1 /* 2 * I2C Link Layer for PN544 HCI based Driver 3 * 4 * Copyright (C) 2012 Intel Corporation. All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms and conditions of the GNU General Public License, 8 * version 2, as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 20 21 #include <linux/crc-ccitt.h> 22 #include <linux/module.h> 23 #include <linux/i2c.h> 24 #include <linux/gpio.h> 25 #include <linux/miscdevice.h> 26 #include <linux/interrupt.h> 27 #include <linux/delay.h> 28 #include <linux/nfc.h> 29 #include <linux/firmware.h> 30 #include <linux/unaligned/access_ok.h> 31 #include <linux/platform_data/pn544.h> 32 33 #include <net/nfc/hci.h> 34 #include <net/nfc/llc.h> 35 #include <net/nfc/nfc.h> 36 37 #include "pn544.h" 38 39 #define PN544_I2C_FRAME_HEADROOM 1 40 #define PN544_I2C_FRAME_TAILROOM 2 41 42 /* framing in HCI mode */ 43 #define PN544_HCI_I2C_LLC_LEN 1 44 #define PN544_HCI_I2C_LLC_CRC 2 45 #define PN544_HCI_I2C_LLC_LEN_CRC (PN544_HCI_I2C_LLC_LEN + \ 46 PN544_HCI_I2C_LLC_CRC) 47 #define PN544_HCI_I2C_LLC_MIN_SIZE (1 + PN544_HCI_I2C_LLC_LEN_CRC) 48 #define PN544_HCI_I2C_LLC_MAX_PAYLOAD 29 49 #define PN544_HCI_I2C_LLC_MAX_SIZE (PN544_HCI_I2C_LLC_LEN_CRC + 1 + \ 50 PN544_HCI_I2C_LLC_MAX_PAYLOAD) 51 52 static struct i2c_device_id pn544_hci_i2c_id_table[] = { 53 {"pn544", 0}, 54 {} 55 }; 56 57 MODULE_DEVICE_TABLE(i2c, pn544_hci_i2c_id_table); 58 59 #define PN544_HCI_I2C_DRIVER_NAME "pn544_hci_i2c" 60 61 /* 62 * Exposed through the 4 most significant bytes 63 * from the HCI SW_VERSION first byte, a.k.a. 64 * SW RomLib. 65 */ 66 #define PN544_HW_VARIANT_C2 0xa 67 #define PN544_HW_VARIANT_C3 0xb 68 69 #define PN544_FW_CMD_RESET 0x01 70 #define PN544_FW_CMD_WRITE 0x08 71 #define PN544_FW_CMD_CHECK 0x06 72 #define PN544_FW_CMD_SECURE_WRITE 0x0C 73 #define PN544_FW_CMD_SECURE_CHUNK_WRITE 0x0D 74 75 struct pn544_i2c_fw_frame_write { 76 u8 cmd; 77 u16 be_length; 78 u8 be_dest_addr[3]; 79 u16 be_datalen; 80 u8 data[]; 81 } __packed; 82 83 struct pn544_i2c_fw_frame_check { 84 u8 cmd; 85 u16 be_length; 86 u8 be_start_addr[3]; 87 u16 be_datalen; 88 u16 be_crc; 89 } __packed; 90 91 struct pn544_i2c_fw_frame_response { 92 u8 status; 93 u16 be_length; 94 } __packed; 95 96 struct pn544_i2c_fw_blob { 97 u32 be_size; 98 u32 be_destaddr; 99 u8 data[]; 100 }; 101 102 struct pn544_i2c_fw_secure_frame { 103 u8 cmd; 104 u16 be_datalen; 105 u8 data[]; 106 } __packed; 107 108 struct pn544_i2c_fw_secure_blob { 109 u64 header; 110 u8 data[]; 111 }; 112 113 #define PN544_FW_CMD_RESULT_TIMEOUT 0x01 114 #define PN544_FW_CMD_RESULT_BAD_CRC 0x02 115 #define PN544_FW_CMD_RESULT_ACCESS_DENIED 0x08 116 #define PN544_FW_CMD_RESULT_PROTOCOL_ERROR 0x0B 117 #define PN544_FW_CMD_RESULT_INVALID_PARAMETER 0x11 118 #define PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND 0x13 119 #define PN544_FW_CMD_RESULT_INVALID_LENGTH 0x18 120 #define PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR 0x19 121 #define PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR 0x1D 122 #define PN544_FW_CMD_RESULT_MEMORY_ERROR 0x20 123 #define PN544_FW_CMD_RESULT_CHUNK_OK 0x21 124 #define PN544_FW_CMD_RESULT_WRITE_FAILED 0x74 125 #define PN544_FW_CMD_RESULT_COMMAND_REJECTED 0xE0 126 #define PN544_FW_CMD_RESULT_CHUNK_ERROR 0xE6 127 128 #define MIN(X, Y) ((X) < (Y) ? (X) : (Y)) 129 130 #define PN544_FW_WRITE_BUFFER_MAX_LEN 0x9f7 131 #define PN544_FW_I2C_MAX_PAYLOAD PN544_HCI_I2C_LLC_MAX_SIZE 132 #define PN544_FW_I2C_WRITE_FRAME_HEADER_LEN 8 133 #define PN544_FW_I2C_WRITE_DATA_MAX_LEN MIN((PN544_FW_I2C_MAX_PAYLOAD -\ 134 PN544_FW_I2C_WRITE_FRAME_HEADER_LEN),\ 135 PN544_FW_WRITE_BUFFER_MAX_LEN) 136 #define PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN 3 137 #define PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN (PN544_FW_I2C_MAX_PAYLOAD -\ 138 PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN) 139 #define PN544_FW_SECURE_FRAME_HEADER_LEN 3 140 #define PN544_FW_SECURE_BLOB_HEADER_LEN 8 141 142 #define FW_WORK_STATE_IDLE 1 143 #define FW_WORK_STATE_START 2 144 #define FW_WORK_STATE_WAIT_WRITE_ANSWER 3 145 #define FW_WORK_STATE_WAIT_CHECK_ANSWER 4 146 #define FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER 5 147 148 struct pn544_i2c_phy { 149 struct i2c_client *i2c_dev; 150 struct nfc_hci_dev *hdev; 151 152 unsigned int gpio_en; 153 unsigned int gpio_irq; 154 unsigned int gpio_fw; 155 unsigned int en_polarity; 156 157 u8 hw_variant; 158 159 struct work_struct fw_work; 160 int fw_work_state; 161 char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1]; 162 const struct firmware *fw; 163 u32 fw_blob_dest_addr; 164 size_t fw_blob_size; 165 const u8 *fw_blob_data; 166 size_t fw_written; 167 size_t fw_size; 168 169 int fw_cmd_result; 170 171 int powered; 172 int run_mode; 173 174 int hard_fault; /* 175 * < 0 if hardware error occured (e.g. i2c err) 176 * and prevents normal operation. 177 */ 178 }; 179 180 #define I2C_DUMP_SKB(info, skb) \ 181 do { \ 182 pr_debug("%s:\n", info); \ 183 print_hex_dump(KERN_DEBUG, "i2c: ", DUMP_PREFIX_OFFSET, \ 184 16, 1, (skb)->data, (skb)->len, 0); \ 185 } while (0) 186 187 static void pn544_hci_i2c_platform_init(struct pn544_i2c_phy *phy) 188 { 189 int polarity, retry, ret; 190 char rset_cmd[] = { 0x05, 0xF9, 0x04, 0x00, 0xC3, 0xE5 }; 191 int count = sizeof(rset_cmd); 192 193 nfc_info(&phy->i2c_dev->dev, "Detecting nfc_en polarity\n"); 194 195 /* Disable fw download */ 196 gpio_set_value(phy->gpio_fw, 0); 197 198 for (polarity = 0; polarity < 2; polarity++) { 199 phy->en_polarity = polarity; 200 retry = 3; 201 while (retry--) { 202 /* power off */ 203 gpio_set_value(phy->gpio_en, !phy->en_polarity); 204 usleep_range(10000, 15000); 205 206 /* power on */ 207 gpio_set_value(phy->gpio_en, phy->en_polarity); 208 usleep_range(10000, 15000); 209 210 /* send reset */ 211 dev_dbg(&phy->i2c_dev->dev, "Sending reset cmd\n"); 212 ret = i2c_master_send(phy->i2c_dev, rset_cmd, count); 213 if (ret == count) { 214 nfc_info(&phy->i2c_dev->dev, 215 "nfc_en polarity : active %s\n", 216 (polarity == 0 ? "low" : "high")); 217 goto out; 218 } 219 } 220 } 221 222 nfc_err(&phy->i2c_dev->dev, 223 "Could not detect nfc_en polarity, fallback to active high\n"); 224 225 out: 226 gpio_set_value(phy->gpio_en, !phy->en_polarity); 227 } 228 229 static void pn544_hci_i2c_enable_mode(struct pn544_i2c_phy *phy, int run_mode) 230 { 231 gpio_set_value(phy->gpio_fw, run_mode == PN544_FW_MODE ? 1 : 0); 232 gpio_set_value(phy->gpio_en, phy->en_polarity); 233 usleep_range(10000, 15000); 234 235 phy->run_mode = run_mode; 236 } 237 238 static int pn544_hci_i2c_enable(void *phy_id) 239 { 240 struct pn544_i2c_phy *phy = phy_id; 241 242 pr_info("%s\n", __func__); 243 244 pn544_hci_i2c_enable_mode(phy, PN544_HCI_MODE); 245 246 phy->powered = 1; 247 248 return 0; 249 } 250 251 static void pn544_hci_i2c_disable(void *phy_id) 252 { 253 struct pn544_i2c_phy *phy = phy_id; 254 255 gpio_set_value(phy->gpio_fw, 0); 256 gpio_set_value(phy->gpio_en, !phy->en_polarity); 257 usleep_range(10000, 15000); 258 259 gpio_set_value(phy->gpio_en, phy->en_polarity); 260 usleep_range(10000, 15000); 261 262 gpio_set_value(phy->gpio_en, !phy->en_polarity); 263 usleep_range(10000, 15000); 264 265 phy->powered = 0; 266 } 267 268 static void pn544_hci_i2c_add_len_crc(struct sk_buff *skb) 269 { 270 u16 crc; 271 int len; 272 273 len = skb->len + 2; 274 *skb_push(skb, 1) = len; 275 276 crc = crc_ccitt(0xffff, skb->data, skb->len); 277 crc = ~crc; 278 *skb_put(skb, 1) = crc & 0xff; 279 *skb_put(skb, 1) = crc >> 8; 280 } 281 282 static void pn544_hci_i2c_remove_len_crc(struct sk_buff *skb) 283 { 284 skb_pull(skb, PN544_I2C_FRAME_HEADROOM); 285 skb_trim(skb, PN544_I2C_FRAME_TAILROOM); 286 } 287 288 /* 289 * Writing a frame must not return the number of written bytes. 290 * It must return either zero for success, or <0 for error. 291 * In addition, it must not alter the skb 292 */ 293 static int pn544_hci_i2c_write(void *phy_id, struct sk_buff *skb) 294 { 295 int r; 296 struct pn544_i2c_phy *phy = phy_id; 297 struct i2c_client *client = phy->i2c_dev; 298 299 if (phy->hard_fault != 0) 300 return phy->hard_fault; 301 302 usleep_range(3000, 6000); 303 304 pn544_hci_i2c_add_len_crc(skb); 305 306 I2C_DUMP_SKB("i2c frame written", skb); 307 308 r = i2c_master_send(client, skb->data, skb->len); 309 310 if (r == -EREMOTEIO) { /* Retry, chip was in standby */ 311 usleep_range(6000, 10000); 312 r = i2c_master_send(client, skb->data, skb->len); 313 } 314 315 if (r >= 0) { 316 if (r != skb->len) 317 r = -EREMOTEIO; 318 else 319 r = 0; 320 } 321 322 pn544_hci_i2c_remove_len_crc(skb); 323 324 return r; 325 } 326 327 static int check_crc(u8 *buf, int buflen) 328 { 329 int len; 330 u16 crc; 331 332 len = buf[0] + 1; 333 crc = crc_ccitt(0xffff, buf, len - 2); 334 crc = ~crc; 335 336 if (buf[len - 2] != (crc & 0xff) || buf[len - 1] != (crc >> 8)) { 337 pr_err("CRC error 0x%x != 0x%x 0x%x\n", 338 crc, buf[len - 1], buf[len - 2]); 339 pr_info("%s: BAD CRC\n", __func__); 340 print_hex_dump(KERN_DEBUG, "crc: ", DUMP_PREFIX_NONE, 341 16, 2, buf, buflen, false); 342 return -EPERM; 343 } 344 return 0; 345 } 346 347 /* 348 * Reads an shdlc frame and returns it in a newly allocated sk_buff. Guarantees 349 * that i2c bus will be flushed and that next read will start on a new frame. 350 * returned skb contains only LLC header and payload. 351 * returns: 352 * -EREMOTEIO : i2c read error (fatal) 353 * -EBADMSG : frame was incorrect and discarded 354 * -ENOMEM : cannot allocate skb, frame dropped 355 */ 356 static int pn544_hci_i2c_read(struct pn544_i2c_phy *phy, struct sk_buff **skb) 357 { 358 int r; 359 u8 len; 360 u8 tmp[PN544_HCI_I2C_LLC_MAX_SIZE - 1]; 361 struct i2c_client *client = phy->i2c_dev; 362 363 r = i2c_master_recv(client, &len, 1); 364 if (r != 1) { 365 nfc_err(&client->dev, "cannot read len byte\n"); 366 return -EREMOTEIO; 367 } 368 369 if ((len < (PN544_HCI_I2C_LLC_MIN_SIZE - 1)) || 370 (len > (PN544_HCI_I2C_LLC_MAX_SIZE - 1))) { 371 nfc_err(&client->dev, "invalid len byte\n"); 372 r = -EBADMSG; 373 goto flush; 374 } 375 376 *skb = alloc_skb(1 + len, GFP_KERNEL); 377 if (*skb == NULL) { 378 r = -ENOMEM; 379 goto flush; 380 } 381 382 *skb_put(*skb, 1) = len; 383 384 r = i2c_master_recv(client, skb_put(*skb, len), len); 385 if (r != len) { 386 kfree_skb(*skb); 387 return -EREMOTEIO; 388 } 389 390 I2C_DUMP_SKB("i2c frame read", *skb); 391 392 r = check_crc((*skb)->data, (*skb)->len); 393 if (r != 0) { 394 kfree_skb(*skb); 395 r = -EBADMSG; 396 goto flush; 397 } 398 399 skb_pull(*skb, 1); 400 skb_trim(*skb, (*skb)->len - 2); 401 402 usleep_range(3000, 6000); 403 404 return 0; 405 406 flush: 407 if (i2c_master_recv(client, tmp, sizeof(tmp)) < 0) 408 r = -EREMOTEIO; 409 410 usleep_range(3000, 6000); 411 412 return r; 413 } 414 415 static int pn544_hci_i2c_fw_read_status(struct pn544_i2c_phy *phy) 416 { 417 int r; 418 struct pn544_i2c_fw_frame_response response; 419 struct i2c_client *client = phy->i2c_dev; 420 421 r = i2c_master_recv(client, (char *) &response, sizeof(response)); 422 if (r != sizeof(response)) { 423 nfc_err(&client->dev, "cannot read fw status\n"); 424 return -EIO; 425 } 426 427 usleep_range(3000, 6000); 428 429 switch (response.status) { 430 case 0: 431 return 0; 432 case PN544_FW_CMD_RESULT_CHUNK_OK: 433 return response.status; 434 case PN544_FW_CMD_RESULT_TIMEOUT: 435 return -ETIMEDOUT; 436 case PN544_FW_CMD_RESULT_BAD_CRC: 437 return -ENODATA; 438 case PN544_FW_CMD_RESULT_ACCESS_DENIED: 439 return -EACCES; 440 case PN544_FW_CMD_RESULT_PROTOCOL_ERROR: 441 return -EPROTO; 442 case PN544_FW_CMD_RESULT_INVALID_PARAMETER: 443 return -EINVAL; 444 case PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND: 445 return -ENOTSUPP; 446 case PN544_FW_CMD_RESULT_INVALID_LENGTH: 447 return -EBADMSG; 448 case PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR: 449 return -ENOKEY; 450 case PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR: 451 return -EINVAL; 452 case PN544_FW_CMD_RESULT_MEMORY_ERROR: 453 return -ENOMEM; 454 case PN544_FW_CMD_RESULT_COMMAND_REJECTED: 455 return -EACCES; 456 case PN544_FW_CMD_RESULT_WRITE_FAILED: 457 case PN544_FW_CMD_RESULT_CHUNK_ERROR: 458 return -EIO; 459 default: 460 return -EIO; 461 } 462 } 463 464 /* 465 * Reads an shdlc frame from the chip. This is not as straightforward as it 466 * seems. There are cases where we could loose the frame start synchronization. 467 * The frame format is len-data-crc, and corruption can occur anywhere while 468 * transiting on i2c bus, such that we could read an invalid len. 469 * In order to recover synchronization with the next frame, we must be sure 470 * to read the real amount of data without using the len byte. We do this by 471 * assuming the following: 472 * - the chip will always present only one single complete frame on the bus 473 * before triggering the interrupt 474 * - the chip will not present a new frame until we have completely read 475 * the previous one (or until we have handled the interrupt). 476 * The tricky case is when we read a corrupted len that is less than the real 477 * len. We must detect this here in order to determine that we need to flush 478 * the bus. This is the reason why we check the crc here. 479 */ 480 static irqreturn_t pn544_hci_i2c_irq_thread_fn(int irq, void *phy_id) 481 { 482 struct pn544_i2c_phy *phy = phy_id; 483 struct i2c_client *client; 484 struct sk_buff *skb = NULL; 485 int r; 486 487 if (!phy || irq != phy->i2c_dev->irq) { 488 WARN_ON_ONCE(1); 489 return IRQ_NONE; 490 } 491 492 client = phy->i2c_dev; 493 dev_dbg(&client->dev, "IRQ\n"); 494 495 if (phy->hard_fault != 0) 496 return IRQ_HANDLED; 497 498 if (phy->run_mode == PN544_FW_MODE) { 499 phy->fw_cmd_result = pn544_hci_i2c_fw_read_status(phy); 500 schedule_work(&phy->fw_work); 501 } else { 502 r = pn544_hci_i2c_read(phy, &skb); 503 if (r == -EREMOTEIO) { 504 phy->hard_fault = r; 505 506 nfc_hci_recv_frame(phy->hdev, NULL); 507 508 return IRQ_HANDLED; 509 } else if ((r == -ENOMEM) || (r == -EBADMSG)) { 510 return IRQ_HANDLED; 511 } 512 513 nfc_hci_recv_frame(phy->hdev, skb); 514 } 515 return IRQ_HANDLED; 516 } 517 518 static struct nfc_phy_ops i2c_phy_ops = { 519 .write = pn544_hci_i2c_write, 520 .enable = pn544_hci_i2c_enable, 521 .disable = pn544_hci_i2c_disable, 522 }; 523 524 static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name, 525 u8 hw_variant) 526 { 527 struct pn544_i2c_phy *phy = phy_id; 528 529 pr_info("Starting Firmware Download (%s)\n", firmware_name); 530 531 strcpy(phy->firmware_name, firmware_name); 532 533 phy->hw_variant = hw_variant; 534 phy->fw_work_state = FW_WORK_STATE_START; 535 536 schedule_work(&phy->fw_work); 537 538 return 0; 539 } 540 541 static void pn544_hci_i2c_fw_work_complete(struct pn544_i2c_phy *phy, 542 int result) 543 { 544 pr_info("Firmware Download Complete, result=%d\n", result); 545 546 pn544_hci_i2c_disable(phy); 547 548 phy->fw_work_state = FW_WORK_STATE_IDLE; 549 550 if (phy->fw) { 551 release_firmware(phy->fw); 552 phy->fw = NULL; 553 } 554 555 nfc_fw_download_done(phy->hdev->ndev, phy->firmware_name, (u32) -result); 556 } 557 558 static int pn544_hci_i2c_fw_write_cmd(struct i2c_client *client, u32 dest_addr, 559 const u8 *data, u16 datalen) 560 { 561 u8 frame[PN544_FW_I2C_MAX_PAYLOAD]; 562 struct pn544_i2c_fw_frame_write *framep; 563 u16 params_len; 564 int framelen; 565 int r; 566 567 if (datalen > PN544_FW_I2C_WRITE_DATA_MAX_LEN) 568 datalen = PN544_FW_I2C_WRITE_DATA_MAX_LEN; 569 570 framep = (struct pn544_i2c_fw_frame_write *) frame; 571 572 params_len = sizeof(framep->be_dest_addr) + 573 sizeof(framep->be_datalen) + datalen; 574 framelen = params_len + sizeof(framep->cmd) + 575 sizeof(framep->be_length); 576 577 framep->cmd = PN544_FW_CMD_WRITE; 578 579 put_unaligned_be16(params_len, &framep->be_length); 580 581 framep->be_dest_addr[0] = (dest_addr & 0xff0000) >> 16; 582 framep->be_dest_addr[1] = (dest_addr & 0xff00) >> 8; 583 framep->be_dest_addr[2] = dest_addr & 0xff; 584 585 put_unaligned_be16(datalen, &framep->be_datalen); 586 587 memcpy(framep->data, data, datalen); 588 589 r = i2c_master_send(client, frame, framelen); 590 591 if (r == framelen) 592 return datalen; 593 else if (r < 0) 594 return r; 595 else 596 return -EIO; 597 } 598 599 static int pn544_hci_i2c_fw_check_cmd(struct i2c_client *client, u32 start_addr, 600 const u8 *data, u16 datalen) 601 { 602 struct pn544_i2c_fw_frame_check frame; 603 int r; 604 u16 crc; 605 606 /* calculate local crc for the data we want to check */ 607 crc = crc_ccitt(0xffff, data, datalen); 608 609 frame.cmd = PN544_FW_CMD_CHECK; 610 611 put_unaligned_be16(sizeof(frame.be_start_addr) + 612 sizeof(frame.be_datalen) + sizeof(frame.be_crc), 613 &frame.be_length); 614 615 /* tell the chip the memory region to which our crc applies */ 616 frame.be_start_addr[0] = (start_addr & 0xff0000) >> 16; 617 frame.be_start_addr[1] = (start_addr & 0xff00) >> 8; 618 frame.be_start_addr[2] = start_addr & 0xff; 619 620 put_unaligned_be16(datalen, &frame.be_datalen); 621 622 /* 623 * and give our local crc. Chip will calculate its own crc for the 624 * region and compare with ours. 625 */ 626 put_unaligned_be16(crc, &frame.be_crc); 627 628 r = i2c_master_send(client, (const char *) &frame, sizeof(frame)); 629 630 if (r == sizeof(frame)) 631 return 0; 632 else if (r < 0) 633 return r; 634 else 635 return -EIO; 636 } 637 638 static int pn544_hci_i2c_fw_write_chunk(struct pn544_i2c_phy *phy) 639 { 640 int r; 641 642 r = pn544_hci_i2c_fw_write_cmd(phy->i2c_dev, 643 phy->fw_blob_dest_addr + phy->fw_written, 644 phy->fw_blob_data + phy->fw_written, 645 phy->fw_blob_size - phy->fw_written); 646 if (r < 0) 647 return r; 648 649 phy->fw_written += r; 650 phy->fw_work_state = FW_WORK_STATE_WAIT_WRITE_ANSWER; 651 652 return 0; 653 } 654 655 static int pn544_hci_i2c_fw_secure_write_frame_cmd(struct pn544_i2c_phy *phy, 656 const u8 *data, u16 datalen) 657 { 658 u8 buf[PN544_FW_I2C_MAX_PAYLOAD]; 659 struct pn544_i2c_fw_secure_frame *chunk; 660 int chunklen; 661 int r; 662 663 if (datalen > PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN) 664 datalen = PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN; 665 666 chunk = (struct pn544_i2c_fw_secure_frame *) buf; 667 668 chunk->cmd = PN544_FW_CMD_SECURE_CHUNK_WRITE; 669 670 put_unaligned_be16(datalen, &chunk->be_datalen); 671 672 memcpy(chunk->data, data, datalen); 673 674 chunklen = sizeof(chunk->cmd) + sizeof(chunk->be_datalen) + datalen; 675 676 r = i2c_master_send(phy->i2c_dev, buf, chunklen); 677 678 if (r == chunklen) 679 return datalen; 680 else if (r < 0) 681 return r; 682 else 683 return -EIO; 684 685 } 686 687 static int pn544_hci_i2c_fw_secure_write_frame(struct pn544_i2c_phy *phy) 688 { 689 struct pn544_i2c_fw_secure_frame *framep; 690 int r; 691 692 framep = (struct pn544_i2c_fw_secure_frame *) phy->fw_blob_data; 693 if (phy->fw_written == 0) 694 phy->fw_blob_size = get_unaligned_be16(&framep->be_datalen) 695 + PN544_FW_SECURE_FRAME_HEADER_LEN; 696 697 /* Only secure write command can be chunked*/ 698 if (phy->fw_blob_size > PN544_FW_I2C_MAX_PAYLOAD && 699 framep->cmd != PN544_FW_CMD_SECURE_WRITE) 700 return -EINVAL; 701 702 /* The firmware also have other commands, we just send them directly */ 703 if (phy->fw_blob_size < PN544_FW_I2C_MAX_PAYLOAD) { 704 r = i2c_master_send(phy->i2c_dev, 705 (const char *) phy->fw_blob_data, phy->fw_blob_size); 706 707 if (r == phy->fw_blob_size) 708 goto exit; 709 else if (r < 0) 710 return r; 711 else 712 return -EIO; 713 } 714 715 r = pn544_hci_i2c_fw_secure_write_frame_cmd(phy, 716 phy->fw_blob_data + phy->fw_written, 717 phy->fw_blob_size - phy->fw_written); 718 if (r < 0) 719 return r; 720 721 exit: 722 phy->fw_written += r; 723 phy->fw_work_state = FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER; 724 725 /* SW reset command will not trig any response from PN544 */ 726 if (framep->cmd == PN544_FW_CMD_RESET) { 727 pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE); 728 phy->fw_cmd_result = 0; 729 schedule_work(&phy->fw_work); 730 } 731 732 return 0; 733 } 734 735 static void pn544_hci_i2c_fw_work(struct work_struct *work) 736 { 737 struct pn544_i2c_phy *phy = container_of(work, struct pn544_i2c_phy, 738 fw_work); 739 int r; 740 struct pn544_i2c_fw_blob *blob; 741 struct pn544_i2c_fw_secure_blob *secure_blob; 742 743 switch (phy->fw_work_state) { 744 case FW_WORK_STATE_START: 745 pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE); 746 747 r = request_firmware(&phy->fw, phy->firmware_name, 748 &phy->i2c_dev->dev); 749 if (r < 0) 750 goto exit_state_start; 751 752 phy->fw_written = 0; 753 754 switch (phy->hw_variant) { 755 case PN544_HW_VARIANT_C2: 756 blob = (struct pn544_i2c_fw_blob *) phy->fw->data; 757 phy->fw_blob_size = get_unaligned_be32(&blob->be_size); 758 phy->fw_blob_dest_addr = get_unaligned_be32( 759 &blob->be_destaddr); 760 phy->fw_blob_data = blob->data; 761 762 r = pn544_hci_i2c_fw_write_chunk(phy); 763 break; 764 case PN544_HW_VARIANT_C3: 765 secure_blob = (struct pn544_i2c_fw_secure_blob *) 766 phy->fw->data; 767 phy->fw_blob_data = secure_blob->data; 768 phy->fw_size = phy->fw->size; 769 r = pn544_hci_i2c_fw_secure_write_frame(phy); 770 break; 771 default: 772 r = -ENOTSUPP; 773 break; 774 } 775 776 exit_state_start: 777 if (r < 0) 778 pn544_hci_i2c_fw_work_complete(phy, r); 779 break; 780 781 case FW_WORK_STATE_WAIT_WRITE_ANSWER: 782 r = phy->fw_cmd_result; 783 if (r < 0) 784 goto exit_state_wait_write_answer; 785 786 if (phy->fw_written == phy->fw_blob_size) { 787 r = pn544_hci_i2c_fw_check_cmd(phy->i2c_dev, 788 phy->fw_blob_dest_addr, 789 phy->fw_blob_data, 790 phy->fw_blob_size); 791 if (r < 0) 792 goto exit_state_wait_write_answer; 793 phy->fw_work_state = FW_WORK_STATE_WAIT_CHECK_ANSWER; 794 break; 795 } 796 797 r = pn544_hci_i2c_fw_write_chunk(phy); 798 799 exit_state_wait_write_answer: 800 if (r < 0) 801 pn544_hci_i2c_fw_work_complete(phy, r); 802 break; 803 804 case FW_WORK_STATE_WAIT_CHECK_ANSWER: 805 r = phy->fw_cmd_result; 806 if (r < 0) 807 goto exit_state_wait_check_answer; 808 809 blob = (struct pn544_i2c_fw_blob *) (phy->fw_blob_data + 810 phy->fw_blob_size); 811 phy->fw_blob_size = get_unaligned_be32(&blob->be_size); 812 if (phy->fw_blob_size != 0) { 813 phy->fw_blob_dest_addr = 814 get_unaligned_be32(&blob->be_destaddr); 815 phy->fw_blob_data = blob->data; 816 817 phy->fw_written = 0; 818 r = pn544_hci_i2c_fw_write_chunk(phy); 819 } 820 821 exit_state_wait_check_answer: 822 if (r < 0 || phy->fw_blob_size == 0) 823 pn544_hci_i2c_fw_work_complete(phy, r); 824 break; 825 826 case FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER: 827 r = phy->fw_cmd_result; 828 if (r < 0) 829 goto exit_state_wait_secure_write_answer; 830 831 if (r == PN544_FW_CMD_RESULT_CHUNK_OK) { 832 r = pn544_hci_i2c_fw_secure_write_frame(phy); 833 goto exit_state_wait_secure_write_answer; 834 } 835 836 if (phy->fw_written == phy->fw_blob_size) { 837 secure_blob = (struct pn544_i2c_fw_secure_blob *) 838 (phy->fw_blob_data + phy->fw_blob_size); 839 phy->fw_size -= phy->fw_blob_size + 840 PN544_FW_SECURE_BLOB_HEADER_LEN; 841 if (phy->fw_size >= PN544_FW_SECURE_BLOB_HEADER_LEN 842 + PN544_FW_SECURE_FRAME_HEADER_LEN) { 843 phy->fw_blob_data = secure_blob->data; 844 845 phy->fw_written = 0; 846 r = pn544_hci_i2c_fw_secure_write_frame(phy); 847 } 848 } 849 850 exit_state_wait_secure_write_answer: 851 if (r < 0 || phy->fw_size == 0) 852 pn544_hci_i2c_fw_work_complete(phy, r); 853 break; 854 855 default: 856 break; 857 } 858 } 859 860 static int pn544_hci_i2c_probe(struct i2c_client *client, 861 const struct i2c_device_id *id) 862 { 863 struct pn544_i2c_phy *phy; 864 struct pn544_nfc_platform_data *pdata; 865 int r = 0; 866 867 dev_dbg(&client->dev, "%s\n", __func__); 868 dev_dbg(&client->dev, "IRQ: %d\n", client->irq); 869 870 if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 871 nfc_err(&client->dev, "Need I2C_FUNC_I2C\n"); 872 return -ENODEV; 873 } 874 875 phy = devm_kzalloc(&client->dev, sizeof(struct pn544_i2c_phy), 876 GFP_KERNEL); 877 if (!phy) { 878 nfc_err(&client->dev, 879 "Cannot allocate memory for pn544 i2c phy.\n"); 880 return -ENOMEM; 881 } 882 883 INIT_WORK(&phy->fw_work, pn544_hci_i2c_fw_work); 884 phy->fw_work_state = FW_WORK_STATE_IDLE; 885 886 phy->i2c_dev = client; 887 i2c_set_clientdata(client, phy); 888 889 pdata = client->dev.platform_data; 890 if (pdata == NULL) { 891 nfc_err(&client->dev, "No platform data\n"); 892 return -EINVAL; 893 } 894 895 if (pdata->request_resources == NULL) { 896 nfc_err(&client->dev, "request_resources() missing\n"); 897 return -EINVAL; 898 } 899 900 r = pdata->request_resources(client); 901 if (r) { 902 nfc_err(&client->dev, "Cannot get platform resources\n"); 903 return r; 904 } 905 906 phy->gpio_en = pdata->get_gpio(NFC_GPIO_ENABLE); 907 phy->gpio_fw = pdata->get_gpio(NFC_GPIO_FW_RESET); 908 phy->gpio_irq = pdata->get_gpio(NFC_GPIO_IRQ); 909 910 pn544_hci_i2c_platform_init(phy); 911 912 r = request_threaded_irq(client->irq, NULL, pn544_hci_i2c_irq_thread_fn, 913 IRQF_TRIGGER_RISING | IRQF_ONESHOT, 914 PN544_HCI_I2C_DRIVER_NAME, phy); 915 if (r < 0) { 916 nfc_err(&client->dev, "Unable to register IRQ handler\n"); 917 goto err_rti; 918 } 919 920 r = pn544_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME, 921 PN544_I2C_FRAME_HEADROOM, PN544_I2C_FRAME_TAILROOM, 922 PN544_HCI_I2C_LLC_MAX_PAYLOAD, 923 pn544_hci_i2c_fw_download, &phy->hdev); 924 if (r < 0) 925 goto err_hci; 926 927 return 0; 928 929 err_hci: 930 free_irq(client->irq, phy); 931 932 err_rti: 933 if (pdata->free_resources != NULL) 934 pdata->free_resources(); 935 936 return r; 937 } 938 939 static int pn544_hci_i2c_remove(struct i2c_client *client) 940 { 941 struct pn544_i2c_phy *phy = i2c_get_clientdata(client); 942 struct pn544_nfc_platform_data *pdata = client->dev.platform_data; 943 944 dev_dbg(&client->dev, "%s\n", __func__); 945 946 cancel_work_sync(&phy->fw_work); 947 if (phy->fw_work_state != FW_WORK_STATE_IDLE) 948 pn544_hci_i2c_fw_work_complete(phy, -ENODEV); 949 950 pn544_hci_remove(phy->hdev); 951 952 if (phy->powered) 953 pn544_hci_i2c_disable(phy); 954 955 free_irq(client->irq, phy); 956 if (pdata->free_resources) 957 pdata->free_resources(); 958 959 return 0; 960 } 961 962 static struct i2c_driver pn544_hci_i2c_driver = { 963 .driver = { 964 .name = PN544_HCI_I2C_DRIVER_NAME, 965 }, 966 .probe = pn544_hci_i2c_probe, 967 .id_table = pn544_hci_i2c_id_table, 968 .remove = pn544_hci_i2c_remove, 969 }; 970 971 module_i2c_driver(pn544_hci_i2c_driver); 972 973 MODULE_LICENSE("GPL"); 974 MODULE_DESCRIPTION(DRIVER_DESC); 975