info(hdev, &new_ver); 2163 2164 finish: 2165 /* Set the event mask for Intel specific vendor events. This enables 2166 * a few extra events that are useful during general operation. It 2167 * does not enable any debugging related events. 2168 * 2169 * The device will function correctly without these events enabled 2170 * and thus no need to fail the setup. 2171 */ 2172 btintel_set_event_mask(hdev, false); 2173 2174 return 0; 2175 } 2176 2177 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver, 2178 char *fw_name, size_t len, 2179 const char *suffix) 2180 { 2181 /* The firmware file name for new generation controllers will be 2182 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step> 2183 */ 2184 snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s", 2185 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top), 2186 INTEL_CNVX_TOP_STEP(ver->cnvi_top)), 2187 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top), 2188 INTEL_CNVX_TOP_STEP(ver->cnvr_top)), 2189 suffix); 2190 } 2191 2192 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev, 2193 struct intel_version_tlv *ver, 2194 u32 *boot_param) 2195 { 2196 const struct firmware *fw; 2197 char fwname[64]; 2198 int err; 2199 ktime_t calltime; 2200 2201 if (!ver || !boot_param) 2202 return -EINVAL; 2203 2204 /* The firmware variant determines if the device is in bootloader 2205 * mode or is running operational firmware. The value 0x03 identifies 2206 * the bootloader and the value 0x23 identifies the operational 2207 * firmware. 2208 * 2209 * When the operational firmware is already present, then only 2210 * the check for valid Bluetooth device address is needed. This 2211 * determines if the device will be added as configured or 2212 * unconfigured controller. 2213 * 2214 * It is not possible to use the Secure Boot Parameters in this 2215 * case since that command is only available in bootloader mode. 2216 */ 2217 if (ver->img_type == 0x03) { 2218 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2219 btintel_check_bdaddr(hdev); 2220 } else { 2221 /* 2222 * Check for valid bd address in boot loader mode. Device 2223 * will be marked as unconfigured if empty bd address is 2224 * found. 2225 */ 2226 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) { 2227 bt_dev_info(hdev, "No device address configured"); 2228 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2229 } 2230 } 2231 2232 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi"); 2233 err = firmware_request_nowarn(&fw, fwname, &hdev->dev); 2234 if (err < 0) { 2235 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) { 2236 /* Firmware has already been loaded */ 2237 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2238 return 0; 2239 } 2240 2241 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)", 2242 fwname, err); 2243 2244 return err; 2245 } 2246 2247 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2248 2249 if (fw->size < 644) { 2250 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", 2251 fw->size); 2252 err = -EBADF; 2253 goto done; 2254 } 2255 2256 calltime = ktime_get(); 2257 2258 btintel_set_flag(hdev, INTEL_DOWNLOADING); 2259 2260 /* Start firmware downloading and get boot parameter */ 2261 err = btintel_download_fw_tlv(hdev, ver, fw, boot_param, 2262 INTEL_HW_VARIANT(ver->cnvi_bt), 2263 ver->sbe_type); 2264 if (err < 0) { 2265 if (err == -EALREADY) { 2266 /* Firmware has already been loaded */ 2267 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED); 2268 err = 0; 2269 goto done; 2270 } 2271 2272 /* When FW download fails, send Intel Reset to retry 2273 * FW download. 2274 */ 2275 btintel_reset_to_bootloader(hdev); 2276 goto done; 2277 } 2278 2279 /* Before switching the device into operational mode and with that 2280 * booting the loaded firmware, wait for the bootloader notification 2281 * that all fragments have been successfully received. 2282 * 2283 * When the event processing receives the notification, then the 2284 * BTUSB_DOWNLOADING flag will be cleared. 2285 * 2286 * The firmware loading should not take longer than 5 seconds 2287 * and thus just timeout if that happens and fail the setup 2288 * of this device. 2289 */ 2290 err = btintel_download_wait(hdev, calltime, 5000); 2291 if (err == -ETIMEDOUT) 2292 btintel_reset_to_bootloader(hdev); 2293 2294 done: 2295 release_firmware(fw); 2296 return err; 2297 } 2298 2299 static int btintel_get_codec_config_data(struct hci_dev *hdev, 2300 __u8 link, struct bt_codec *codec, 2301 __u8 *ven_len, __u8 **ven_data) 2302 { 2303 int err = 0; 2304 2305 if (!ven_data || !ven_len) 2306 return -EINVAL; 2307 2308 *ven_len = 0; 2309 *ven_data = NULL; 2310 2311 if (link != ESCO_LINK) { 2312 bt_dev_err(hdev, "Invalid link type(%u)", link); 2313 return -EINVAL; 2314 } 2315 2316 *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL); 2317 if (!*ven_data) { 2318 err = -ENOMEM; 2319 goto error; 2320 } 2321 2322 /* supports only CVSD and mSBC offload codecs */ 2323 switch (codec->id) { 2324 case 0x02: 2325 **ven_data = 0x00; 2326 break; 2327 case 0x05: 2328 **ven_data = 0x01; 2329 break; 2330 default: 2331 err = -EINVAL; 2332 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id); 2333 goto error; 2334 } 2335 /* codec and its capabilities are pre-defined to ids 2336 * preset id = 0x00 represents CVSD codec with sampling rate 8K 2337 * preset id = 0x01 represents mSBC codec with sampling rate 16K 2338 */ 2339 *ven_len = sizeof(__u8); 2340 return err; 2341 2342 error: 2343 kfree(*ven_data); 2344 *ven_data = NULL; 2345 return err; 2346 } 2347 2348 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id) 2349 { 2350 /* Intel uses 1 as data path id for all the usecases */ 2351 *data_path_id = 1; 2352 return 0; 2353 } 2354 2355 static int btintel_configure_offload(struct hci_dev *hdev) 2356 { 2357 struct sk_buff *skb; 2358 int err = 0; 2359 struct intel_offload_use_cases *use_cases; 2360 2361 skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT); 2362 if (IS_ERR(skb)) { 2363 bt_dev_err(hdev, "Reading offload use cases failed (%ld)", 2364 PTR_ERR(skb)); 2365 return PTR_ERR(skb); 2366 } 2367 2368 if (skb->len < sizeof(*use_cases)) { 2369 err = -EIO; 2370 goto error; 2371 } 2372 2373 use_cases = (void *)skb->data; 2374 2375 if (use_cases->status) { 2376 err = -bt_to_errno(skb->data[0]); 2377 goto error; 2378 } 2379 2380 if (use_cases->preset[0] & 0x03) { 2381 hdev->get_data_path_id = btintel_get_data_path_id; 2382 hdev->get_codec_config_data = btintel_get_codec_config_data; 2383 } 2384 error: 2385 kfree_skb(skb); 2386 return err; 2387 } 2388 2389 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver) 2390 { 2391 struct btintel_ppag ppag; 2392 struct sk_buff *skb; 2393 struct btintel_loc_aware_reg ppag_cmd; 2394 acpi_handle handle; 2395 2396 /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */ 2397 switch (ver->cnvr_top & 0xFFF) { 2398 case 0x504: /* Hrp2 */ 2399 case 0x202: /* Jfp2 */ 2400 case 0x201: /* Jfp1 */ 2401 return; 2402 } 2403 2404 handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev)); 2405 if (!handle) { 2406 bt_dev_info(hdev, "No support for BT device in ACPI firmware"); 2407 return; 2408 } 2409 2410 memset(&ppag, 0, sizeof(ppag)); 2411 2412 ppag.hdev = hdev; 2413 ppag.status = AE_NOT_FOUND; 2414 acpi_walk_namespace(ACPI_TYPE_PACKAGE, handle, 1, NULL, 2415 btintel_ppag_callback, &ppag, NULL); 2416 2417 if (ACPI_FAILURE(ppag.status)) { 2418 if (ppag.status == AE_NOT_FOUND) { 2419 bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found"); 2420 return; 2421 } 2422 return; 2423 } 2424 2425 if (ppag.domain != 0x12) { 2426 bt_dev_warn(hdev, "PPAG-BT: domain is not bluetooth"); 2427 return; 2428 } 2429 2430 /* PPAG mode, BIT0 = 0 Disabled, BIT0 = 1 Enabled */ 2431 if (!(ppag.mode & BIT(0))) { 2432 bt_dev_dbg(hdev, "PPAG-BT: disabled"); 2433 return; 2434 } 2435 2436 ppag_cmd.mcc = cpu_to_le32(0); 2437 ppag_cmd.sel = cpu_to_le32(0); /* 0 - Enable , 1 - Disable, 2 - Testing mode */ 2438 ppag_cmd.delta = cpu_to_le32(0); 2439 skb = __hci_cmd_sync(hdev, 0xfe19, sizeof(ppag_cmd), &ppag_cmd, HCI_CMD_TIMEOUT); 2440 if (IS_ERR(skb)) { 2441 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb)); 2442 return; 2443 } 2444 kfree_skb(skb); 2445 } 2446 2447 static int btintel_bootloader_setup_tlv(struct hci_dev *hdev, 2448 struct intel_version_tlv *ver) 2449 { 2450 u32 boot_param; 2451 char ddcname[64]; 2452 int err; 2453 struct intel_version_tlv new_ver; 2454 2455 bt_dev_dbg(hdev, ""); 2456 2457 /* Set the default boot parameter to 0x0 and it is updated to 2458 * SKU specific boot parameter after reading Intel_Write_Boot_Params 2459 * command while downloading the firmware. 2460 */ 2461 boot_param = 0x00000000; 2462 2463 btintel_set_flag(hdev, INTEL_BOOTLOADER); 2464 2465 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param); 2466 if (err) 2467 return err; 2468 2469 /* check if controller is already having an operational firmware */ 2470 if (ver->img_type == 0x03) 2471 goto finish; 2472 2473 err = btintel_boot(hdev, boot_param); 2474 if (err) 2475 return err; 2476 2477 btintel_clear_flag(hdev, INTEL_BOOTLOADER); 2478 2479 btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc"); 2480 /* Once the device is running in operational mode, it needs to 2481 * apply the device configuration (DDC) parameters. 2482 * 2483 * The device can work without DDC parameters, so even if it 2484 * fails to load the file, no need to fail the setup. 2485 */ 2486 btintel_load_ddc_config(hdev, ddcname); 2487 2488 /* Read supported use cases and set callbacks to fetch datapath id */ 2489 btintel_configure_offload(hdev); 2490 2491 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 2492 2493 /* Set PPAG feature */ 2494 btintel_set_ppag(hdev, ver); 2495 2496 /* Read the Intel version information after loading the FW */ 2497 err = btintel_read_version_tlv(hdev, &new_ver); 2498 if (err) 2499 return err; 2500 2501 btintel_version_info_tlv(hdev, &new_ver); 2502 2503 finish: 2504 /* Set the event mask for Intel specific vendor events. This enables 2505 * a few extra events that are useful during general operation. It 2506 * does not enable any debugging related events. 2507 * 2508 * The device will function correctly without these events enabled 2509 * and thus no need to fail the setup. 2510 */ 2511 btintel_set_event_mask(hdev, false); 2512 2513 return 0; 2514 } 2515 2516 static void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant) 2517 { 2518 switch (hw_variant) { 2519 /* Legacy bootloader devices that supports MSFT Extension */ 2520 case 0x11: /* JfP */ 2521 case 0x12: /* ThP */ 2522 case 0x13: /* HrP */ 2523 case 0x14: /* CcP */ 2524 /* All Intel new genration controllers support the Microsoft vendor 2525 * extension are using 0xFC1E for VsMsftOpCode. 2526 */ 2527 case 0x17: 2528 case 0x18: 2529 case 0x19: 2530 case 0x1b: 2531 hci_set_msft_opcode(hdev, 0xFC1E); 2532 break; 2533 default: 2534 /* Not supported */ 2535 break; 2536 } 2537 } 2538 2539 static int btintel_setup_combined(struct hci_dev *hdev) 2540 { 2541 const u8 param[1] = { 0xFF }; 2542 struct intel_version ver; 2543 struct intel_version_tlv ver_tlv; 2544 struct sk_buff *skb; 2545 int err; 2546 2547 BT_DBG("%s", hdev->name); 2548 2549 /* The some controllers have a bug with the first HCI command sent to it 2550 * returning number of completed commands as zero. This would stall the 2551 * command processing in the Bluetooth core. 2552 * 2553 * As a workaround, send HCI Reset command first which will reset the 2554 * number of completed commands and allow normal command processing 2555 * from now on. 2556 * 2557 * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe 2558 * in the SW_RFKILL ON state as a workaround of fixing LED issue during 2559 * the shutdown() procedure, and once the device is in SW_RFKILL ON 2560 * state, the only way to exit out of it is sending the HCI_Reset 2561 * command. 2562 */ 2563 if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) || 2564 btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2565 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, 2566 HCI_INIT_TIMEOUT); 2567 if (IS_ERR(skb)) { 2568 bt_dev_err(hdev, 2569 "sending initial HCI reset failed (%ld)", 2570 PTR_ERR(skb)); 2571 return PTR_ERR(skb); 2572 } 2573 kfree_skb(skb); 2574 } 2575 2576 /* Starting from TyP device, the command parameter and response are 2577 * changed even though the OCF for HCI_Intel_Read_Version command 2578 * remains same. The legacy devices can handle even if the 2579 * command has a parameter and returns a correct version information. 2580 * So, it uses new format to support both legacy and new format. 2581 */ 2582 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT); 2583 if (IS_ERR(skb)) { 2584 bt_dev_err(hdev, "Reading Intel version command failed (%ld)", 2585 PTR_ERR(skb)); 2586 return PTR_ERR(skb); 2587 } 2588 2589 /* Check the status */ 2590 if (skb->data[0]) { 2591 bt_dev_err(hdev, "Intel Read Version command failed (%02x)", 2592 skb->data[0]); 2593 err = -EIO; 2594 goto exit_error; 2595 } 2596 2597 /* Apply the common HCI quirks for Intel device */ 2598 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks); 2599 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 2600 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks); 2601 2602 /* Set up the quality report callback for Intel devices */ 2603 hdev->set_quality_report = btintel_set_quality_report; 2604 2605 /* For Legacy device, check the HW platform value and size */ 2606 if (skb->len == sizeof(ver) && skb->data[1] == 0x37) { 2607 bt_dev_dbg(hdev, "Read the legacy Intel version information"); 2608 2609 memcpy(&ver, skb->data, sizeof(ver)); 2610 2611 /* Display version information */ 2612 btintel_version_info(hdev, &ver); 2613 2614 /* Check for supported iBT hardware variants of this firmware 2615 * loading method. 2616 * 2617 * This check has been put in place to ensure correct forward 2618 * compatibility options when newer hardware variants come 2619 * along. 2620 */ 2621 switch (ver.hw_variant) { 2622 case 0x07: /* WP */ 2623 case 0x08: /* StP */ 2624 /* Legacy ROM product */ 2625 btintel_set_flag(hdev, INTEL_ROM_LEGACY); 2626 2627 /* Apply the device specific HCI quirks 2628 * 2629 * WBS for SdP - For the Legacy ROM products, only SdP 2630 * supports the WBS. But the version information is not 2631 * enough to use here because the StP2 and SdP have same 2632 * hw_variant and fw_variant. So, this flag is set by 2633 * the transport driver (btusb) based on the HW info 2634 * (idProduct) 2635 */ 2636 if (!btintel_test_flag(hdev, 2637 INTEL_ROM_LEGACY_NO_WBS_SUPPORT)) 2638 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2639 &hdev->quirks); 2640 if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22) 2641 set_bit(HCI_QUIRK_VALID_LE_STATES, 2642 &hdev->quirks); 2643 2644 err = btintel_legacy_rom_setup(hdev, &ver); 2645 break; 2646 case 0x0b: /* SfP */ 2647 case 0x11: /* JfP */ 2648 case 0x12: /* ThP */ 2649 case 0x13: /* HrP */ 2650 case 0x14: /* CcP */ 2651 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2652 fallthrough; 2653 case 0x0c: /* WsP */ 2654 /* Apply the device specific HCI quirks 2655 * 2656 * All Legacy bootloader devices support WBS 2657 */ 2658 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 2659 &hdev->quirks); 2660 2661 /* Setup MSFT Extension support */ 2662 btintel_set_msft_opcode(hdev, ver.hw_variant); 2663 2664 err = btintel_bootloader_setup(hdev, &ver); 2665 btintel_register_devcoredump_support(hdev); 2666 break; 2667 default: 2668 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2669 ver.hw_variant); 2670 err = -EINVAL; 2671 } 2672 2673 goto exit_error; 2674 } 2675 2676 /* memset ver_tlv to start with clean state as few fields are exclusive 2677 * to bootloader mode and are not populated in operational mode 2678 */ 2679 memset(&ver_tlv, 0, sizeof(ver_tlv)); 2680 /* For TLV type device, parse the tlv data */ 2681 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb); 2682 if (err) { 2683 bt_dev_err(hdev, "Failed to parse TLV version information"); 2684 goto exit_error; 2685 } 2686 2687 if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) { 2688 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)", 2689 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt)); 2690 err = -EINVAL; 2691 goto exit_error; 2692 } 2693 2694 /* Check for supported iBT hardware variants of this firmware 2695 * loading method. 2696 * 2697 * This check has been put in place to ensure correct forward 2698 * compatibility options when newer hardware variants come 2699 * along. 2700 */ 2701 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) { 2702 case 0x11: /* JfP */ 2703 case 0x12: /* ThP */ 2704 case 0x13: /* HrP */ 2705 case 0x14: /* CcP */ 2706 /* Some legacy bootloader devices starting from JfP, 2707 * the operational firmware supports both old and TLV based 2708 * HCI_Intel_Read_Version command based on the command 2709 * parameter. 2710 * 2711 * For upgrading firmware case, the TLV based version cannot 2712 * be used because the firmware filename for legacy bootloader 2713 * is based on the old format. 2714 * 2715 * Also, it is not easy to convert TLV based version from the 2716 * legacy version format. 2717 * 2718 * So, as a workaround for those devices, use the legacy 2719 * HCI_Intel_Read_Version to get the version information and 2720 * run the legacy bootloader setup. 2721 */ 2722 err = btintel_read_version(hdev, &ver); 2723 if (err) 2724 break; 2725 2726 /* Apply the device specific HCI quirks 2727 * 2728 * All Legacy bootloader devices support WBS 2729 */ 2730 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2731 2732 /* Set Valid LE States quirk */ 2733 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2734 2735 /* Setup MSFT Extension support */ 2736 btintel_set_msft_opcode(hdev, ver.hw_variant); 2737 2738 err = btintel_bootloader_setup(hdev, &ver); 2739 btintel_register_devcoredump_support(hdev); 2740 break; 2741 case 0x17: 2742 case 0x18: 2743 case 0x19: 2744 case 0x1b: 2745 /* Display version information of TLV type */ 2746 btintel_version_info_tlv(hdev, &ver_tlv); 2747 2748 /* Apply the device specific HCI quirks for TLV based devices 2749 * 2750 * All TLV based devices support WBS 2751 */ 2752 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); 2753 2754 /* Apply LE States quirk from solar onwards */ 2755 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); 2756 2757 /* Setup MSFT Extension support */ 2758 btintel_set_msft_opcode(hdev, 2759 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2760 2761 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv); 2762 btintel_register_devcoredump_support(hdev); 2763 break; 2764 default: 2765 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)", 2766 INTEL_HW_VARIANT(ver_tlv.cnvi_bt)); 2767 err = -EINVAL; 2768 break; 2769 } 2770 2771 exit_error: 2772 kfree_skb(skb); 2773 2774 return err; 2775 } 2776 2777 static int btintel_shutdown_combined(struct hci_dev *hdev) 2778 { 2779 struct sk_buff *skb; 2780 int ret; 2781 2782 /* Send HCI Reset to the controller to stop any BT activity which 2783 * were triggered. This will help to save power and maintain the 2784 * sync b/w Host and controller 2785 */ 2786 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 2787 if (IS_ERR(skb)) { 2788 bt_dev_err(hdev, "HCI reset during shutdown failed"); 2789 return PTR_ERR(skb); 2790 } 2791 kfree_skb(skb); 2792 2793 2794 /* Some platforms have an issue with BT LED when the interface is 2795 * down or BT radio is turned off, which takes 5 seconds to BT LED 2796 * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the 2797 * device in the RFKILL ON state which turns off the BT LED immediately. 2798 */ 2799 if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) { 2800 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2801 if (IS_ERR(skb)) { 2802 ret = PTR_ERR(skb); 2803 bt_dev_err(hdev, "turning off Intel device LED failed"); 2804 return ret; 2805 } 2806 kfree_skb(skb); 2807 } 2808 2809 return 0; 2810 } 2811 2812 int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name) 2813 { 2814 hdev->manufacturer = 2; 2815 hdev->setup = btintel_setup_combined; 2816 hdev->shutdown = btintel_shutdown_combined; 2817 hdev->hw_error = btintel_hw_error; 2818 hdev->set_diag = btintel_set_diag_combined; 2819 hdev->set_bdaddr = btintel_set_bdaddr; 2820 2821 coredump_info.driver_name = driver_name; 2822 2823 return 0; 2824 } 2825 EXPORT_SYMBOL_GPL(btintel_configure_setup); 2826 2827 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len) 2828 { 2829 const struct intel_bootup *evt = ptr; 2830 2831 if (len != sizeof(*evt)) 2832 return; 2833 2834 if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING)) 2835 btintel_wake_up_flag(hdev, INTEL_BOOTING); 2836 } 2837 EXPORT_SYMBOL_GPL(btintel_bootup); 2838 2839 void btintel_secure_send_result(struct hci_dev *hdev, 2840 const void *ptr, unsigned int len) 2841 { 2842 const struct intel_secure_send_result *evt = ptr; 2843 2844 if (len != sizeof(*evt)) 2845 return; 2846 2847 if (evt->result) 2848 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED); 2849 2850 if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) && 2851 btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED)) 2852 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING); 2853 } 2854 EXPORT_SYMBOL_GPL(btintel_secure_send_result); 2855 2856 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2857 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 2858 MODULE_VERSION(VERSION); 2859 MODULE_LICENSE("GPL"); 2860 MODULE_FIRMWARE("intel/ibt-11-5.sfi"); 2861 MODULE_FIRMWARE("intel/ibt-11-5.ddc"); 2862 MODULE_FIRMWARE("intel/ibt-12-16.sfi"); 2863 MODULE_FIRMWARE("intel/ibt-12-16.ddc"); 2864