xref: /openbmc/linux/drivers/nfc/pn544/i2c.c (revision b34e08d5)
1 /*
2  * I2C Link Layer for PN544 HCI based Driver
3  *
4  * Copyright (C) 2012  Intel Corporation. All rights reserved.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms and conditions of the GNU General Public License,
8  * version 2, as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20 
21 #include <linux/crc-ccitt.h>
22 #include <linux/module.h>
23 #include <linux/i2c.h>
24 #include <linux/gpio.h>
25 #include <linux/miscdevice.h>
26 #include <linux/interrupt.h>
27 #include <linux/delay.h>
28 #include <linux/nfc.h>
29 #include <linux/firmware.h>
30 #include <linux/unaligned/access_ok.h>
31 #include <linux/platform_data/pn544.h>
32 
33 #include <net/nfc/hci.h>
34 #include <net/nfc/llc.h>
35 #include <net/nfc/nfc.h>
36 
37 #include "pn544.h"
38 
39 #define PN544_I2C_FRAME_HEADROOM 1
40 #define PN544_I2C_FRAME_TAILROOM 2
41 
42 /* framing in HCI mode */
43 #define PN544_HCI_I2C_LLC_LEN		1
44 #define PN544_HCI_I2C_LLC_CRC		2
45 #define PN544_HCI_I2C_LLC_LEN_CRC	(PN544_HCI_I2C_LLC_LEN + \
46 					 PN544_HCI_I2C_LLC_CRC)
47 #define PN544_HCI_I2C_LLC_MIN_SIZE	(1 + PN544_HCI_I2C_LLC_LEN_CRC)
48 #define PN544_HCI_I2C_LLC_MAX_PAYLOAD	29
49 #define PN544_HCI_I2C_LLC_MAX_SIZE	(PN544_HCI_I2C_LLC_LEN_CRC + 1 + \
50 					 PN544_HCI_I2C_LLC_MAX_PAYLOAD)
51 
52 static struct i2c_device_id pn544_hci_i2c_id_table[] = {
53 	{"pn544", 0},
54 	{}
55 };
56 
57 MODULE_DEVICE_TABLE(i2c, pn544_hci_i2c_id_table);
58 
59 #define PN544_HCI_I2C_DRIVER_NAME "pn544_hci_i2c"
60 
61 /*
62  * Exposed through the 4 most significant bytes
63  * from the HCI SW_VERSION first byte, a.k.a.
64  * SW RomLib.
65  */
66 #define PN544_HW_VARIANT_C2 0xa
67 #define PN544_HW_VARIANT_C3 0xb
68 
69 #define PN544_FW_CMD_RESET 0x01
70 #define PN544_FW_CMD_WRITE 0x08
71 #define PN544_FW_CMD_CHECK 0x06
72 #define PN544_FW_CMD_SECURE_WRITE 0x0C
73 #define PN544_FW_CMD_SECURE_CHUNK_WRITE 0x0D
74 
75 struct pn544_i2c_fw_frame_write {
76 	u8 cmd;
77 	u16 be_length;
78 	u8 be_dest_addr[3];
79 	u16 be_datalen;
80 	u8 data[];
81 } __packed;
82 
83 struct pn544_i2c_fw_frame_check {
84 	u8 cmd;
85 	u16 be_length;
86 	u8 be_start_addr[3];
87 	u16 be_datalen;
88 	u16 be_crc;
89 } __packed;
90 
91 struct pn544_i2c_fw_frame_response {
92 	u8 status;
93 	u16 be_length;
94 } __packed;
95 
96 struct pn544_i2c_fw_blob {
97 	u32 be_size;
98 	u32 be_destaddr;
99 	u8 data[];
100 };
101 
102 struct pn544_i2c_fw_secure_frame {
103 	u8 cmd;
104 	u16 be_datalen;
105 	u8 data[];
106 } __packed;
107 
108 struct pn544_i2c_fw_secure_blob {
109 	u64 header;
110 	u8 data[];
111 };
112 
113 #define PN544_FW_CMD_RESULT_TIMEOUT 0x01
114 #define PN544_FW_CMD_RESULT_BAD_CRC 0x02
115 #define PN544_FW_CMD_RESULT_ACCESS_DENIED 0x08
116 #define PN544_FW_CMD_RESULT_PROTOCOL_ERROR 0x0B
117 #define PN544_FW_CMD_RESULT_INVALID_PARAMETER 0x11
118 #define PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND 0x13
119 #define PN544_FW_CMD_RESULT_INVALID_LENGTH 0x18
120 #define PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR 0x19
121 #define PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR 0x1D
122 #define PN544_FW_CMD_RESULT_MEMORY_ERROR 0x20
123 #define PN544_FW_CMD_RESULT_CHUNK_OK 0x21
124 #define PN544_FW_CMD_RESULT_WRITE_FAILED 0x74
125 #define PN544_FW_CMD_RESULT_COMMAND_REJECTED 0xE0
126 #define PN544_FW_CMD_RESULT_CHUNK_ERROR 0xE6
127 
128 #define MIN(X, Y) ((X) < (Y) ? (X) : (Y))
129 
130 #define PN544_FW_WRITE_BUFFER_MAX_LEN 0x9f7
131 #define PN544_FW_I2C_MAX_PAYLOAD PN544_HCI_I2C_LLC_MAX_SIZE
132 #define PN544_FW_I2C_WRITE_FRAME_HEADER_LEN 8
133 #define PN544_FW_I2C_WRITE_DATA_MAX_LEN MIN((PN544_FW_I2C_MAX_PAYLOAD -\
134 					 PN544_FW_I2C_WRITE_FRAME_HEADER_LEN),\
135 					 PN544_FW_WRITE_BUFFER_MAX_LEN)
136 #define PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN 3
137 #define PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN (PN544_FW_I2C_MAX_PAYLOAD -\
138 			PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN)
139 #define PN544_FW_SECURE_FRAME_HEADER_LEN 3
140 #define PN544_FW_SECURE_BLOB_HEADER_LEN 8
141 
142 #define FW_WORK_STATE_IDLE 1
143 #define FW_WORK_STATE_START 2
144 #define FW_WORK_STATE_WAIT_WRITE_ANSWER 3
145 #define FW_WORK_STATE_WAIT_CHECK_ANSWER 4
146 #define FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER 5
147 
148 struct pn544_i2c_phy {
149 	struct i2c_client *i2c_dev;
150 	struct nfc_hci_dev *hdev;
151 
152 	unsigned int gpio_en;
153 	unsigned int gpio_irq;
154 	unsigned int gpio_fw;
155 	unsigned int en_polarity;
156 
157 	u8 hw_variant;
158 
159 	struct work_struct fw_work;
160 	int fw_work_state;
161 	char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1];
162 	const struct firmware *fw;
163 	u32 fw_blob_dest_addr;
164 	size_t fw_blob_size;
165 	const u8 *fw_blob_data;
166 	size_t fw_written;
167 	size_t fw_size;
168 
169 	int fw_cmd_result;
170 
171 	int powered;
172 	int run_mode;
173 
174 	int hard_fault;		/*
175 				 * < 0 if hardware error occured (e.g. i2c err)
176 				 * and prevents normal operation.
177 				 */
178 };
179 
180 #define I2C_DUMP_SKB(info, skb)					\
181 do {								\
182 	pr_debug("%s:\n", info);				\
183 	print_hex_dump(KERN_DEBUG, "i2c: ", DUMP_PREFIX_OFFSET,	\
184 		       16, 1, (skb)->data, (skb)->len, 0);	\
185 } while (0)
186 
187 static void pn544_hci_i2c_platform_init(struct pn544_i2c_phy *phy)
188 {
189 	int polarity, retry, ret;
190 	char rset_cmd[] = { 0x05, 0xF9, 0x04, 0x00, 0xC3, 0xE5 };
191 	int count = sizeof(rset_cmd);
192 
193 	nfc_info(&phy->i2c_dev->dev, "Detecting nfc_en polarity\n");
194 
195 	/* Disable fw download */
196 	gpio_set_value(phy->gpio_fw, 0);
197 
198 	for (polarity = 0; polarity < 2; polarity++) {
199 		phy->en_polarity = polarity;
200 		retry = 3;
201 		while (retry--) {
202 			/* power off */
203 			gpio_set_value(phy->gpio_en, !phy->en_polarity);
204 			usleep_range(10000, 15000);
205 
206 			/* power on */
207 			gpio_set_value(phy->gpio_en, phy->en_polarity);
208 			usleep_range(10000, 15000);
209 
210 			/* send reset */
211 			dev_dbg(&phy->i2c_dev->dev, "Sending reset cmd\n");
212 			ret = i2c_master_send(phy->i2c_dev, rset_cmd, count);
213 			if (ret == count) {
214 				nfc_info(&phy->i2c_dev->dev,
215 					 "nfc_en polarity : active %s\n",
216 					 (polarity == 0 ? "low" : "high"));
217 				goto out;
218 			}
219 		}
220 	}
221 
222 	nfc_err(&phy->i2c_dev->dev,
223 		"Could not detect nfc_en polarity, fallback to active high\n");
224 
225 out:
226 	gpio_set_value(phy->gpio_en, !phy->en_polarity);
227 }
228 
229 static void pn544_hci_i2c_enable_mode(struct pn544_i2c_phy *phy, int run_mode)
230 {
231 	gpio_set_value(phy->gpio_fw, run_mode == PN544_FW_MODE ? 1 : 0);
232 	gpio_set_value(phy->gpio_en, phy->en_polarity);
233 	usleep_range(10000, 15000);
234 
235 	phy->run_mode = run_mode;
236 }
237 
238 static int pn544_hci_i2c_enable(void *phy_id)
239 {
240 	struct pn544_i2c_phy *phy = phy_id;
241 
242 	pr_info("%s\n", __func__);
243 
244 	pn544_hci_i2c_enable_mode(phy, PN544_HCI_MODE);
245 
246 	phy->powered = 1;
247 
248 	return 0;
249 }
250 
251 static void pn544_hci_i2c_disable(void *phy_id)
252 {
253 	struct pn544_i2c_phy *phy = phy_id;
254 
255 	gpio_set_value(phy->gpio_fw, 0);
256 	gpio_set_value(phy->gpio_en, !phy->en_polarity);
257 	usleep_range(10000, 15000);
258 
259 	gpio_set_value(phy->gpio_en, phy->en_polarity);
260 	usleep_range(10000, 15000);
261 
262 	gpio_set_value(phy->gpio_en, !phy->en_polarity);
263 	usleep_range(10000, 15000);
264 
265 	phy->powered = 0;
266 }
267 
268 static void pn544_hci_i2c_add_len_crc(struct sk_buff *skb)
269 {
270 	u16 crc;
271 	int len;
272 
273 	len = skb->len + 2;
274 	*skb_push(skb, 1) = len;
275 
276 	crc = crc_ccitt(0xffff, skb->data, skb->len);
277 	crc = ~crc;
278 	*skb_put(skb, 1) = crc & 0xff;
279 	*skb_put(skb, 1) = crc >> 8;
280 }
281 
282 static void pn544_hci_i2c_remove_len_crc(struct sk_buff *skb)
283 {
284 	skb_pull(skb, PN544_I2C_FRAME_HEADROOM);
285 	skb_trim(skb, PN544_I2C_FRAME_TAILROOM);
286 }
287 
288 /*
289  * Writing a frame must not return the number of written bytes.
290  * It must return either zero for success, or <0 for error.
291  * In addition, it must not alter the skb
292  */
293 static int pn544_hci_i2c_write(void *phy_id, struct sk_buff *skb)
294 {
295 	int r;
296 	struct pn544_i2c_phy *phy = phy_id;
297 	struct i2c_client *client = phy->i2c_dev;
298 
299 	if (phy->hard_fault != 0)
300 		return phy->hard_fault;
301 
302 	usleep_range(3000, 6000);
303 
304 	pn544_hci_i2c_add_len_crc(skb);
305 
306 	I2C_DUMP_SKB("i2c frame written", skb);
307 
308 	r = i2c_master_send(client, skb->data, skb->len);
309 
310 	if (r == -EREMOTEIO) {	/* Retry, chip was in standby */
311 		usleep_range(6000, 10000);
312 		r = i2c_master_send(client, skb->data, skb->len);
313 	}
314 
315 	if (r >= 0) {
316 		if (r != skb->len)
317 			r = -EREMOTEIO;
318 		else
319 			r = 0;
320 	}
321 
322 	pn544_hci_i2c_remove_len_crc(skb);
323 
324 	return r;
325 }
326 
327 static int check_crc(u8 *buf, int buflen)
328 {
329 	int len;
330 	u16 crc;
331 
332 	len = buf[0] + 1;
333 	crc = crc_ccitt(0xffff, buf, len - 2);
334 	crc = ~crc;
335 
336 	if (buf[len - 2] != (crc & 0xff) || buf[len - 1] != (crc >> 8)) {
337 		pr_err("CRC error 0x%x != 0x%x 0x%x\n",
338 		       crc, buf[len - 1], buf[len - 2]);
339 		pr_info("%s: BAD CRC\n", __func__);
340 		print_hex_dump(KERN_DEBUG, "crc: ", DUMP_PREFIX_NONE,
341 			       16, 2, buf, buflen, false);
342 		return -EPERM;
343 	}
344 	return 0;
345 }
346 
347 /*
348  * Reads an shdlc frame and returns it in a newly allocated sk_buff. Guarantees
349  * that i2c bus will be flushed and that next read will start on a new frame.
350  * returned skb contains only LLC header and payload.
351  * returns:
352  * -EREMOTEIO : i2c read error (fatal)
353  * -EBADMSG : frame was incorrect and discarded
354  * -ENOMEM : cannot allocate skb, frame dropped
355  */
356 static int pn544_hci_i2c_read(struct pn544_i2c_phy *phy, struct sk_buff **skb)
357 {
358 	int r;
359 	u8 len;
360 	u8 tmp[PN544_HCI_I2C_LLC_MAX_SIZE - 1];
361 	struct i2c_client *client = phy->i2c_dev;
362 
363 	r = i2c_master_recv(client, &len, 1);
364 	if (r != 1) {
365 		nfc_err(&client->dev, "cannot read len byte\n");
366 		return -EREMOTEIO;
367 	}
368 
369 	if ((len < (PN544_HCI_I2C_LLC_MIN_SIZE - 1)) ||
370 	    (len > (PN544_HCI_I2C_LLC_MAX_SIZE - 1))) {
371 		nfc_err(&client->dev, "invalid len byte\n");
372 		r = -EBADMSG;
373 		goto flush;
374 	}
375 
376 	*skb = alloc_skb(1 + len, GFP_KERNEL);
377 	if (*skb == NULL) {
378 		r = -ENOMEM;
379 		goto flush;
380 	}
381 
382 	*skb_put(*skb, 1) = len;
383 
384 	r = i2c_master_recv(client, skb_put(*skb, len), len);
385 	if (r != len) {
386 		kfree_skb(*skb);
387 		return -EREMOTEIO;
388 	}
389 
390 	I2C_DUMP_SKB("i2c frame read", *skb);
391 
392 	r = check_crc((*skb)->data, (*skb)->len);
393 	if (r != 0) {
394 		kfree_skb(*skb);
395 		r = -EBADMSG;
396 		goto flush;
397 	}
398 
399 	skb_pull(*skb, 1);
400 	skb_trim(*skb, (*skb)->len - 2);
401 
402 	usleep_range(3000, 6000);
403 
404 	return 0;
405 
406 flush:
407 	if (i2c_master_recv(client, tmp, sizeof(tmp)) < 0)
408 		r = -EREMOTEIO;
409 
410 	usleep_range(3000, 6000);
411 
412 	return r;
413 }
414 
415 static int pn544_hci_i2c_fw_read_status(struct pn544_i2c_phy *phy)
416 {
417 	int r;
418 	struct pn544_i2c_fw_frame_response response;
419 	struct i2c_client *client = phy->i2c_dev;
420 
421 	r = i2c_master_recv(client, (char *) &response, sizeof(response));
422 	if (r != sizeof(response)) {
423 		nfc_err(&client->dev, "cannot read fw status\n");
424 		return -EIO;
425 	}
426 
427 	usleep_range(3000, 6000);
428 
429 	switch (response.status) {
430 	case 0:
431 		return 0;
432 	case PN544_FW_CMD_RESULT_CHUNK_OK:
433 		return response.status;
434 	case PN544_FW_CMD_RESULT_TIMEOUT:
435 		return -ETIMEDOUT;
436 	case PN544_FW_CMD_RESULT_BAD_CRC:
437 		return -ENODATA;
438 	case PN544_FW_CMD_RESULT_ACCESS_DENIED:
439 		return -EACCES;
440 	case PN544_FW_CMD_RESULT_PROTOCOL_ERROR:
441 		return -EPROTO;
442 	case PN544_FW_CMD_RESULT_INVALID_PARAMETER:
443 		return -EINVAL;
444 	case PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND:
445 		return -ENOTSUPP;
446 	case PN544_FW_CMD_RESULT_INVALID_LENGTH:
447 		return -EBADMSG;
448 	case PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR:
449 		return -ENOKEY;
450 	case PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR:
451 		return -EINVAL;
452 	case PN544_FW_CMD_RESULT_MEMORY_ERROR:
453 		return -ENOMEM;
454 	case PN544_FW_CMD_RESULT_COMMAND_REJECTED:
455 		return -EACCES;
456 	case PN544_FW_CMD_RESULT_WRITE_FAILED:
457 	case PN544_FW_CMD_RESULT_CHUNK_ERROR:
458 		return -EIO;
459 	default:
460 		return -EIO;
461 	}
462 }
463 
464 /*
465  * Reads an shdlc frame from the chip. This is not as straightforward as it
466  * seems. There are cases where we could loose the frame start synchronization.
467  * The frame format is len-data-crc, and corruption can occur anywhere while
468  * transiting on i2c bus, such that we could read an invalid len.
469  * In order to recover synchronization with the next frame, we must be sure
470  * to read the real amount of data without using the len byte. We do this by
471  * assuming the following:
472  * - the chip will always present only one single complete frame on the bus
473  *   before triggering the interrupt
474  * - the chip will not present a new frame until we have completely read
475  *   the previous one (or until we have handled the interrupt).
476  * The tricky case is when we read a corrupted len that is less than the real
477  * len. We must detect this here in order to determine that we need to flush
478  * the bus. This is the reason why we check the crc here.
479  */
480 static irqreturn_t pn544_hci_i2c_irq_thread_fn(int irq, void *phy_id)
481 {
482 	struct pn544_i2c_phy *phy = phy_id;
483 	struct i2c_client *client;
484 	struct sk_buff *skb = NULL;
485 	int r;
486 
487 	if (!phy || irq != phy->i2c_dev->irq) {
488 		WARN_ON_ONCE(1);
489 		return IRQ_NONE;
490 	}
491 
492 	client = phy->i2c_dev;
493 	dev_dbg(&client->dev, "IRQ\n");
494 
495 	if (phy->hard_fault != 0)
496 		return IRQ_HANDLED;
497 
498 	if (phy->run_mode == PN544_FW_MODE) {
499 		phy->fw_cmd_result = pn544_hci_i2c_fw_read_status(phy);
500 		schedule_work(&phy->fw_work);
501 	} else {
502 		r = pn544_hci_i2c_read(phy, &skb);
503 		if (r == -EREMOTEIO) {
504 			phy->hard_fault = r;
505 
506 			nfc_hci_recv_frame(phy->hdev, NULL);
507 
508 			return IRQ_HANDLED;
509 		} else if ((r == -ENOMEM) || (r == -EBADMSG)) {
510 			return IRQ_HANDLED;
511 		}
512 
513 		nfc_hci_recv_frame(phy->hdev, skb);
514 	}
515 	return IRQ_HANDLED;
516 }
517 
518 static struct nfc_phy_ops i2c_phy_ops = {
519 	.write = pn544_hci_i2c_write,
520 	.enable = pn544_hci_i2c_enable,
521 	.disable = pn544_hci_i2c_disable,
522 };
523 
524 static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
525 					u8 hw_variant)
526 {
527 	struct pn544_i2c_phy *phy = phy_id;
528 
529 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
530 
531 	strcpy(phy->firmware_name, firmware_name);
532 
533 	phy->hw_variant = hw_variant;
534 	phy->fw_work_state = FW_WORK_STATE_START;
535 
536 	schedule_work(&phy->fw_work);
537 
538 	return 0;
539 }
540 
541 static void pn544_hci_i2c_fw_work_complete(struct pn544_i2c_phy *phy,
542 					   int result)
543 {
544 	pr_info("Firmware Download Complete, result=%d\n", result);
545 
546 	pn544_hci_i2c_disable(phy);
547 
548 	phy->fw_work_state = FW_WORK_STATE_IDLE;
549 
550 	if (phy->fw) {
551 		release_firmware(phy->fw);
552 		phy->fw = NULL;
553 	}
554 
555 	nfc_fw_download_done(phy->hdev->ndev, phy->firmware_name, (u32) -result);
556 }
557 
558 static int pn544_hci_i2c_fw_write_cmd(struct i2c_client *client, u32 dest_addr,
559 				      const u8 *data, u16 datalen)
560 {
561 	u8 frame[PN544_FW_I2C_MAX_PAYLOAD];
562 	struct pn544_i2c_fw_frame_write *framep;
563 	u16 params_len;
564 	int framelen;
565 	int r;
566 
567 	if (datalen > PN544_FW_I2C_WRITE_DATA_MAX_LEN)
568 		datalen = PN544_FW_I2C_WRITE_DATA_MAX_LEN;
569 
570 	framep = (struct pn544_i2c_fw_frame_write *) frame;
571 
572 	params_len = sizeof(framep->be_dest_addr) +
573 		     sizeof(framep->be_datalen) + datalen;
574 	framelen = params_len + sizeof(framep->cmd) +
575 			     sizeof(framep->be_length);
576 
577 	framep->cmd = PN544_FW_CMD_WRITE;
578 
579 	put_unaligned_be16(params_len, &framep->be_length);
580 
581 	framep->be_dest_addr[0] = (dest_addr & 0xff0000) >> 16;
582 	framep->be_dest_addr[1] = (dest_addr & 0xff00) >> 8;
583 	framep->be_dest_addr[2] = dest_addr & 0xff;
584 
585 	put_unaligned_be16(datalen, &framep->be_datalen);
586 
587 	memcpy(framep->data, data, datalen);
588 
589 	r = i2c_master_send(client, frame, framelen);
590 
591 	if (r == framelen)
592 		return datalen;
593 	else if (r < 0)
594 		return r;
595 	else
596 		return -EIO;
597 }
598 
599 static int pn544_hci_i2c_fw_check_cmd(struct i2c_client *client, u32 start_addr,
600 				      const u8 *data, u16 datalen)
601 {
602 	struct pn544_i2c_fw_frame_check frame;
603 	int r;
604 	u16 crc;
605 
606 	/* calculate local crc for the data we want to check */
607 	crc = crc_ccitt(0xffff, data, datalen);
608 
609 	frame.cmd = PN544_FW_CMD_CHECK;
610 
611 	put_unaligned_be16(sizeof(frame.be_start_addr) +
612 			   sizeof(frame.be_datalen) + sizeof(frame.be_crc),
613 			   &frame.be_length);
614 
615 	/* tell the chip the memory region to which our crc applies */
616 	frame.be_start_addr[0] = (start_addr & 0xff0000) >> 16;
617 	frame.be_start_addr[1] = (start_addr & 0xff00) >> 8;
618 	frame.be_start_addr[2] = start_addr & 0xff;
619 
620 	put_unaligned_be16(datalen, &frame.be_datalen);
621 
622 	/*
623 	 * and give our local crc. Chip will calculate its own crc for the
624 	 * region and compare with ours.
625 	 */
626 	put_unaligned_be16(crc, &frame.be_crc);
627 
628 	r = i2c_master_send(client, (const char *) &frame, sizeof(frame));
629 
630 	if (r == sizeof(frame))
631 		return 0;
632 	else if (r < 0)
633 		return r;
634 	else
635 		return -EIO;
636 }
637 
638 static int pn544_hci_i2c_fw_write_chunk(struct pn544_i2c_phy *phy)
639 {
640 	int r;
641 
642 	r = pn544_hci_i2c_fw_write_cmd(phy->i2c_dev,
643 				       phy->fw_blob_dest_addr + phy->fw_written,
644 				       phy->fw_blob_data + phy->fw_written,
645 				       phy->fw_blob_size - phy->fw_written);
646 	if (r < 0)
647 		return r;
648 
649 	phy->fw_written += r;
650 	phy->fw_work_state = FW_WORK_STATE_WAIT_WRITE_ANSWER;
651 
652 	return 0;
653 }
654 
655 static int pn544_hci_i2c_fw_secure_write_frame_cmd(struct pn544_i2c_phy *phy,
656 					const u8 *data, u16 datalen)
657 {
658 	u8 buf[PN544_FW_I2C_MAX_PAYLOAD];
659 	struct pn544_i2c_fw_secure_frame *chunk;
660 	int chunklen;
661 	int r;
662 
663 	if (datalen > PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN)
664 		datalen = PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN;
665 
666 	chunk = (struct pn544_i2c_fw_secure_frame *) buf;
667 
668 	chunk->cmd = PN544_FW_CMD_SECURE_CHUNK_WRITE;
669 
670 	put_unaligned_be16(datalen, &chunk->be_datalen);
671 
672 	memcpy(chunk->data, data, datalen);
673 
674 	chunklen = sizeof(chunk->cmd) + sizeof(chunk->be_datalen) + datalen;
675 
676 	r = i2c_master_send(phy->i2c_dev, buf, chunklen);
677 
678 	if (r == chunklen)
679 		return datalen;
680 	else if (r < 0)
681 		return r;
682 	else
683 		return -EIO;
684 
685 }
686 
687 static int pn544_hci_i2c_fw_secure_write_frame(struct pn544_i2c_phy *phy)
688 {
689 	struct pn544_i2c_fw_secure_frame *framep;
690 	int r;
691 
692 	framep = (struct pn544_i2c_fw_secure_frame *) phy->fw_blob_data;
693 	if (phy->fw_written == 0)
694 		phy->fw_blob_size = get_unaligned_be16(&framep->be_datalen)
695 				+ PN544_FW_SECURE_FRAME_HEADER_LEN;
696 
697 	/* Only secure write command can be chunked*/
698 	if (phy->fw_blob_size > PN544_FW_I2C_MAX_PAYLOAD &&
699 			framep->cmd != PN544_FW_CMD_SECURE_WRITE)
700 		return -EINVAL;
701 
702 	/* The firmware also have other commands, we just send them directly */
703 	if (phy->fw_blob_size < PN544_FW_I2C_MAX_PAYLOAD) {
704 		r = i2c_master_send(phy->i2c_dev,
705 			(const char *) phy->fw_blob_data, phy->fw_blob_size);
706 
707 		if (r == phy->fw_blob_size)
708 			goto exit;
709 		else if (r < 0)
710 			return r;
711 		else
712 			return -EIO;
713 	}
714 
715 	r = pn544_hci_i2c_fw_secure_write_frame_cmd(phy,
716 				       phy->fw_blob_data + phy->fw_written,
717 				       phy->fw_blob_size - phy->fw_written);
718 	if (r < 0)
719 		return r;
720 
721 exit:
722 	phy->fw_written += r;
723 	phy->fw_work_state = FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER;
724 
725 	/* SW reset command will not trig any response from PN544 */
726 	if (framep->cmd == PN544_FW_CMD_RESET) {
727 		pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE);
728 		phy->fw_cmd_result = 0;
729 		schedule_work(&phy->fw_work);
730 	}
731 
732 	return 0;
733 }
734 
735 static void pn544_hci_i2c_fw_work(struct work_struct *work)
736 {
737 	struct pn544_i2c_phy *phy = container_of(work, struct pn544_i2c_phy,
738 						fw_work);
739 	int r;
740 	struct pn544_i2c_fw_blob *blob;
741 	struct pn544_i2c_fw_secure_blob *secure_blob;
742 
743 	switch (phy->fw_work_state) {
744 	case FW_WORK_STATE_START:
745 		pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE);
746 
747 		r = request_firmware(&phy->fw, phy->firmware_name,
748 				     &phy->i2c_dev->dev);
749 		if (r < 0)
750 			goto exit_state_start;
751 
752 		phy->fw_written = 0;
753 
754 		switch (phy->hw_variant) {
755 		case PN544_HW_VARIANT_C2:
756 			blob = (struct pn544_i2c_fw_blob *) phy->fw->data;
757 			phy->fw_blob_size = get_unaligned_be32(&blob->be_size);
758 			phy->fw_blob_dest_addr = get_unaligned_be32(
759 							&blob->be_destaddr);
760 			phy->fw_blob_data = blob->data;
761 
762 			r = pn544_hci_i2c_fw_write_chunk(phy);
763 			break;
764 		case PN544_HW_VARIANT_C3:
765 			secure_blob = (struct pn544_i2c_fw_secure_blob *)
766 								phy->fw->data;
767 			phy->fw_blob_data = secure_blob->data;
768 			phy->fw_size = phy->fw->size;
769 			r = pn544_hci_i2c_fw_secure_write_frame(phy);
770 			break;
771 		default:
772 			r = -ENOTSUPP;
773 			break;
774 		}
775 
776 exit_state_start:
777 		if (r < 0)
778 			pn544_hci_i2c_fw_work_complete(phy, r);
779 		break;
780 
781 	case FW_WORK_STATE_WAIT_WRITE_ANSWER:
782 		r = phy->fw_cmd_result;
783 		if (r < 0)
784 			goto exit_state_wait_write_answer;
785 
786 		if (phy->fw_written == phy->fw_blob_size) {
787 			r = pn544_hci_i2c_fw_check_cmd(phy->i2c_dev,
788 						       phy->fw_blob_dest_addr,
789 						       phy->fw_blob_data,
790 						       phy->fw_blob_size);
791 			if (r < 0)
792 				goto exit_state_wait_write_answer;
793 			phy->fw_work_state = FW_WORK_STATE_WAIT_CHECK_ANSWER;
794 			break;
795 		}
796 
797 		r = pn544_hci_i2c_fw_write_chunk(phy);
798 
799 exit_state_wait_write_answer:
800 		if (r < 0)
801 			pn544_hci_i2c_fw_work_complete(phy, r);
802 		break;
803 
804 	case FW_WORK_STATE_WAIT_CHECK_ANSWER:
805 		r = phy->fw_cmd_result;
806 		if (r < 0)
807 			goto exit_state_wait_check_answer;
808 
809 		blob = (struct pn544_i2c_fw_blob *) (phy->fw_blob_data +
810 		       phy->fw_blob_size);
811 		phy->fw_blob_size = get_unaligned_be32(&blob->be_size);
812 		if (phy->fw_blob_size != 0) {
813 			phy->fw_blob_dest_addr =
814 					get_unaligned_be32(&blob->be_destaddr);
815 			phy->fw_blob_data = blob->data;
816 
817 			phy->fw_written = 0;
818 			r = pn544_hci_i2c_fw_write_chunk(phy);
819 		}
820 
821 exit_state_wait_check_answer:
822 		if (r < 0 || phy->fw_blob_size == 0)
823 			pn544_hci_i2c_fw_work_complete(phy, r);
824 		break;
825 
826 	case FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER:
827 		r = phy->fw_cmd_result;
828 		if (r < 0)
829 			goto exit_state_wait_secure_write_answer;
830 
831 		if (r == PN544_FW_CMD_RESULT_CHUNK_OK) {
832 			r = pn544_hci_i2c_fw_secure_write_frame(phy);
833 			goto exit_state_wait_secure_write_answer;
834 		}
835 
836 		if (phy->fw_written == phy->fw_blob_size) {
837 			secure_blob = (struct pn544_i2c_fw_secure_blob *)
838 				(phy->fw_blob_data + phy->fw_blob_size);
839 			phy->fw_size -= phy->fw_blob_size +
840 				PN544_FW_SECURE_BLOB_HEADER_LEN;
841 			if (phy->fw_size >= PN544_FW_SECURE_BLOB_HEADER_LEN
842 					+ PN544_FW_SECURE_FRAME_HEADER_LEN) {
843 				phy->fw_blob_data = secure_blob->data;
844 
845 				phy->fw_written = 0;
846 				r = pn544_hci_i2c_fw_secure_write_frame(phy);
847 			}
848 		}
849 
850 exit_state_wait_secure_write_answer:
851 		if (r < 0 || phy->fw_size == 0)
852 			pn544_hci_i2c_fw_work_complete(phy, r);
853 		break;
854 
855 	default:
856 		break;
857 	}
858 }
859 
860 static int pn544_hci_i2c_probe(struct i2c_client *client,
861 			       const struct i2c_device_id *id)
862 {
863 	struct pn544_i2c_phy *phy;
864 	struct pn544_nfc_platform_data *pdata;
865 	int r = 0;
866 
867 	dev_dbg(&client->dev, "%s\n", __func__);
868 	dev_dbg(&client->dev, "IRQ: %d\n", client->irq);
869 
870 	if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
871 		nfc_err(&client->dev, "Need I2C_FUNC_I2C\n");
872 		return -ENODEV;
873 	}
874 
875 	phy = devm_kzalloc(&client->dev, sizeof(struct pn544_i2c_phy),
876 			   GFP_KERNEL);
877 	if (!phy) {
878 		nfc_err(&client->dev,
879 			"Cannot allocate memory for pn544 i2c phy.\n");
880 		return -ENOMEM;
881 	}
882 
883 	INIT_WORK(&phy->fw_work, pn544_hci_i2c_fw_work);
884 	phy->fw_work_state = FW_WORK_STATE_IDLE;
885 
886 	phy->i2c_dev = client;
887 	i2c_set_clientdata(client, phy);
888 
889 	pdata = client->dev.platform_data;
890 	if (pdata == NULL) {
891 		nfc_err(&client->dev, "No platform data\n");
892 		return -EINVAL;
893 	}
894 
895 	if (pdata->request_resources == NULL) {
896 		nfc_err(&client->dev, "request_resources() missing\n");
897 		return -EINVAL;
898 	}
899 
900 	r = pdata->request_resources(client);
901 	if (r) {
902 		nfc_err(&client->dev, "Cannot get platform resources\n");
903 		return r;
904 	}
905 
906 	phy->gpio_en = pdata->get_gpio(NFC_GPIO_ENABLE);
907 	phy->gpio_fw = pdata->get_gpio(NFC_GPIO_FW_RESET);
908 	phy->gpio_irq = pdata->get_gpio(NFC_GPIO_IRQ);
909 
910 	pn544_hci_i2c_platform_init(phy);
911 
912 	r = request_threaded_irq(client->irq, NULL, pn544_hci_i2c_irq_thread_fn,
913 				 IRQF_TRIGGER_RISING | IRQF_ONESHOT,
914 				 PN544_HCI_I2C_DRIVER_NAME, phy);
915 	if (r < 0) {
916 		nfc_err(&client->dev, "Unable to register IRQ handler\n");
917 		goto err_rti;
918 	}
919 
920 	r = pn544_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
921 			    PN544_I2C_FRAME_HEADROOM, PN544_I2C_FRAME_TAILROOM,
922 			    PN544_HCI_I2C_LLC_MAX_PAYLOAD,
923 			    pn544_hci_i2c_fw_download, &phy->hdev);
924 	if (r < 0)
925 		goto err_hci;
926 
927 	return 0;
928 
929 err_hci:
930 	free_irq(client->irq, phy);
931 
932 err_rti:
933 	if (pdata->free_resources != NULL)
934 		pdata->free_resources();
935 
936 	return r;
937 }
938 
939 static int pn544_hci_i2c_remove(struct i2c_client *client)
940 {
941 	struct pn544_i2c_phy *phy = i2c_get_clientdata(client);
942 	struct pn544_nfc_platform_data *pdata = client->dev.platform_data;
943 
944 	dev_dbg(&client->dev, "%s\n", __func__);
945 
946 	cancel_work_sync(&phy->fw_work);
947 	if (phy->fw_work_state != FW_WORK_STATE_IDLE)
948 		pn544_hci_i2c_fw_work_complete(phy, -ENODEV);
949 
950 	pn544_hci_remove(phy->hdev);
951 
952 	if (phy->powered)
953 		pn544_hci_i2c_disable(phy);
954 
955 	free_irq(client->irq, phy);
956 	if (pdata->free_resources)
957 		pdata->free_resources();
958 
959 	return 0;
960 }
961 
962 static struct i2c_driver pn544_hci_i2c_driver = {
963 	.driver = {
964 		   .name = PN544_HCI_I2C_DRIVER_NAME,
965 		  },
966 	.probe = pn544_hci_i2c_probe,
967 	.id_table = pn544_hci_i2c_id_table,
968 	.remove = pn544_hci_i2c_remove,
969 };
970 
971 module_i2c_driver(pn544_hci_i2c_driver);
972 
973 MODULE_LICENSE("GPL");
974 MODULE_DESCRIPTION(DRIVER_DESC);
975