xref: /openbmc/qemu/hw/arm/nseries.c (revision a42e9c41)
1 /*
2  * Nokia N-series internet tablets.
3  *
4  * Copyright (C) 2007 Nokia Corporation
5  * Written by Andrzej Zaborowski <andrew@openedhand.com>
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License as
9  * published by the Free Software Foundation; either version 2 or
10  * (at your option) version 3 of the License.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along
18  * with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu-common.h"
22 #include "sysemu/sysemu.h"
23 #include "hw/arm/omap.h"
24 #include "hw/arm/arm.h"
25 #include "hw/irq.h"
26 #include "ui/console.h"
27 #include "hw/boards.h"
28 #include "hw/i2c/i2c.h"
29 #include "hw/devices.h"
30 #include "hw/block/flash.h"
31 #include "hw/hw.h"
32 #include "hw/bt.h"
33 #include "hw/loader.h"
34 #include "sysemu/blockdev.h"
35 #include "hw/sysbus.h"
36 #include "exec/address-spaces.h"
37 
38 /* Nokia N8x0 support */
39 struct n800_s {
40     struct omap_mpu_state_s *mpu;
41 
42     struct rfbi_chip_s blizzard;
43     struct {
44         void *opaque;
45         uint32_t (*txrx)(void *opaque, uint32_t value, int len);
46         uWireSlave *chip;
47     } ts;
48 
49     int keymap[0x80];
50     DeviceState *kbd;
51 
52     DeviceState *usb;
53     void *retu;
54     void *tahvo;
55     DeviceState *nand;
56 };
57 
58 /* GPIO pins */
59 #define N8X0_TUSB_ENABLE_GPIO		0
60 #define N800_MMC2_WP_GPIO		8
61 #define N800_UNKNOWN_GPIO0		9	/* out */
62 #define N810_MMC2_VIOSD_GPIO		9
63 #define N810_HEADSET_AMP_GPIO		10
64 #define N800_CAM_TURN_GPIO		12
65 #define N810_GPS_RESET_GPIO		12
66 #define N800_BLIZZARD_POWERDOWN_GPIO	15
67 #define N800_MMC1_WP_GPIO		23
68 #define N810_MMC2_VSD_GPIO		23
69 #define N8X0_ONENAND_GPIO		26
70 #define N810_BLIZZARD_RESET_GPIO	30
71 #define N800_UNKNOWN_GPIO2		53	/* out */
72 #define N8X0_TUSB_INT_GPIO		58
73 #define N8X0_BT_WKUP_GPIO		61
74 #define N8X0_STI_GPIO			62
75 #define N8X0_CBUS_SEL_GPIO		64
76 #define N8X0_CBUS_DAT_GPIO		65
77 #define N8X0_CBUS_CLK_GPIO		66
78 #define N8X0_WLAN_IRQ_GPIO		87
79 #define N8X0_BT_RESET_GPIO		92
80 #define N8X0_TEA5761_CS_GPIO		93
81 #define N800_UNKNOWN_GPIO		94
82 #define N810_TSC_RESET_GPIO		94
83 #define N800_CAM_ACT_GPIO		95
84 #define N810_GPS_WAKEUP_GPIO		95
85 #define N8X0_MMC_CS_GPIO		96
86 #define N8X0_WLAN_PWR_GPIO		97
87 #define N8X0_BT_HOST_WKUP_GPIO		98
88 #define N810_SPEAKER_AMP_GPIO		101
89 #define N810_KB_LOCK_GPIO		102
90 #define N800_TSC_TS_GPIO		103
91 #define N810_TSC_TS_GPIO		106
92 #define N8X0_HEADPHONE_GPIO		107
93 #define N8X0_RETU_GPIO			108
94 #define N800_TSC_KP_IRQ_GPIO		109
95 #define N810_KEYBOARD_GPIO		109
96 #define N800_BAT_COVER_GPIO		110
97 #define N810_SLIDE_GPIO			110
98 #define N8X0_TAHVO_GPIO			111
99 #define N800_UNKNOWN_GPIO4		112	/* out */
100 #define N810_SLEEPX_LED_GPIO		112
101 #define N800_TSC_RESET_GPIO		118	/* ? */
102 #define N810_AIC33_RESET_GPIO		118
103 #define N800_TSC_UNKNOWN_GPIO		119	/* out */
104 #define N8X0_TMP105_GPIO		125
105 
106 /* Config */
107 #define BT_UART				0
108 #define XLDR_LL_UART			1
109 
110 /* Addresses on the I2C bus 0 */
111 #define N810_TLV320AIC33_ADDR		0x18	/* Audio CODEC */
112 #define N8X0_TCM825x_ADDR		0x29	/* Camera */
113 #define N810_LP5521_ADDR		0x32	/* LEDs */
114 #define N810_TSL2563_ADDR		0x3d	/* Light sensor */
115 #define N810_LM8323_ADDR		0x45	/* Keyboard */
116 /* Addresses on the I2C bus 1 */
117 #define N8X0_TMP105_ADDR		0x48	/* Temperature sensor */
118 #define N8X0_MENELAUS_ADDR		0x72	/* Power management */
119 
120 /* Chipselects on GPMC NOR interface */
121 #define N8X0_ONENAND_CS			0
122 #define N8X0_USB_ASYNC_CS		1
123 #define N8X0_USB_SYNC_CS		4
124 
125 #define N8X0_BD_ADDR			0x00, 0x1a, 0x89, 0x9e, 0x3e, 0x81
126 
127 static void n800_mmc_cs_cb(void *opaque, int line, int level)
128 {
129     /* TODO: this seems to actually be connected to the menelaus, to
130      * which also both MMC slots connect.  */
131     omap_mmc_enable((struct omap_mmc_s *) opaque, !level);
132 }
133 
134 static void n8x0_gpio_setup(struct n800_s *s)
135 {
136     qemu_irq *mmc_cs = qemu_allocate_irqs(n800_mmc_cs_cb, s->mpu->mmc, 1);
137     qdev_connect_gpio_out(s->mpu->gpio, N8X0_MMC_CS_GPIO, mmc_cs[0]);
138 
139     qemu_irq_lower(qdev_get_gpio_in(s->mpu->gpio, N800_BAT_COVER_GPIO));
140 }
141 
142 #define MAEMO_CAL_HEADER(...)				\
143     'C',  'o',  'n',  'F',  0x02, 0x00, 0x04, 0x00,	\
144     __VA_ARGS__,					\
145     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 
147 static const uint8_t n8x0_cal_wlan_mac[] = {
148     MAEMO_CAL_HEADER('w', 'l', 'a', 'n', '-', 'm', 'a', 'c')
149     0x1c, 0x00, 0x00, 0x00, 0x47, 0xd6, 0x69, 0xb3,
150     0x30, 0x08, 0xa0, 0x83, 0x00, 0x00, 0x00, 0x00,
151     0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00,
152     0x89, 0x00, 0x00, 0x00, 0x9e, 0x00, 0x00, 0x00,
153     0x5d, 0x00, 0x00, 0x00, 0xc1, 0x00, 0x00, 0x00,
154 };
155 
156 static const uint8_t n8x0_cal_bt_id[] = {
157     MAEMO_CAL_HEADER('b', 't', '-', 'i', 'd', 0, 0, 0)
158     0x0a, 0x00, 0x00, 0x00, 0xa3, 0x4b, 0xf6, 0x96,
159     0xa8, 0xeb, 0xb2, 0x41, 0x00, 0x00, 0x00, 0x00,
160     N8X0_BD_ADDR,
161 };
162 
163 static void n8x0_nand_setup(struct n800_s *s)
164 {
165     char *otp_region;
166     DriveInfo *dinfo;
167 
168     s->nand = qdev_create(NULL, "onenand");
169     qdev_prop_set_uint16(s->nand, "manufacturer_id", NAND_MFR_SAMSUNG);
170     /* Either 0x40 or 0x48 are OK for the device ID */
171     qdev_prop_set_uint16(s->nand, "device_id", 0x48);
172     qdev_prop_set_uint16(s->nand, "version_id", 0);
173     qdev_prop_set_int32(s->nand, "shift", 1);
174     dinfo = drive_get(IF_MTD, 0, 0);
175     if (dinfo && dinfo->bdrv) {
176         qdev_prop_set_drive_nofail(s->nand, "drive", dinfo->bdrv);
177     }
178     qdev_init_nofail(s->nand);
179     sysbus_connect_irq(SYS_BUS_DEVICE(s->nand), 0,
180                        qdev_get_gpio_in(s->mpu->gpio, N8X0_ONENAND_GPIO));
181     omap_gpmc_attach(s->mpu->gpmc, N8X0_ONENAND_CS,
182                      sysbus_mmio_get_region(SYS_BUS_DEVICE(s->nand), 0));
183     otp_region = onenand_raw_otp(s->nand);
184 
185     memcpy(otp_region + 0x000, n8x0_cal_wlan_mac, sizeof(n8x0_cal_wlan_mac));
186     memcpy(otp_region + 0x800, n8x0_cal_bt_id, sizeof(n8x0_cal_bt_id));
187     /* XXX: in theory should also update the OOB for both pages */
188 }
189 
190 static qemu_irq n8x0_system_powerdown;
191 
192 static void n8x0_powerdown_req(Notifier *n, void *opaque)
193 {
194     qemu_irq_raise(n8x0_system_powerdown);
195 }
196 
197 static Notifier n8x0_system_powerdown_notifier = {
198     .notify = n8x0_powerdown_req
199 };
200 
201 static void n8x0_i2c_setup(struct n800_s *s)
202 {
203     DeviceState *dev;
204     qemu_irq tmp_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TMP105_GPIO);
205     i2c_bus *i2c = omap_i2c_bus(s->mpu->i2c[0]);
206 
207     /* Attach a menelaus PM chip */
208     dev = i2c_create_slave(i2c, "twl92230", N8X0_MENELAUS_ADDR);
209     qdev_connect_gpio_out(dev, 3,
210                           qdev_get_gpio_in(s->mpu->ih[0],
211                                            OMAP_INT_24XX_SYS_NIRQ));
212 
213     n8x0_system_powerdown = qdev_get_gpio_in(dev, 3);
214     qemu_register_powerdown_notifier(&n8x0_system_powerdown_notifier);
215 
216     /* Attach a TMP105 PM chip (A0 wired to ground) */
217     dev = i2c_create_slave(i2c, "tmp105", N8X0_TMP105_ADDR);
218     qdev_connect_gpio_out(dev, 0, tmp_irq);
219 }
220 
221 /* Touchscreen and keypad controller */
222 static MouseTransformInfo n800_pointercal = {
223     .x = 800,
224     .y = 480,
225     .a = { 14560, -68, -3455208, -39, -9621, 35152972, 65536 },
226 };
227 
228 static MouseTransformInfo n810_pointercal = {
229     .x = 800,
230     .y = 480,
231     .a = { 15041, 148, -4731056, 171, -10238, 35933380, 65536 },
232 };
233 
234 #define RETU_KEYCODE	61	/* F3 */
235 
236 static void n800_key_event(void *opaque, int keycode)
237 {
238     struct n800_s *s = (struct n800_s *) opaque;
239     int code = s->keymap[keycode & 0x7f];
240 
241     if (code == -1) {
242         if ((keycode & 0x7f) == RETU_KEYCODE)
243             retu_key_event(s->retu, !(keycode & 0x80));
244         return;
245     }
246 
247     tsc210x_key_event(s->ts.chip, code, !(keycode & 0x80));
248 }
249 
250 static const int n800_keys[16] = {
251     -1,
252     72,	/* Up */
253     63,	/* Home (F5) */
254     -1,
255     75,	/* Left */
256     28,	/* Enter */
257     77,	/* Right */
258     -1,
259      1,	/* Cycle (ESC) */
260     80,	/* Down */
261     62,	/* Menu (F4) */
262     -1,
263     66,	/* Zoom- (F8) */
264     64,	/* FullScreen (F6) */
265     65,	/* Zoom+ (F7) */
266     -1,
267 };
268 
269 static void n800_tsc_kbd_setup(struct n800_s *s)
270 {
271     int i;
272 
273     /* XXX: are the three pins inverted inside the chip between the
274      * tsc and the cpu (N4111)?  */
275     qemu_irq penirq = NULL;	/* NC */
276     qemu_irq kbirq = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_KP_IRQ_GPIO);
277     qemu_irq dav = qdev_get_gpio_in(s->mpu->gpio, N800_TSC_TS_GPIO);
278 
279     s->ts.chip = tsc2301_init(penirq, kbirq, dav);
280     s->ts.opaque = s->ts.chip->opaque;
281     s->ts.txrx = tsc210x_txrx;
282 
283     for (i = 0; i < 0x80; i ++)
284         s->keymap[i] = -1;
285     for (i = 0; i < 0x10; i ++)
286         if (n800_keys[i] >= 0)
287             s->keymap[n800_keys[i]] = i;
288 
289     qemu_add_kbd_event_handler(n800_key_event, s);
290 
291     tsc210x_set_transform(s->ts.chip, &n800_pointercal);
292 }
293 
294 static void n810_tsc_setup(struct n800_s *s)
295 {
296     qemu_irq pintdav = qdev_get_gpio_in(s->mpu->gpio, N810_TSC_TS_GPIO);
297 
298     s->ts.opaque = tsc2005_init(pintdav);
299     s->ts.txrx = tsc2005_txrx;
300 
301     tsc2005_set_transform(s->ts.opaque, &n810_pointercal);
302 }
303 
304 /* N810 Keyboard controller */
305 static void n810_key_event(void *opaque, int keycode)
306 {
307     struct n800_s *s = (struct n800_s *) opaque;
308     int code = s->keymap[keycode & 0x7f];
309 
310     if (code == -1) {
311         if ((keycode & 0x7f) == RETU_KEYCODE)
312             retu_key_event(s->retu, !(keycode & 0x80));
313         return;
314     }
315 
316     lm832x_key_event(s->kbd, code, !(keycode & 0x80));
317 }
318 
319 #define M	0
320 
321 static int n810_keys[0x80] = {
322     [0x01] = 16,	/* Q */
323     [0x02] = 37,	/* K */
324     [0x03] = 24,	/* O */
325     [0x04] = 25,	/* P */
326     [0x05] = 14,	/* Backspace */
327     [0x06] = 30,	/* A */
328     [0x07] = 31,	/* S */
329     [0x08] = 32,	/* D */
330     [0x09] = 33,	/* F */
331     [0x0a] = 34,	/* G */
332     [0x0b] = 35,	/* H */
333     [0x0c] = 36,	/* J */
334 
335     [0x11] = 17,	/* W */
336     [0x12] = 62,	/* Menu (F4) */
337     [0x13] = 38,	/* L */
338     [0x14] = 40,	/* ' (Apostrophe) */
339     [0x16] = 44,	/* Z */
340     [0x17] = 45,	/* X */
341     [0x18] = 46,	/* C */
342     [0x19] = 47,	/* V */
343     [0x1a] = 48,	/* B */
344     [0x1b] = 49,	/* N */
345     [0x1c] = 42,	/* Shift (Left shift) */
346     [0x1f] = 65,	/* Zoom+ (F7) */
347 
348     [0x21] = 18,	/* E */
349     [0x22] = 39,	/* ; (Semicolon) */
350     [0x23] = 12,	/* - (Minus) */
351     [0x24] = 13,	/* = (Equal) */
352     [0x2b] = 56,	/* Fn (Left Alt) */
353     [0x2c] = 50,	/* M */
354     [0x2f] = 66,	/* Zoom- (F8) */
355 
356     [0x31] = 19,	/* R */
357     [0x32] = 29 | M,	/* Right Ctrl */
358     [0x34] = 57,	/* Space */
359     [0x35] = 51,	/* , (Comma) */
360     [0x37] = 72 | M,	/* Up */
361     [0x3c] = 82 | M,	/* Compose (Insert) */
362     [0x3f] = 64,	/* FullScreen (F6) */
363 
364     [0x41] = 20,	/* T */
365     [0x44] = 52,	/* . (Dot) */
366     [0x46] = 77 | M,	/* Right */
367     [0x4f] = 63,	/* Home (F5) */
368     [0x51] = 21,	/* Y */
369     [0x53] = 80 | M,	/* Down */
370     [0x55] = 28,	/* Enter */
371     [0x5f] =  1,	/* Cycle (ESC) */
372 
373     [0x61] = 22,	/* U */
374     [0x64] = 75 | M,	/* Left */
375 
376     [0x71] = 23,	/* I */
377 #if 0
378     [0x75] = 28 | M,	/* KP Enter (KP Enter) */
379 #else
380     [0x75] = 15,	/* KP Enter (Tab) */
381 #endif
382 };
383 
384 #undef M
385 
386 static void n810_kbd_setup(struct n800_s *s)
387 {
388     qemu_irq kbd_irq = qdev_get_gpio_in(s->mpu->gpio, N810_KEYBOARD_GPIO);
389     int i;
390 
391     for (i = 0; i < 0x80; i ++)
392         s->keymap[i] = -1;
393     for (i = 0; i < 0x80; i ++)
394         if (n810_keys[i] > 0)
395             s->keymap[n810_keys[i]] = i;
396 
397     qemu_add_kbd_event_handler(n810_key_event, s);
398 
399     /* Attach the LM8322 keyboard to the I2C bus,
400      * should happen in n8x0_i2c_setup and s->kbd be initialised here.  */
401     s->kbd = i2c_create_slave(omap_i2c_bus(s->mpu->i2c[0]),
402                            "lm8323", N810_LM8323_ADDR);
403     qdev_connect_gpio_out(s->kbd, 0, kbd_irq);
404 }
405 
406 /* LCD MIPI DBI-C controller (URAL) */
407 struct mipid_s {
408     int resp[4];
409     int param[4];
410     int p;
411     int pm;
412     int cmd;
413 
414     int sleep;
415     int booster;
416     int te;
417     int selfcheck;
418     int partial;
419     int normal;
420     int vscr;
421     int invert;
422     int onoff;
423     int gamma;
424     uint32_t id;
425 };
426 
427 static void mipid_reset(struct mipid_s *s)
428 {
429     s->pm = 0;
430     s->cmd = 0;
431 
432     s->sleep = 1;
433     s->booster = 0;
434     s->selfcheck =
435             (1 << 7) |	/* Register loading OK.  */
436             (1 << 5) |	/* The chip is attached.  */
437             (1 << 4);	/* Display glass still in one piece.  */
438     s->te = 0;
439     s->partial = 0;
440     s->normal = 1;
441     s->vscr = 0;
442     s->invert = 0;
443     s->onoff = 1;
444     s->gamma = 0;
445 }
446 
447 static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int len)
448 {
449     struct mipid_s *s = (struct mipid_s *) opaque;
450     uint8_t ret;
451 
452     if (len > 9)
453         hw_error("%s: FIXME: bad SPI word width %i\n", __FUNCTION__, len);
454 
455     if (s->p >= ARRAY_SIZE(s->resp))
456         ret = 0;
457     else
458         ret = s->resp[s->p ++];
459     if (s->pm --> 0)
460         s->param[s->pm] = cmd;
461     else
462         s->cmd = cmd;
463 
464     switch (s->cmd) {
465     case 0x00:	/* NOP */
466         break;
467 
468     case 0x01:	/* SWRESET */
469         mipid_reset(s);
470         break;
471 
472     case 0x02:	/* BSTROFF */
473         s->booster = 0;
474         break;
475     case 0x03:	/* BSTRON */
476         s->booster = 1;
477         break;
478 
479     case 0x04:	/* RDDID */
480         s->p = 0;
481         s->resp[0] = (s->id >> 16) & 0xff;
482         s->resp[1] = (s->id >>  8) & 0xff;
483         s->resp[2] = (s->id >>  0) & 0xff;
484         break;
485 
486     case 0x06:	/* RD_RED */
487     case 0x07:	/* RD_GREEN */
488         /* XXX the bootloader sometimes issues RD_BLUE meaning RDDID so
489          * for the bootloader one needs to change this.  */
490     case 0x08:	/* RD_BLUE */
491         s->p = 0;
492         /* TODO: return first pixel components */
493         s->resp[0] = 0x01;
494         break;
495 
496     case 0x09:	/* RDDST */
497         s->p = 0;
498         s->resp[0] = s->booster << 7;
499         s->resp[1] = (5 << 4) | (s->partial << 2) |
500                 (s->sleep << 1) | s->normal;
501         s->resp[2] = (s->vscr << 7) | (s->invert << 5) |
502                 (s->onoff << 2) | (s->te << 1) | (s->gamma >> 2);
503         s->resp[3] = s->gamma << 6;
504         break;
505 
506     case 0x0a:	/* RDDPM */
507         s->p = 0;
508         s->resp[0] = (s->onoff << 2) | (s->normal << 3) | (s->sleep << 4) |
509                 (s->partial << 5) | (s->sleep << 6) | (s->booster << 7);
510         break;
511     case 0x0b:	/* RDDMADCTR */
512         s->p = 0;
513         s->resp[0] = 0;
514         break;
515     case 0x0c:	/* RDDCOLMOD */
516         s->p = 0;
517         s->resp[0] = 5;	/* 65K colours */
518         break;
519     case 0x0d:	/* RDDIM */
520         s->p = 0;
521         s->resp[0] = (s->invert << 5) | (s->vscr << 7) | s->gamma;
522         break;
523     case 0x0e:	/* RDDSM */
524         s->p = 0;
525         s->resp[0] = s->te << 7;
526         break;
527     case 0x0f:	/* RDDSDR */
528         s->p = 0;
529         s->resp[0] = s->selfcheck;
530         break;
531 
532     case 0x10:	/* SLPIN */
533         s->sleep = 1;
534         break;
535     case 0x11:	/* SLPOUT */
536         s->sleep = 0;
537         s->selfcheck ^= 1 << 6;	/* POFF self-diagnosis Ok */
538         break;
539 
540     case 0x12:	/* PTLON */
541         s->partial = 1;
542         s->normal = 0;
543         s->vscr = 0;
544         break;
545     case 0x13:	/* NORON */
546         s->partial = 0;
547         s->normal = 1;
548         s->vscr = 0;
549         break;
550 
551     case 0x20:	/* INVOFF */
552         s->invert = 0;
553         break;
554     case 0x21:	/* INVON */
555         s->invert = 1;
556         break;
557 
558     case 0x22:	/* APOFF */
559     case 0x23:	/* APON */
560         goto bad_cmd;
561 
562     case 0x25:	/* WRCNTR */
563         if (s->pm < 0)
564             s->pm = 1;
565         goto bad_cmd;
566 
567     case 0x26:	/* GAMSET */
568         if (!s->pm)
569             s->gamma = ffs(s->param[0] & 0xf) - 1;
570         else if (s->pm < 0)
571             s->pm = 1;
572         break;
573 
574     case 0x28:	/* DISPOFF */
575         s->onoff = 0;
576         break;
577     case 0x29:	/* DISPON */
578         s->onoff = 1;
579         break;
580 
581     case 0x2a:	/* CASET */
582     case 0x2b:	/* RASET */
583     case 0x2c:	/* RAMWR */
584     case 0x2d:	/* RGBSET */
585     case 0x2e:	/* RAMRD */
586     case 0x30:	/* PTLAR */
587     case 0x33:	/* SCRLAR */
588         goto bad_cmd;
589 
590     case 0x34:	/* TEOFF */
591         s->te = 0;
592         break;
593     case 0x35:	/* TEON */
594         if (!s->pm)
595             s->te = 1;
596         else if (s->pm < 0)
597             s->pm = 1;
598         break;
599 
600     case 0x36:	/* MADCTR */
601         goto bad_cmd;
602 
603     case 0x37:	/* VSCSAD */
604         s->partial = 0;
605         s->normal = 0;
606         s->vscr = 1;
607         break;
608 
609     case 0x38:	/* IDMOFF */
610     case 0x39:	/* IDMON */
611     case 0x3a:	/* COLMOD */
612         goto bad_cmd;
613 
614     case 0xb0:	/* CLKINT / DISCTL */
615     case 0xb1:	/* CLKEXT */
616         if (s->pm < 0)
617             s->pm = 2;
618         break;
619 
620     case 0xb4:	/* FRMSEL */
621         break;
622 
623     case 0xb5:	/* FRM8SEL */
624     case 0xb6:	/* TMPRNG / INIESC */
625     case 0xb7:	/* TMPHIS / NOP2 */
626     case 0xb8:	/* TMPREAD / MADCTL */
627     case 0xba:	/* DISTCTR */
628     case 0xbb:	/* EPVOL */
629         goto bad_cmd;
630 
631     case 0xbd:	/* Unknown */
632         s->p = 0;
633         s->resp[0] = 0;
634         s->resp[1] = 1;
635         break;
636 
637     case 0xc2:	/* IFMOD */
638         if (s->pm < 0)
639             s->pm = 2;
640         break;
641 
642     case 0xc6:	/* PWRCTL */
643     case 0xc7:	/* PPWRCTL */
644     case 0xd0:	/* EPWROUT */
645     case 0xd1:	/* EPWRIN */
646     case 0xd4:	/* RDEV */
647     case 0xd5:	/* RDRR */
648         goto bad_cmd;
649 
650     case 0xda:	/* RDID1 */
651         s->p = 0;
652         s->resp[0] = (s->id >> 16) & 0xff;
653         break;
654     case 0xdb:	/* RDID2 */
655         s->p = 0;
656         s->resp[0] = (s->id >>  8) & 0xff;
657         break;
658     case 0xdc:	/* RDID3 */
659         s->p = 0;
660         s->resp[0] = (s->id >>  0) & 0xff;
661         break;
662 
663     default:
664     bad_cmd:
665         qemu_log_mask(LOG_GUEST_ERROR,
666                       "%s: unknown command %02x\n", __func__, s->cmd);
667         break;
668     }
669 
670     return ret;
671 }
672 
673 static void *mipid_init(void)
674 {
675     struct mipid_s *s = (struct mipid_s *) g_malloc0(sizeof(*s));
676 
677     s->id = 0x838f03;
678     mipid_reset(s);
679 
680     return s;
681 }
682 
683 static void n8x0_spi_setup(struct n800_s *s)
684 {
685     void *tsc = s->ts.opaque;
686     void *mipid = mipid_init();
687 
688     omap_mcspi_attach(s->mpu->mcspi[0], s->ts.txrx, tsc, 0);
689     omap_mcspi_attach(s->mpu->mcspi[0], mipid_txrx, mipid, 1);
690 }
691 
692 /* This task is normally performed by the bootloader.  If we're loading
693  * a kernel directly, we need to enable the Blizzard ourselves.  */
694 static void n800_dss_init(struct rfbi_chip_s *chip)
695 {
696     uint8_t *fb_blank;
697 
698     chip->write(chip->opaque, 0, 0x2a);		/* LCD Width register */
699     chip->write(chip->opaque, 1, 0x64);
700     chip->write(chip->opaque, 0, 0x2c);		/* LCD HNDP register */
701     chip->write(chip->opaque, 1, 0x1e);
702     chip->write(chip->opaque, 0, 0x2e);		/* LCD Height 0 register */
703     chip->write(chip->opaque, 1, 0xe0);
704     chip->write(chip->opaque, 0, 0x30);		/* LCD Height 1 register */
705     chip->write(chip->opaque, 1, 0x01);
706     chip->write(chip->opaque, 0, 0x32);		/* LCD VNDP register */
707     chip->write(chip->opaque, 1, 0x06);
708     chip->write(chip->opaque, 0, 0x68);		/* Display Mode register */
709     chip->write(chip->opaque, 1, 1);		/* Enable bit */
710 
711     chip->write(chip->opaque, 0, 0x6c);
712     chip->write(chip->opaque, 1, 0x00);		/* Input X Start Position */
713     chip->write(chip->opaque, 1, 0x00);		/* Input X Start Position */
714     chip->write(chip->opaque, 1, 0x00);		/* Input Y Start Position */
715     chip->write(chip->opaque, 1, 0x00);		/* Input Y Start Position */
716     chip->write(chip->opaque, 1, 0x1f);		/* Input X End Position */
717     chip->write(chip->opaque, 1, 0x03);		/* Input X End Position */
718     chip->write(chip->opaque, 1, 0xdf);		/* Input Y End Position */
719     chip->write(chip->opaque, 1, 0x01);		/* Input Y End Position */
720     chip->write(chip->opaque, 1, 0x00);		/* Output X Start Position */
721     chip->write(chip->opaque, 1, 0x00);		/* Output X Start Position */
722     chip->write(chip->opaque, 1, 0x00);		/* Output Y Start Position */
723     chip->write(chip->opaque, 1, 0x00);		/* Output Y Start Position */
724     chip->write(chip->opaque, 1, 0x1f);		/* Output X End Position */
725     chip->write(chip->opaque, 1, 0x03);		/* Output X End Position */
726     chip->write(chip->opaque, 1, 0xdf);		/* Output Y End Position */
727     chip->write(chip->opaque, 1, 0x01);		/* Output Y End Position */
728     chip->write(chip->opaque, 1, 0x01);		/* Input Data Format */
729     chip->write(chip->opaque, 1, 0x01);		/* Data Source Select */
730 
731     fb_blank = memset(g_malloc(800 * 480 * 2), 0xff, 800 * 480 * 2);
732     /* Display Memory Data Port */
733     chip->block(chip->opaque, 1, fb_blank, 800 * 480 * 2, 800);
734     g_free(fb_blank);
735 }
736 
737 static void n8x0_dss_setup(struct n800_s *s)
738 {
739     s->blizzard.opaque = s1d13745_init(NULL);
740     s->blizzard.block = s1d13745_write_block;
741     s->blizzard.write = s1d13745_write;
742     s->blizzard.read = s1d13745_read;
743 
744     omap_rfbi_attach(s->mpu->dss, 0, &s->blizzard);
745 }
746 
747 static void n8x0_cbus_setup(struct n800_s *s)
748 {
749     qemu_irq dat_out = qdev_get_gpio_in(s->mpu->gpio, N8X0_CBUS_DAT_GPIO);
750     qemu_irq retu_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_RETU_GPIO);
751     qemu_irq tahvo_irq = qdev_get_gpio_in(s->mpu->gpio, N8X0_TAHVO_GPIO);
752 
753     CBus *cbus = cbus_init(dat_out);
754 
755     qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_CLK_GPIO, cbus->clk);
756     qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_DAT_GPIO, cbus->dat);
757     qdev_connect_gpio_out(s->mpu->gpio, N8X0_CBUS_SEL_GPIO, cbus->sel);
758 
759     cbus_attach(cbus, s->retu = retu_init(retu_irq, 1));
760     cbus_attach(cbus, s->tahvo = tahvo_init(tahvo_irq, 1));
761 }
762 
763 static void n8x0_uart_setup(struct n800_s *s)
764 {
765     CharDriverState *radio = uart_hci_init(
766                     qdev_get_gpio_in(s->mpu->gpio, N8X0_BT_HOST_WKUP_GPIO));
767 
768     qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_RESET_GPIO,
769                     csrhci_pins_get(radio)[csrhci_pin_reset]);
770     qdev_connect_gpio_out(s->mpu->gpio, N8X0_BT_WKUP_GPIO,
771                     csrhci_pins_get(radio)[csrhci_pin_wakeup]);
772 
773     omap_uart_attach(s->mpu->uart[BT_UART], radio);
774 }
775 
776 static void n8x0_usb_setup(struct n800_s *s)
777 {
778     SysBusDevice *dev;
779     s->usb = qdev_create(NULL, "tusb6010");
780     dev = SYS_BUS_DEVICE(s->usb);
781     qdev_init_nofail(s->usb);
782     sysbus_connect_irq(dev, 0,
783                        qdev_get_gpio_in(s->mpu->gpio, N8X0_TUSB_INT_GPIO));
784     /* Using the NOR interface */
785     omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_ASYNC_CS,
786                      sysbus_mmio_get_region(dev, 0));
787     omap_gpmc_attach(s->mpu->gpmc, N8X0_USB_SYNC_CS,
788                      sysbus_mmio_get_region(dev, 1));
789     qdev_connect_gpio_out(s->mpu->gpio, N8X0_TUSB_ENABLE_GPIO,
790                           qdev_get_gpio_in(s->usb, 0)); /* tusb_pwr */
791 }
792 
793 /* Setup done before the main bootloader starts by some early setup code
794  * - used when we want to run the main bootloader in emulation.  This
795  * isn't documented.  */
796 static uint32_t n800_pinout[104] = {
797     0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
798     0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
799     0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
800     0x080800bc, 0x00cc0808, 0x08081818, 0x18180128,
801     0x01241800, 0x18181818, 0x000000f0, 0x01300000,
802     0x00001b0b, 0x1b0f0138, 0x00e0181b, 0x1b031b0b,
803     0x180f0078, 0x00740018, 0x0f0f0f1a, 0x00000080,
804     0x007c0000, 0x00000000, 0x00000088, 0x00840000,
805     0x00000000, 0x00000094, 0x00980300, 0x0f180003,
806     0x0000008c, 0x00900f0f, 0x0f0f1b00, 0x0f00009c,
807     0x01140000, 0x1b1b0f18, 0x0818013c, 0x01400008,
808     0x00001818, 0x000b0110, 0x010c1800, 0x0b030b0f,
809     0x181800f4, 0x00f81818, 0x00000018, 0x000000fc,
810     0x00401808, 0x00000000, 0x0f1b0030, 0x003c0008,
811     0x00000000, 0x00000038, 0x00340000, 0x00000000,
812     0x1a080070, 0x00641a1a, 0x08080808, 0x08080060,
813     0x005c0808, 0x08080808, 0x08080058, 0x00540808,
814     0x08080808, 0x0808006c, 0x00680808, 0x08080808,
815     0x000000a8, 0x00b00000, 0x08080808, 0x000000a0,
816     0x00a40000, 0x00000000, 0x08ff0050, 0x004c0808,
817     0xffffffff, 0xffff0048, 0x0044ffff, 0xffffffff,
818     0x000000ac, 0x01040800, 0x08080b0f, 0x18180100,
819     0x01081818, 0x0b0b1808, 0x1a0300e4, 0x012c0b1a,
820     0x02020018, 0x0b000134, 0x011c0800, 0x0b1b1b00,
821     0x0f0000c8, 0x00ec181b, 0x000f0f02, 0x00180118,
822     0x01200000, 0x0f0b1b1b, 0x0f0200e8, 0x0000020b,
823 };
824 
825 static void n800_setup_nolo_tags(void *sram_base)
826 {
827     int i;
828     uint32_t *p = sram_base + 0x8000;
829     uint32_t *v = sram_base + 0xa000;
830 
831     memset(p, 0, 0x3000);
832 
833     strcpy((void *) (p + 0), "QEMU N800");
834 
835     strcpy((void *) (p + 8), "F5");
836 
837     stl_raw(p + 10, 0x04f70000);
838     strcpy((void *) (p + 9), "RX-34");
839 
840     /* RAM size in MB? */
841     stl_raw(p + 12, 0x80);
842 
843     /* Pointer to the list of tags */
844     stl_raw(p + 13, OMAP2_SRAM_BASE + 0x9000);
845 
846     /* The NOLO tags start here */
847     p = sram_base + 0x9000;
848 #define ADD_TAG(tag, len)				\
849     stw_raw((uint16_t *) p + 0, tag);			\
850     stw_raw((uint16_t *) p + 1, len); p ++;		\
851     stl_raw(p ++, OMAP2_SRAM_BASE | (((void *) v - sram_base) & 0xffff));
852 
853     /* OMAP STI console? Pin out settings? */
854     ADD_TAG(0x6e01, 414);
855     for (i = 0; i < ARRAY_SIZE(n800_pinout); i ++)
856         stl_raw(v ++, n800_pinout[i]);
857 
858     /* Kernel memsize? */
859     ADD_TAG(0x6e05, 1);
860     stl_raw(v ++, 2);
861 
862     /* NOLO serial console */
863     ADD_TAG(0x6e02, 4);
864     stl_raw(v ++, XLDR_LL_UART);	/* UART number (1 - 3) */
865 
866 #if 0
867     /* CBUS settings (Retu/AVilma) */
868     ADD_TAG(0x6e03, 6);
869     stw_raw((uint16_t *) v + 0, 65);	/* CBUS GPIO0 */
870     stw_raw((uint16_t *) v + 1, 66);	/* CBUS GPIO1 */
871     stw_raw((uint16_t *) v + 2, 64);	/* CBUS GPIO2 */
872     v += 2;
873 #endif
874 
875     /* Nokia ASIC BB5 (Retu/Tahvo) */
876     ADD_TAG(0x6e0a, 4);
877     stw_raw((uint16_t *) v + 0, 111);	/* "Retu" interrupt GPIO */
878     stw_raw((uint16_t *) v + 1, 108);	/* "Tahvo" interrupt GPIO */
879     v ++;
880 
881     /* LCD console? */
882     ADD_TAG(0x6e04, 4);
883     stw_raw((uint16_t *) v + 0, 30);	/* ??? */
884     stw_raw((uint16_t *) v + 1, 24);	/* ??? */
885     v ++;
886 
887 #if 0
888     /* LCD settings */
889     ADD_TAG(0x6e06, 2);
890     stw_raw((uint16_t *) (v ++), 15);	/* ??? */
891 #endif
892 
893     /* I^2C (Menelaus) */
894     ADD_TAG(0x6e07, 4);
895     stl_raw(v ++, 0x00720000);		/* ??? */
896 
897     /* Unknown */
898     ADD_TAG(0x6e0b, 6);
899     stw_raw((uint16_t *) v + 0, 94);	/* ??? */
900     stw_raw((uint16_t *) v + 1, 23);	/* ??? */
901     stw_raw((uint16_t *) v + 2, 0);	/* ??? */
902     v += 2;
903 
904     /* OMAP gpio switch info */
905     ADD_TAG(0x6e0c, 80);
906     strcpy((void *) v, "bat_cover");	v += 3;
907     stw_raw((uint16_t *) v + 0, 110);	/* GPIO num ??? */
908     stw_raw((uint16_t *) v + 1, 1);	/* GPIO num ??? */
909     v += 2;
910     strcpy((void *) v, "cam_act");	v += 3;
911     stw_raw((uint16_t *) v + 0, 95);	/* GPIO num ??? */
912     stw_raw((uint16_t *) v + 1, 32);	/* GPIO num ??? */
913     v += 2;
914     strcpy((void *) v, "cam_turn");	v += 3;
915     stw_raw((uint16_t *) v + 0, 12);	/* GPIO num ??? */
916     stw_raw((uint16_t *) v + 1, 33);	/* GPIO num ??? */
917     v += 2;
918     strcpy((void *) v, "headphone");	v += 3;
919     stw_raw((uint16_t *) v + 0, 107);	/* GPIO num ??? */
920     stw_raw((uint16_t *) v + 1, 17);	/* GPIO num ??? */
921     v += 2;
922 
923     /* Bluetooth */
924     ADD_TAG(0x6e0e, 12);
925     stl_raw(v ++, 0x5c623d01);		/* ??? */
926     stl_raw(v ++, 0x00000201);		/* ??? */
927     stl_raw(v ++, 0x00000000);		/* ??? */
928 
929     /* CX3110x WLAN settings */
930     ADD_TAG(0x6e0f, 8);
931     stl_raw(v ++, 0x00610025);		/* ??? */
932     stl_raw(v ++, 0xffff0057);		/* ??? */
933 
934     /* MMC host settings */
935     ADD_TAG(0x6e10, 12);
936     stl_raw(v ++, 0xffff000f);		/* ??? */
937     stl_raw(v ++, 0xffffffff);		/* ??? */
938     stl_raw(v ++, 0x00000060);		/* ??? */
939 
940     /* OneNAND chip select */
941     ADD_TAG(0x6e11, 10);
942     stl_raw(v ++, 0x00000401);		/* ??? */
943     stl_raw(v ++, 0x0002003a);		/* ??? */
944     stl_raw(v ++, 0x00000002);		/* ??? */
945 
946     /* TEA5761 sensor settings */
947     ADD_TAG(0x6e12, 2);
948     stl_raw(v ++, 93);			/* GPIO num ??? */
949 
950 #if 0
951     /* Unknown tag */
952     ADD_TAG(6e09, 0);
953 
954     /* Kernel UART / console */
955     ADD_TAG(6e12, 0);
956 #endif
957 
958     /* End of the list */
959     stl_raw(p ++, 0x00000000);
960     stl_raw(p ++, 0x00000000);
961 }
962 
963 /* This task is normally performed by the bootloader.  If we're loading
964  * a kernel directly, we need to set up GPMC mappings ourselves.  */
965 static void n800_gpmc_init(struct n800_s *s)
966 {
967     uint32_t config7 =
968             (0xf << 8) |	/* MASKADDRESS */
969             (1 << 6) |		/* CSVALID */
970             (4 << 0);		/* BASEADDRESS */
971 
972     cpu_physical_memory_write(0x6800a078,		/* GPMC_CONFIG7_0 */
973                               &config7, sizeof(config7));
974 }
975 
976 /* Setup sequence done by the bootloader */
977 static void n8x0_boot_init(void *opaque)
978 {
979     struct n800_s *s = (struct n800_s *) opaque;
980     uint32_t buf;
981 
982     /* PRCM setup */
983 #define omap_writel(addr, val)	\
984     buf = (val);			\
985     cpu_physical_memory_write(addr, &buf, sizeof(buf))
986 
987     omap_writel(0x48008060, 0x41);		/* PRCM_CLKSRC_CTRL */
988     omap_writel(0x48008070, 1);			/* PRCM_CLKOUT_CTRL */
989     omap_writel(0x48008078, 0);			/* PRCM_CLKEMUL_CTRL */
990     omap_writel(0x48008090, 0);			/* PRCM_VOLTSETUP */
991     omap_writel(0x48008094, 0);			/* PRCM_CLKSSETUP */
992     omap_writel(0x48008098, 0);			/* PRCM_POLCTRL */
993     omap_writel(0x48008140, 2);			/* CM_CLKSEL_MPU */
994     omap_writel(0x48008148, 0);			/* CM_CLKSTCTRL_MPU */
995     omap_writel(0x48008158, 1);			/* RM_RSTST_MPU */
996     omap_writel(0x480081c8, 0x15);		/* PM_WKDEP_MPU */
997     omap_writel(0x480081d4, 0x1d4);		/* PM_EVGENCTRL_MPU */
998     omap_writel(0x480081d8, 0);			/* PM_EVEGENONTIM_MPU */
999     omap_writel(0x480081dc, 0);			/* PM_EVEGENOFFTIM_MPU */
1000     omap_writel(0x480081e0, 0xc);		/* PM_PWSTCTRL_MPU */
1001     omap_writel(0x48008200, 0x047e7ff7);	/* CM_FCLKEN1_CORE */
1002     omap_writel(0x48008204, 0x00000004);	/* CM_FCLKEN2_CORE */
1003     omap_writel(0x48008210, 0x047e7ff1);	/* CM_ICLKEN1_CORE */
1004     omap_writel(0x48008214, 0x00000004);	/* CM_ICLKEN2_CORE */
1005     omap_writel(0x4800821c, 0x00000000);	/* CM_ICLKEN4_CORE */
1006     omap_writel(0x48008230, 0);			/* CM_AUTOIDLE1_CORE */
1007     omap_writel(0x48008234, 0);			/* CM_AUTOIDLE2_CORE */
1008     omap_writel(0x48008238, 7);			/* CM_AUTOIDLE3_CORE */
1009     omap_writel(0x4800823c, 0);			/* CM_AUTOIDLE4_CORE */
1010     omap_writel(0x48008240, 0x04360626);	/* CM_CLKSEL1_CORE */
1011     omap_writel(0x48008244, 0x00000014);	/* CM_CLKSEL2_CORE */
1012     omap_writel(0x48008248, 0);			/* CM_CLKSTCTRL_CORE */
1013     omap_writel(0x48008300, 0x00000000);	/* CM_FCLKEN_GFX */
1014     omap_writel(0x48008310, 0x00000000);	/* CM_ICLKEN_GFX */
1015     omap_writel(0x48008340, 0x00000001);	/* CM_CLKSEL_GFX */
1016     omap_writel(0x48008400, 0x00000004);	/* CM_FCLKEN_WKUP */
1017     omap_writel(0x48008410, 0x00000004);	/* CM_ICLKEN_WKUP */
1018     omap_writel(0x48008440, 0x00000000);	/* CM_CLKSEL_WKUP */
1019     omap_writel(0x48008500, 0x000000cf);	/* CM_CLKEN_PLL */
1020     omap_writel(0x48008530, 0x0000000c);	/* CM_AUTOIDLE_PLL */
1021     omap_writel(0x48008540,			/* CM_CLKSEL1_PLL */
1022                     (0x78 << 12) | (6 << 8));
1023     omap_writel(0x48008544, 2);			/* CM_CLKSEL2_PLL */
1024 
1025     /* GPMC setup */
1026     n800_gpmc_init(s);
1027 
1028     /* Video setup */
1029     n800_dss_init(&s->blizzard);
1030 
1031     /* CPU setup */
1032     s->mpu->cpu->env.GE = 0x5;
1033 
1034     /* If the machine has a slided keyboard, open it */
1035     if (s->kbd)
1036         qemu_irq_raise(qdev_get_gpio_in(s->mpu->gpio, N810_SLIDE_GPIO));
1037 }
1038 
1039 #define OMAP_TAG_NOKIA_BT	0x4e01
1040 #define OMAP_TAG_WLAN_CX3110X	0x4e02
1041 #define OMAP_TAG_CBUS		0x4e03
1042 #define OMAP_TAG_EM_ASIC_BB5	0x4e04
1043 
1044 static struct omap_gpiosw_info_s {
1045     const char *name;
1046     int line;
1047     int type;
1048 } n800_gpiosw_info[] = {
1049     {
1050         "bat_cover", N800_BAT_COVER_GPIO,
1051         OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
1052     }, {
1053         "cam_act", N800_CAM_ACT_GPIO,
1054         OMAP_GPIOSW_TYPE_ACTIVITY,
1055     }, {
1056         "cam_turn", N800_CAM_TURN_GPIO,
1057         OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED,
1058     }, {
1059         "headphone", N8X0_HEADPHONE_GPIO,
1060         OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
1061     },
1062     { NULL }
1063 }, n810_gpiosw_info[] = {
1064     {
1065         "gps_reset", N810_GPS_RESET_GPIO,
1066         OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
1067     }, {
1068         "gps_wakeup", N810_GPS_WAKEUP_GPIO,
1069         OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_OUTPUT,
1070     }, {
1071         "headphone", N8X0_HEADPHONE_GPIO,
1072         OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
1073     }, {
1074         "kb_lock", N810_KB_LOCK_GPIO,
1075         OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
1076     }, {
1077         "sleepx_led", N810_SLEEPX_LED_GPIO,
1078         OMAP_GPIOSW_TYPE_ACTIVITY | OMAP_GPIOSW_INVERTED | OMAP_GPIOSW_OUTPUT,
1079     }, {
1080         "slide", N810_SLIDE_GPIO,
1081         OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
1082     },
1083     { NULL }
1084 };
1085 
1086 static struct omap_partition_info_s {
1087     uint32_t offset;
1088     uint32_t size;
1089     int mask;
1090     const char *name;
1091 } n800_part_info[] = {
1092     { 0x00000000, 0x00020000, 0x3, "bootloader" },
1093     { 0x00020000, 0x00060000, 0x0, "config" },
1094     { 0x00080000, 0x00200000, 0x0, "kernel" },
1095     { 0x00280000, 0x00200000, 0x3, "initfs" },
1096     { 0x00480000, 0x0fb80000, 0x3, "rootfs" },
1097 
1098     { 0, 0, 0, NULL }
1099 }, n810_part_info[] = {
1100     { 0x00000000, 0x00020000, 0x3, "bootloader" },
1101     { 0x00020000, 0x00060000, 0x0, "config" },
1102     { 0x00080000, 0x00220000, 0x0, "kernel" },
1103     { 0x002a0000, 0x00400000, 0x0, "initfs" },
1104     { 0x006a0000, 0x0f960000, 0x0, "rootfs" },
1105 
1106     { 0, 0, 0, NULL }
1107 };
1108 
1109 static bdaddr_t n8x0_bd_addr = {{ N8X0_BD_ADDR }};
1110 
1111 static int n8x0_atag_setup(void *p, int model)
1112 {
1113     uint8_t *b;
1114     uint16_t *w;
1115     uint32_t *l;
1116     struct omap_gpiosw_info_s *gpiosw;
1117     struct omap_partition_info_s *partition;
1118     const char *tag;
1119 
1120     w = p;
1121 
1122     stw_raw(w ++, OMAP_TAG_UART);		/* u16 tag */
1123     stw_raw(w ++, 4);				/* u16 len */
1124     stw_raw(w ++, (1 << 2) | (1 << 1) | (1 << 0)); /* uint enabled_uarts */
1125     w ++;
1126 
1127 #if 0
1128     stw_raw(w ++, OMAP_TAG_SERIAL_CONSOLE);	/* u16 tag */
1129     stw_raw(w ++, 4);				/* u16 len */
1130     stw_raw(w ++, XLDR_LL_UART + 1);		/* u8 console_uart */
1131     stw_raw(w ++, 115200);			/* u32 console_speed */
1132 #endif
1133 
1134     stw_raw(w ++, OMAP_TAG_LCD);		/* u16 tag */
1135     stw_raw(w ++, 36);				/* u16 len */
1136     strcpy((void *) w, "QEMU LCD panel");	/* char panel_name[16] */
1137     w += 8;
1138     strcpy((void *) w, "blizzard");		/* char ctrl_name[16] */
1139     w += 8;
1140     stw_raw(w ++, N810_BLIZZARD_RESET_GPIO);	/* TODO: n800 s16 nreset_gpio */
1141     stw_raw(w ++, 24);				/* u8 data_lines */
1142 
1143     stw_raw(w ++, OMAP_TAG_CBUS);		/* u16 tag */
1144     stw_raw(w ++, 8);				/* u16 len */
1145     stw_raw(w ++, N8X0_CBUS_CLK_GPIO);		/* s16 clk_gpio */
1146     stw_raw(w ++, N8X0_CBUS_DAT_GPIO);		/* s16 dat_gpio */
1147     stw_raw(w ++, N8X0_CBUS_SEL_GPIO);		/* s16 sel_gpio */
1148     w ++;
1149 
1150     stw_raw(w ++, OMAP_TAG_EM_ASIC_BB5);	/* u16 tag */
1151     stw_raw(w ++, 4);				/* u16 len */
1152     stw_raw(w ++, N8X0_RETU_GPIO);		/* s16 retu_irq_gpio */
1153     stw_raw(w ++, N8X0_TAHVO_GPIO);		/* s16 tahvo_irq_gpio */
1154 
1155     gpiosw = (model == 810) ? n810_gpiosw_info : n800_gpiosw_info;
1156     for (; gpiosw->name; gpiosw ++) {
1157         stw_raw(w ++, OMAP_TAG_GPIO_SWITCH);	/* u16 tag */
1158         stw_raw(w ++, 20);			/* u16 len */
1159         strcpy((void *) w, gpiosw->name);	/* char name[12] */
1160         w += 6;
1161         stw_raw(w ++, gpiosw->line);		/* u16 gpio */
1162         stw_raw(w ++, gpiosw->type);
1163         stw_raw(w ++, 0);
1164         stw_raw(w ++, 0);
1165     }
1166 
1167     stw_raw(w ++, OMAP_TAG_NOKIA_BT);		/* u16 tag */
1168     stw_raw(w ++, 12);				/* u16 len */
1169     b = (void *) w;
1170     stb_raw(b ++, 0x01);			/* u8 chip_type	(CSR) */
1171     stb_raw(b ++, N8X0_BT_WKUP_GPIO);		/* u8 bt_wakeup_gpio */
1172     stb_raw(b ++, N8X0_BT_HOST_WKUP_GPIO);	/* u8 host_wakeup_gpio */
1173     stb_raw(b ++, N8X0_BT_RESET_GPIO);		/* u8 reset_gpio */
1174     stb_raw(b ++, BT_UART + 1);			/* u8 bt_uart */
1175     memcpy(b, &n8x0_bd_addr, 6);		/* u8 bd_addr[6] */
1176     b += 6;
1177     stb_raw(b ++, 0x02);			/* u8 bt_sysclk (38.4) */
1178     w = (void *) b;
1179 
1180     stw_raw(w ++, OMAP_TAG_WLAN_CX3110X);	/* u16 tag */
1181     stw_raw(w ++, 8);				/* u16 len */
1182     stw_raw(w ++, 0x25);			/* u8 chip_type */
1183     stw_raw(w ++, N8X0_WLAN_PWR_GPIO);		/* s16 power_gpio */
1184     stw_raw(w ++, N8X0_WLAN_IRQ_GPIO);		/* s16 irq_gpio */
1185     stw_raw(w ++, -1);				/* s16 spi_cs_gpio */
1186 
1187     stw_raw(w ++, OMAP_TAG_MMC);		/* u16 tag */
1188     stw_raw(w ++, 16);				/* u16 len */
1189     if (model == 810) {
1190         stw_raw(w ++, 0x23f);			/* unsigned flags */
1191         stw_raw(w ++, -1);			/* s16 power_pin */
1192         stw_raw(w ++, -1);			/* s16 switch_pin */
1193         stw_raw(w ++, -1);			/* s16 wp_pin */
1194         stw_raw(w ++, 0x240);			/* unsigned flags */
1195         stw_raw(w ++, 0xc000);			/* s16 power_pin */
1196         stw_raw(w ++, 0x0248);			/* s16 switch_pin */
1197         stw_raw(w ++, 0xc000);			/* s16 wp_pin */
1198     } else {
1199         stw_raw(w ++, 0xf);			/* unsigned flags */
1200         stw_raw(w ++, -1);			/* s16 power_pin */
1201         stw_raw(w ++, -1);			/* s16 switch_pin */
1202         stw_raw(w ++, -1);			/* s16 wp_pin */
1203         stw_raw(w ++, 0);			/* unsigned flags */
1204         stw_raw(w ++, 0);			/* s16 power_pin */
1205         stw_raw(w ++, 0);			/* s16 switch_pin */
1206         stw_raw(w ++, 0);			/* s16 wp_pin */
1207     }
1208 
1209     stw_raw(w ++, OMAP_TAG_TEA5761);		/* u16 tag */
1210     stw_raw(w ++, 4);				/* u16 len */
1211     stw_raw(w ++, N8X0_TEA5761_CS_GPIO);	/* u16 enable_gpio */
1212     w ++;
1213 
1214     partition = (model == 810) ? n810_part_info : n800_part_info;
1215     for (; partition->name; partition ++) {
1216         stw_raw(w ++, OMAP_TAG_PARTITION);	/* u16 tag */
1217         stw_raw(w ++, 28);			/* u16 len */
1218         strcpy((void *) w, partition->name);	/* char name[16] */
1219         l = (void *) (w + 8);
1220         stl_raw(l ++, partition->size);		/* unsigned int size */
1221         stl_raw(l ++, partition->offset);	/* unsigned int offset */
1222         stl_raw(l ++, partition->mask);		/* unsigned int mask_flags */
1223         w = (void *) l;
1224     }
1225 
1226     stw_raw(w ++, OMAP_TAG_BOOT_REASON);	/* u16 tag */
1227     stw_raw(w ++, 12);				/* u16 len */
1228 #if 0
1229     strcpy((void *) w, "por");			/* char reason_str[12] */
1230     strcpy((void *) w, "charger");		/* char reason_str[12] */
1231     strcpy((void *) w, "32wd_to");		/* char reason_str[12] */
1232     strcpy((void *) w, "sw_rst");		/* char reason_str[12] */
1233     strcpy((void *) w, "mbus");			/* char reason_str[12] */
1234     strcpy((void *) w, "unknown");		/* char reason_str[12] */
1235     strcpy((void *) w, "swdg_to");		/* char reason_str[12] */
1236     strcpy((void *) w, "sec_vio");		/* char reason_str[12] */
1237     strcpy((void *) w, "pwr_key");		/* char reason_str[12] */
1238     strcpy((void *) w, "rtc_alarm");		/* char reason_str[12] */
1239 #else
1240     strcpy((void *) w, "pwr_key");		/* char reason_str[12] */
1241 #endif
1242     w += 6;
1243 
1244     tag = (model == 810) ? "RX-44" : "RX-34";
1245     stw_raw(w ++, OMAP_TAG_VERSION_STR);	/* u16 tag */
1246     stw_raw(w ++, 24);				/* u16 len */
1247     strcpy((void *) w, "product");		/* char component[12] */
1248     w += 6;
1249     strcpy((void *) w, tag);			/* char version[12] */
1250     w += 6;
1251 
1252     stw_raw(w ++, OMAP_TAG_VERSION_STR);	/* u16 tag */
1253     stw_raw(w ++, 24);				/* u16 len */
1254     strcpy((void *) w, "hw-build");		/* char component[12] */
1255     w += 6;
1256     strcpy((void *) w, "QEMU ");
1257     pstrcat((void *) w, 12, qemu_get_version()); /* char version[12] */
1258     w += 6;
1259 
1260     tag = (model == 810) ? "1.1.10-qemu" : "1.1.6-qemu";
1261     stw_raw(w ++, OMAP_TAG_VERSION_STR);	/* u16 tag */
1262     stw_raw(w ++, 24);				/* u16 len */
1263     strcpy((void *) w, "nolo");			/* char component[12] */
1264     w += 6;
1265     strcpy((void *) w, tag);			/* char version[12] */
1266     w += 6;
1267 
1268     return (void *) w - p;
1269 }
1270 
1271 static int n800_atag_setup(const struct arm_boot_info *info, void *p)
1272 {
1273     return n8x0_atag_setup(p, 800);
1274 }
1275 
1276 static int n810_atag_setup(const struct arm_boot_info *info, void *p)
1277 {
1278     return n8x0_atag_setup(p, 810);
1279 }
1280 
1281 static void n8x0_init(QEMUMachineInitArgs *args,
1282                       struct arm_boot_info *binfo, int model)
1283 {
1284     MemoryRegion *sysmem = get_system_memory();
1285     struct n800_s *s = (struct n800_s *) g_malloc0(sizeof(*s));
1286     int sdram_size = binfo->ram_size;
1287 
1288     s->mpu = omap2420_mpu_init(sysmem, sdram_size, args->cpu_model);
1289 
1290     /* Setup peripherals
1291      *
1292      * Believed external peripherals layout in the N810:
1293      * (spi bus 1)
1294      *   tsc2005
1295      *   lcd_mipid
1296      * (spi bus 2)
1297      *   Conexant cx3110x (WLAN)
1298      *   optional: pc2400m (WiMAX)
1299      * (i2c bus 0)
1300      *   TLV320AIC33 (audio codec)
1301      *   TCM825x (camera by Toshiba)
1302      *   lp5521 (clever LEDs)
1303      *   tsl2563 (light sensor, hwmon, model 7, rev. 0)
1304      *   lm8323 (keypad, manf 00, rev 04)
1305      * (i2c bus 1)
1306      *   tmp105 (temperature sensor, hwmon)
1307      *   menelaus (pm)
1308      * (somewhere on i2c - maybe N800-only)
1309      *   tea5761 (FM tuner)
1310      * (serial 0)
1311      *   GPS
1312      * (some serial port)
1313      *   csr41814 (Bluetooth)
1314      */
1315     n8x0_gpio_setup(s);
1316     n8x0_nand_setup(s);
1317     n8x0_i2c_setup(s);
1318     if (model == 800)
1319         n800_tsc_kbd_setup(s);
1320     else if (model == 810) {
1321         n810_tsc_setup(s);
1322         n810_kbd_setup(s);
1323     }
1324     n8x0_spi_setup(s);
1325     n8x0_dss_setup(s);
1326     n8x0_cbus_setup(s);
1327     n8x0_uart_setup(s);
1328     if (usb_enabled(false)) {
1329         n8x0_usb_setup(s);
1330     }
1331 
1332     if (args->kernel_filename) {
1333         /* Or at the linux loader.  */
1334         binfo->kernel_filename = args->kernel_filename;
1335         binfo->kernel_cmdline = args->kernel_cmdline;
1336         binfo->initrd_filename = args->initrd_filename;
1337         arm_load_kernel(s->mpu->cpu, binfo);
1338 
1339         qemu_register_reset(n8x0_boot_init, s);
1340     }
1341 
1342     if (option_rom[0].name &&
1343         (args->boot_order[0] == 'n' || !args->kernel_filename)) {
1344         uint8_t nolo_tags[0x10000];
1345         /* No, wait, better start at the ROM.  */
1346         s->mpu->cpu->env.regs[15] = OMAP2_Q2_BASE + 0x400000;
1347 
1348         /* This is intended for loading the `secondary.bin' program from
1349          * Nokia images (the NOLO bootloader).  The entry point seems
1350          * to be at OMAP2_Q2_BASE + 0x400000.
1351          *
1352          * The `2nd.bin' files contain some kind of earlier boot code and
1353          * for them the entry point needs to be set to OMAP2_SRAM_BASE.
1354          *
1355          * The code above is for loading the `zImage' file from Nokia
1356          * images.  */
1357         load_image_targphys(option_rom[0].name,
1358                             OMAP2_Q2_BASE + 0x400000,
1359                             sdram_size - 0x400000);
1360 
1361         n800_setup_nolo_tags(nolo_tags);
1362         cpu_physical_memory_write(OMAP2_SRAM_BASE, nolo_tags, 0x10000);
1363     }
1364 }
1365 
1366 static struct arm_boot_info n800_binfo = {
1367     .loader_start = OMAP2_Q2_BASE,
1368     /* Actually two chips of 0x4000000 bytes each */
1369     .ram_size = 0x08000000,
1370     .board_id = 0x4f7,
1371     .atag_board = n800_atag_setup,
1372 };
1373 
1374 static struct arm_boot_info n810_binfo = {
1375     .loader_start = OMAP2_Q2_BASE,
1376     /* Actually two chips of 0x4000000 bytes each */
1377     .ram_size = 0x08000000,
1378     /* 0x60c and 0x6bf (WiMAX Edition) have been assigned but are not
1379      * used by some older versions of the bootloader and 5555 is used
1380      * instead (including versions that shipped with many devices).  */
1381     .board_id = 0x60c,
1382     .atag_board = n810_atag_setup,
1383 };
1384 
1385 static void n800_init(QEMUMachineInitArgs *args)
1386 {
1387     return n8x0_init(args, &n800_binfo, 800);
1388 }
1389 
1390 static void n810_init(QEMUMachineInitArgs *args)
1391 {
1392     return n8x0_init(args, &n810_binfo, 810);
1393 }
1394 
1395 static QEMUMachine n800_machine = {
1396     .name = "n800",
1397     .desc = "Nokia N800 tablet aka. RX-34 (OMAP2420)",
1398     .init = n800_init,
1399     .default_boot_order = "",
1400 };
1401 
1402 static QEMUMachine n810_machine = {
1403     .name = "n810",
1404     .desc = "Nokia N810 tablet aka. RX-44 (OMAP2420)",
1405     .init = n810_init,
1406     .default_boot_order = "",
1407 };
1408 
1409 static void nseries_machine_init(void)
1410 {
1411     qemu_register_machine(&n800_machine);
1412     qemu_register_machine(&n810_machine);
1413 }
1414 
1415 machine_init(nseries_machine_init);
1416