1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Bluetooth support for Intel devices
6 * Copyright (C) 2015 Intel Corporation
9 #include <linux/module.h>
10 #include <linux/firmware.h>
11 #include <linux/regmap.h>
12 #include <linux/acpi.h>
13 #include <asm/unaligned.h>
15 #include <net/bluetooth/bluetooth.h>
16 #include <net/bluetooth/hci_core.h>
22 #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
23 #define RSA_HEADER_LEN 644
24 #define CSS_HEADER_OFFSET 8
25 #define ECDSA_OFFSET 644
26 #define ECDSA_HEADER_LEN 320
28 #define BTINTEL_PPAG_NAME "PPAG"
29 #define BTINTEL_PPAG_PREFIX "\\_SB_.PCI0.XHCI.RHUB"
31 #define CMD_WRITE_BOOT_PARAMS 0xfc0e
32 struct cmd_write_boot_params {
39 int btintel_check_bdaddr(struct hci_dev *hdev)
41 struct hci_rp_read_bd_addr *bda;
44 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
47 int err = PTR_ERR(skb);
48 bt_dev_err(hdev, "Reading Intel device address failed (%d)",
53 if (skb->len != sizeof(*bda)) {
54 bt_dev_err(hdev, "Intel device address length mismatch");
59 bda = (struct hci_rp_read_bd_addr *)skb->data;
61 /* For some Intel based controllers, the default Bluetooth device
62 * address 00:03:19:9E:8B:00 can be found. These controllers are
63 * fully operational, but have the danger of duplicate addresses
64 * and that in turn can cause problems with Bluetooth operation.
66 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
67 bt_dev_err(hdev, "Found Intel default device address (%pMR)",
69 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
76 EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
78 int btintel_enter_mfg(struct hci_dev *hdev)
80 static const u8 param[] = { 0x01, 0x00 };
83 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
85 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
93 EXPORT_SYMBOL_GPL(btintel_enter_mfg);
95 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
97 u8 param[] = { 0x00, 0x00 };
100 /* The 2nd command parameter specifies the manufacturing exit method:
101 * 0x00: Just disable the manufacturing mode (0x00).
102 * 0x01: Disable manufacturing mode and reset with patches deactivated.
103 * 0x02: Disable manufacturing mode and reset with patches activated.
106 param[1] |= patched ? 0x02 : 0x01;
108 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
110 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
118 EXPORT_SYMBOL_GPL(btintel_exit_mfg);
120 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
125 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
128 bt_dev_err(hdev, "Changing Intel device address failed (%d)",
136 EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
138 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
140 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
147 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
150 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err);
158 int btintel_set_diag(struct hci_dev *hdev, bool enable)
174 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
179 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)",
186 btintel_set_event_mask(hdev, enable);
189 EXPORT_SYMBOL_GPL(btintel_set_diag);
191 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
195 err = btintel_enter_mfg(hdev);
199 ret = btintel_set_diag(hdev, enable);
201 err = btintel_exit_mfg(hdev, false, false);
208 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable)
212 /* Legacy ROM device needs to be in the manufacturer mode to apply
215 * This flag is set after reading the Intel version.
217 if (btintel_test_flag(hdev, INTEL_ROM_LEGACY))
218 ret = btintel_set_diag_mfg(hdev, enable);
220 ret = btintel_set_diag(hdev, enable);
225 static void btintel_hw_error(struct hci_dev *hdev, u8 code)
230 bt_dev_err(hdev, "Hardware error 0x%2.2x", code);
232 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
234 bt_dev_err(hdev, "Reset after hardware error failed (%ld)",
240 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
242 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)",
247 if (skb->len != 13) {
248 bt_dev_err(hdev, "Exception info size mismatch");
253 bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1));
258 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
262 /* The hardware platform number has a fixed value of 0x37 and
263 * for now only accept this single value.
265 if (ver->hw_platform != 0x37) {
266 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
271 /* Check for supported iBT hardware variants of this firmware
274 * This check has been put in place to ensure correct forward
275 * compatibility options when newer hardware variants come along.
277 switch (ver->hw_variant) {
278 case 0x07: /* WP - Legacy ROM */
279 case 0x08: /* StP - Legacy ROM */
288 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
293 switch (ver->fw_variant) {
295 variant = "Legacy ROM 2.5";
298 variant = "Bootloader";
301 variant = "Legacy ROM 2.x";
304 variant = "Firmware";
307 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant);
311 bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u",
312 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
313 ver->fw_build_num, ver->fw_build_ww,
314 2000 + ver->fw_build_yy);
318 EXPORT_SYMBOL_GPL(btintel_version_info);
320 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
325 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
327 cmd_param[0] = fragment_type;
328 memcpy(cmd_param + 1, param, fragment_len);
330 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
331 cmd_param, HCI_INIT_TIMEOUT);
337 plen -= fragment_len;
338 param += fragment_len;
344 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
346 const struct firmware *fw;
351 err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
353 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
358 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
362 /* DDC file contains one or more DDC structure which has
363 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
365 while (fw->size > fw_ptr - fw->data) {
366 u8 cmd_plen = fw_ptr[0] + sizeof(u8);
368 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
371 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
373 release_firmware(fw);
381 release_firmware(fw);
383 bt_dev_info(hdev, "Applying Intel DDC parameters completed");
387 EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
389 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
393 err = btintel_enter_mfg(hdev);
397 ret = btintel_set_event_mask(hdev, debug);
399 err = btintel_exit_mfg(hdev, false, false);
405 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
407 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
411 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
413 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
418 if (skb->len != sizeof(*ver)) {
419 bt_dev_err(hdev, "Intel version event size mismatch");
424 memcpy(ver, skb->data, sizeof(*ver));
430 EXPORT_SYMBOL_GPL(btintel_read_version);
432 static int btintel_version_info_tlv(struct hci_dev *hdev,
433 struct intel_version_tlv *version)
437 /* The hardware platform number has a fixed value of 0x37 and
438 * for now only accept this single value.
440 if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) {
441 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
442 INTEL_HW_PLATFORM(version->cnvi_bt));
446 /* Check for supported iBT hardware variants of this firmware
449 * This check has been put in place to ensure correct forward
450 * compatibility options when newer hardware variants come along.
452 switch (INTEL_HW_VARIANT(version->cnvi_bt)) {
455 case 0x19: /* Slr-F */
459 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
460 INTEL_HW_VARIANT(version->cnvi_bt));
464 switch (version->img_type) {
466 variant = "Bootloader";
467 /* It is required that every single firmware fragment is acknowledged
468 * with a command complete event. If the boot parameters indicate
469 * that this bootloader does not send them, then abort the setup.
471 if (version->limited_cce != 0x00) {
472 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)",
473 version->limited_cce);
477 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */
478 if (version->sbe_type > 0x01) {
479 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)",
484 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id);
485 bt_dev_info(hdev, "Secure boot is %s",
486 version->secure_boot ? "enabled" : "disabled");
487 bt_dev_info(hdev, "OTP lock is %s",
488 version->otp_lock ? "enabled" : "disabled");
489 bt_dev_info(hdev, "API lock is %s",
490 version->api_lock ? "enabled" : "disabled");
491 bt_dev_info(hdev, "Debug lock is %s",
492 version->debug_lock ? "enabled" : "disabled");
493 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
494 version->min_fw_build_nn, version->min_fw_build_cw,
495 2000 + version->min_fw_build_yy);
498 variant = "Firmware";
501 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type);
505 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant,
506 2000 + (version->timestamp >> 8), version->timestamp & 0xff,
507 version->build_type, version->build_num);
512 static int btintel_parse_version_tlv(struct hci_dev *hdev,
513 struct intel_version_tlv *version,
516 /* Consume Command Complete Status field */
519 /* Event parameters contatin multiple TLVs. Read each of them
520 * and only keep the required data. Also, it use existing legacy
521 * version field like hw_platform, hw_variant, and fw_variant
522 * to keep the existing setup flow
525 struct intel_tlv *tlv;
527 /* Make sure skb has a minimum length of the header */
528 if (skb->len < sizeof(*tlv))
531 tlv = (struct intel_tlv *)skb->data;
533 /* Make sure skb has a enough data */
534 if (skb->len < tlv->len + sizeof(*tlv))
538 case INTEL_TLV_CNVI_TOP:
539 version->cnvi_top = get_unaligned_le32(tlv->val);
541 case INTEL_TLV_CNVR_TOP:
542 version->cnvr_top = get_unaligned_le32(tlv->val);
544 case INTEL_TLV_CNVI_BT:
545 version->cnvi_bt = get_unaligned_le32(tlv->val);
547 case INTEL_TLV_CNVR_BT:
548 version->cnvr_bt = get_unaligned_le32(tlv->val);
550 case INTEL_TLV_DEV_REV_ID:
551 version->dev_rev_id = get_unaligned_le16(tlv->val);
553 case INTEL_TLV_IMAGE_TYPE:
554 version->img_type = tlv->val[0];
556 case INTEL_TLV_TIME_STAMP:
557 /* If image type is Operational firmware (0x03), then
558 * running FW Calendar Week and Year information can
559 * be extracted from Timestamp information
561 version->min_fw_build_cw = tlv->val[0];
562 version->min_fw_build_yy = tlv->val[1];
563 version->timestamp = get_unaligned_le16(tlv->val);
565 case INTEL_TLV_BUILD_TYPE:
566 version->build_type = tlv->val[0];
568 case INTEL_TLV_BUILD_NUM:
569 /* If image type is Operational firmware (0x03), then
570 * running FW build number can be extracted from the
573 version->min_fw_build_nn = tlv->val[0];
574 version->build_num = get_unaligned_le32(tlv->val);
576 case INTEL_TLV_SECURE_BOOT:
577 version->secure_boot = tlv->val[0];
579 case INTEL_TLV_OTP_LOCK:
580 version->otp_lock = tlv->val[0];
582 case INTEL_TLV_API_LOCK:
583 version->api_lock = tlv->val[0];
585 case INTEL_TLV_DEBUG_LOCK:
586 version->debug_lock = tlv->val[0];
588 case INTEL_TLV_MIN_FW:
589 version->min_fw_build_nn = tlv->val[0];
590 version->min_fw_build_cw = tlv->val[1];
591 version->min_fw_build_yy = tlv->val[2];
593 case INTEL_TLV_LIMITED_CCE:
594 version->limited_cce = tlv->val[0];
596 case INTEL_TLV_SBE_TYPE:
597 version->sbe_type = tlv->val[0];
599 case INTEL_TLV_OTP_BDADDR:
600 memcpy(&version->otp_bd_addr, tlv->val,
604 /* Ignore rest of information */
607 /* consume the current tlv and move to next*/
608 skb_pull(skb, tlv->len + sizeof(*tlv));
614 static int btintel_read_version_tlv(struct hci_dev *hdev,
615 struct intel_version_tlv *version)
618 const u8 param[1] = { 0xFF };
623 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
625 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
631 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
637 btintel_parse_version_tlv(hdev, version, skb);
643 /* ------- REGMAP IBT SUPPORT ------- */
645 #define IBT_REG_MODE_8BIT 0x00
646 #define IBT_REG_MODE_16BIT 0x01
647 #define IBT_REG_MODE_32BIT 0x02
649 struct regmap_ibt_context {
650 struct hci_dev *hdev;
655 struct ibt_cp_reg_access {
662 struct ibt_rp_reg_access {
668 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
669 void *val, size_t val_size)
671 struct regmap_ibt_context *ctx = context;
672 struct ibt_cp_reg_access cp;
673 struct ibt_rp_reg_access *rp;
677 if (reg_size != sizeof(__le32))
682 cp.mode = IBT_REG_MODE_8BIT;
685 cp.mode = IBT_REG_MODE_16BIT;
688 cp.mode = IBT_REG_MODE_32BIT;
694 /* regmap provides a little-endian formatted addr */
695 cp.addr = *(__le32 *)addr;
698 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
700 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
704 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
705 le32_to_cpu(cp.addr), err);
709 if (skb->len != sizeof(*rp) + val_size) {
710 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
711 le32_to_cpu(cp.addr));
716 rp = (struct ibt_rp_reg_access *)skb->data;
718 if (rp->addr != cp.addr) {
719 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
720 le32_to_cpu(rp->addr));
725 memcpy(val, rp->data, val_size);
732 static int regmap_ibt_gather_write(void *context,
733 const void *addr, size_t reg_size,
734 const void *val, size_t val_size)
736 struct regmap_ibt_context *ctx = context;
737 struct ibt_cp_reg_access *cp;
739 int plen = sizeof(*cp) + val_size;
743 if (reg_size != sizeof(__le32))
748 mode = IBT_REG_MODE_8BIT;
751 mode = IBT_REG_MODE_16BIT;
754 mode = IBT_REG_MODE_32BIT;
760 cp = kmalloc(plen, GFP_KERNEL);
764 /* regmap provides a little-endian formatted addr/value */
765 cp->addr = *(__le32 *)addr;
768 memcpy(&cp->data, val, val_size);
770 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
772 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
775 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
776 le32_to_cpu(cp->addr), err);
786 static int regmap_ibt_write(void *context, const void *data, size_t count)
788 /* data contains register+value, since we only support 32bit addr,
789 * minimum data size is 4 bytes.
791 if (WARN_ONCE(count < 4, "Invalid register access"))
794 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
797 static void regmap_ibt_free_context(void *context)
802 static const struct regmap_bus regmap_ibt = {
803 .read = regmap_ibt_read,
804 .write = regmap_ibt_write,
805 .gather_write = regmap_ibt_gather_write,
806 .free_context = regmap_ibt_free_context,
807 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
808 .val_format_endian_default = REGMAP_ENDIAN_LITTLE,
811 /* Config is the same for all register regions */
812 static const struct regmap_config regmap_ibt_cfg = {
813 .name = "btintel_regmap",
818 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
821 struct regmap_ibt_context *ctx;
823 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
826 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
828 return ERR_PTR(-ENOMEM);
830 ctx->op_read = opcode_read;
831 ctx->op_write = opcode_write;
834 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg);
836 EXPORT_SYMBOL_GPL(btintel_regmap_init);
838 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param)
840 struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 };
843 params.boot_param = cpu_to_le32(boot_param);
845 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms,
848 bt_dev_err(hdev, "Failed to send Intel Reset command");
856 EXPORT_SYMBOL_GPL(btintel_send_intel_reset);
858 int btintel_read_boot_params(struct hci_dev *hdev,
859 struct intel_boot_params *params)
863 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
865 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
870 if (skb->len != sizeof(*params)) {
871 bt_dev_err(hdev, "Intel boot parameters size mismatch");
876 memcpy(params, skb->data, sizeof(*params));
880 if (params->status) {
881 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)",
883 return -bt_to_errno(params->status);
886 bt_dev_info(hdev, "Device revision is %u",
887 le16_to_cpu(params->dev_revid));
889 bt_dev_info(hdev, "Secure boot is %s",
890 params->secure_boot ? "enabled" : "disabled");
892 bt_dev_info(hdev, "OTP lock is %s",
893 params->otp_lock ? "enabled" : "disabled");
895 bt_dev_info(hdev, "API lock is %s",
896 params->api_lock ? "enabled" : "disabled");
898 bt_dev_info(hdev, "Debug lock is %s",
899 params->debug_lock ? "enabled" : "disabled");
901 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
902 params->min_fw_build_nn, params->min_fw_build_cw,
903 2000 + params->min_fw_build_yy);
907 EXPORT_SYMBOL_GPL(btintel_read_boot_params);
909 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev,
910 const struct firmware *fw)
914 /* Start the firmware download transaction with the Init fragment
915 * represented by the 128 bytes of CSS header.
917 err = btintel_secure_send(hdev, 0x00, 128, fw->data);
919 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
923 /* Send the 256 bytes of public key information from the firmware
924 * as the PKey fragment.
926 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
928 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
932 /* Send the 256 bytes of signature information from the firmware
933 * as the Sign fragment.
935 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
937 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err);
945 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev,
946 const struct firmware *fw)
950 /* Start the firmware download transaction with the Init fragment
951 * represented by the 128 bytes of CSS header.
953 err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644);
955 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
959 /* Send the 96 bytes of public key information from the firmware
960 * as the PKey fragment.
962 err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128);
964 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
968 /* Send the 96 bytes of signature information from the firmware
969 * as the Sign fragment
971 err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224);
973 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
980 static int btintel_download_firmware_payload(struct hci_dev *hdev,
981 const struct firmware *fw,
988 fw_ptr = fw->data + offset;
992 while (fw_ptr - fw->data < fw->size) {
993 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
995 frag_len += sizeof(*cmd) + cmd->plen;
997 /* The parameter length of the secure send command requires
998 * a 4 byte alignment. It happens so that the firmware file
999 * contains proper Intel_NOP commands to align the fragments
1002 * Send set of commands with 4 byte alignment from the
1003 * firmware data buffer as a single Data fragement.
1005 if (!(frag_len % 4)) {
1006 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
1009 "Failed to send firmware data (%d)",
1023 static bool btintel_firmware_version(struct hci_dev *hdev,
1024 u8 num, u8 ww, u8 yy,
1025 const struct firmware *fw,
1032 while (fw_ptr - fw->data < fw->size) {
1033 struct hci_command_hdr *cmd = (void *)(fw_ptr);
1035 /* Each SKU has a different reset parameter to use in the
1036 * HCI_Intel_Reset command and it is embedded in the firmware
1037 * data. So, instead of using static value per SKU, check
1038 * the firmware data and save it for later use.
1040 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) {
1041 struct cmd_write_boot_params *params;
1043 params = (void *)(fw_ptr + sizeof(*cmd));
1045 *boot_addr = le32_to_cpu(params->boot_addr);
1047 bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr);
1049 bt_dev_info(hdev, "Firmware Version: %u-%u.%u",
1050 params->fw_build_num, params->fw_build_ww,
1051 params->fw_build_yy);
1053 return (num == params->fw_build_num &&
1054 ww == params->fw_build_ww &&
1055 yy == params->fw_build_yy);
1058 fw_ptr += sizeof(*cmd) + cmd->plen;
1064 int btintel_download_firmware(struct hci_dev *hdev,
1065 struct intel_version *ver,
1066 const struct firmware *fw,
1071 /* SfP and WsP don't seem to update the firmware version on file
1072 * so version checking is currently not possible.
1074 switch (ver->hw_variant) {
1075 case 0x0b: /* SfP */
1076 case 0x0c: /* WsP */
1077 /* Skip version checking */
1081 /* Skip download if firmware has the same version */
1082 if (btintel_firmware_version(hdev, ver->fw_build_num,
1083 ver->fw_build_ww, ver->fw_build_yy,
1085 bt_dev_info(hdev, "Firmware already loaded");
1086 /* Return -EALREADY to indicate that the firmware has
1087 * already been loaded.
1093 /* The firmware variant determines if the device is in bootloader
1094 * mode or is running operational firmware. The value 0x06 identifies
1095 * the bootloader and the value 0x23 identifies the operational
1098 * If the firmware version has changed that means it needs to be reset
1099 * to bootloader when operational so the new firmware can be loaded.
1101 if (ver->fw_variant == 0x23)
1104 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1108 return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1110 EXPORT_SYMBOL_GPL(btintel_download_firmware);
1112 static int btintel_download_fw_tlv(struct hci_dev *hdev,
1113 struct intel_version_tlv *ver,
1114 const struct firmware *fw, u32 *boot_param,
1115 u8 hw_variant, u8 sbe_type)
1120 /* Skip download if firmware has the same version */
1121 if (btintel_firmware_version(hdev, ver->min_fw_build_nn,
1122 ver->min_fw_build_cw,
1123 ver->min_fw_build_yy,
1125 bt_dev_info(hdev, "Firmware already loaded");
1126 /* Return -EALREADY to indicate that firmware has
1127 * already been loaded.
1132 /* The firmware variant determines if the device is in bootloader
1133 * mode or is running operational firmware. The value 0x01 identifies
1134 * the bootloader and the value 0x03 identifies the operational
1137 * If the firmware version has changed that means it needs to be reset
1138 * to bootloader when operational so the new firmware can be loaded.
1140 if (ver->img_type == 0x03)
1143 /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support
1144 * only RSA secure boot engine. Hence, the corresponding sfi file will
1145 * have RSA header of 644 bytes followed by Command Buffer.
1147 * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA
1148 * secure boot engine. As a result, the corresponding sfi file will
1149 * have RSA header of 644, ECDSA header of 320 bytes followed by
1152 * CSS Header byte positions 0x08 to 0x0B represent the CSS Header
1153 * version: RSA(0x00010000) , ECDSA (0x00020000)
1155 css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET);
1156 if (css_header_ver != 0x00010000) {
1157 bt_dev_err(hdev, "Invalid CSS Header version");
1161 if (hw_variant <= 0x14) {
1162 if (sbe_type != 0x00) {
1163 bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)",
1168 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1172 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1175 } else if (hw_variant >= 0x17) {
1176 /* Check if CSS header for ECDSA follows the RSA header */
1177 if (fw->data[ECDSA_OFFSET] != 0x06)
1180 /* Check if the CSS Header version is ECDSA(0x00020000) */
1181 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET);
1182 if (css_header_ver != 0x00020000) {
1183 bt_dev_err(hdev, "Invalid CSS Header version");
1187 if (sbe_type == 0x00) {
1188 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1192 err = btintel_download_firmware_payload(hdev, fw,
1193 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1196 } else if (sbe_type == 0x01) {
1197 err = btintel_sfi_ecdsa_header_secure_send(hdev, fw);
1201 err = btintel_download_firmware_payload(hdev, fw,
1202 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1210 static void btintel_reset_to_bootloader(struct hci_dev *hdev)
1212 struct intel_reset params;
1213 struct sk_buff *skb;
1215 /* Send Intel Reset command. This will result in
1216 * re-enumeration of BT controller.
1218 * Intel Reset parameter description:
1219 * reset_type : 0x00 (Soft reset),
1221 * patch_enable : 0x00 (Do not enable),
1223 * ddc_reload : 0x00 (Do not reload),
1225 * boot_option: 0x00 (Current image),
1226 * 0x01 (Specified boot address)
1227 * boot_param: Boot address
1230 params.reset_type = 0x01;
1231 params.patch_enable = 0x01;
1232 params.ddc_reload = 0x01;
1233 params.boot_option = 0x00;
1234 params.boot_param = cpu_to_le32(0x00000000);
1236 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params),
1237 ¶ms, HCI_INIT_TIMEOUT);
1239 bt_dev_err(hdev, "FW download error recovery failed (%ld)",
1243 bt_dev_info(hdev, "Intel reset sent to retry FW download");
1246 /* Current Intel BT controllers(ThP/JfP) hold the USB reset
1247 * lines for 2ms when it receives Intel Reset in bootloader mode.
1248 * Whereas, the upcoming Intel BT controllers will hold USB reset
1249 * for 150ms. To keep the delay generic, 150ms is chosen here.
1254 static int btintel_read_debug_features(struct hci_dev *hdev,
1255 struct intel_debug_features *features)
1257 struct sk_buff *skb;
1260 /* Intel controller supports two pages, each page is of 128-bit
1261 * feature bit mask. And each bit defines specific feature support
1263 skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no,
1266 bt_dev_err(hdev, "Reading supported features failed (%ld)",
1268 return PTR_ERR(skb);
1271 if (skb->len != (sizeof(features->page1) + 3)) {
1272 bt_dev_err(hdev, "Supported features event size mismatch");
1277 memcpy(features->page1, skb->data + 3, sizeof(features->page1));
1279 /* Read the supported features page2 if required in future.
1285 static acpi_status btintel_ppag_callback(acpi_handle handle, u32 lvl, void *data,
1290 struct btintel_ppag *ppag = data;
1291 union acpi_object *p, *elements;
1292 struct acpi_buffer string = {ACPI_ALLOCATE_BUFFER, NULL};
1293 struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL};
1294 struct hci_dev *hdev = ppag->hdev;
1296 status = acpi_get_name(handle, ACPI_FULL_PATHNAME, &string);
1297 if (ACPI_FAILURE(status)) {
1298 bt_dev_warn(hdev, "ACPI Failure: %s", acpi_format_exception(status));
1302 if (strncmp(BTINTEL_PPAG_PREFIX, string.pointer,
1303 strlen(BTINTEL_PPAG_PREFIX))) {
1304 kfree(string.pointer);
1308 len = strlen(string.pointer);
1309 if (strncmp((char *)string.pointer + len - 4, BTINTEL_PPAG_NAME, 4)) {
1310 kfree(string.pointer);
1313 kfree(string.pointer);
1315 status = acpi_evaluate_object(handle, NULL, NULL, &buffer);
1316 if (ACPI_FAILURE(status)) {
1317 bt_dev_warn(hdev, "ACPI Failure: %s", acpi_format_exception(status));
1322 ppag = (struct btintel_ppag *)data;
1324 if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) {
1325 kfree(buffer.pointer);
1326 bt_dev_warn(hdev, "Invalid object type: %d or package count: %d",
1327 p->type, p->package.count);
1331 elements = p->package.elements;
1333 /* PPAG table is located at element[1] */
1336 ppag->domain = (u32)p->package.elements[0].integer.value;
1337 ppag->mode = (u32)p->package.elements[1].integer.value;
1338 kfree(buffer.pointer);
1339 return AE_CTRL_TERMINATE;
1342 static int btintel_set_debug_features(struct hci_dev *hdev,
1343 const struct intel_debug_features *features)
1345 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00,
1347 u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 };
1348 u8 trace_enable = 0x02;
1349 struct sk_buff *skb;
1352 bt_dev_warn(hdev, "Debug features not read");
1356 if (!(features->page1[0] & 0x3f)) {
1357 bt_dev_info(hdev, "Telemetry exception format not supported");
1361 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1363 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1365 return PTR_ERR(skb);
1369 skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT);
1371 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)",
1373 return PTR_ERR(skb);
1377 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1379 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)",
1381 return PTR_ERR(skb);
1385 bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x",
1386 trace_enable, mask[3]);
1391 static int btintel_reset_debug_features(struct hci_dev *hdev,
1392 const struct intel_debug_features *features)
1394 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
1396 u8 trace_enable = 0x00;
1397 struct sk_buff *skb;
1400 bt_dev_warn(hdev, "Debug features not read");
1404 if (!(features->page1[0] & 0x3f)) {
1405 bt_dev_info(hdev, "Telemetry exception format not supported");
1409 /* Should stop the trace before writing ddc event mask. */
1410 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1412 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)",
1414 return PTR_ERR(skb);
1418 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1420 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1422 return PTR_ERR(skb);
1426 bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x",
1427 trace_enable, mask[3]);
1432 int btintel_set_quality_report(struct hci_dev *hdev, bool enable)
1434 struct intel_debug_features features;
1437 bt_dev_dbg(hdev, "enable %d", enable);
1439 /* Read the Intel supported features and if new exception formats
1440 * supported, need to load the additional DDC config to enable.
1442 err = btintel_read_debug_features(hdev, &features);
1446 /* Set or reset the debug features. */
1448 err = btintel_set_debug_features(hdev, &features);
1450 err = btintel_reset_debug_features(hdev, &features);
1454 EXPORT_SYMBOL_GPL(btintel_set_quality_report);
1456 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev,
1457 struct intel_version *ver)
1459 const struct firmware *fw;
1463 snprintf(fwname, sizeof(fwname),
1464 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1465 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1466 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1467 ver->fw_build_ww, ver->fw_build_yy);
1469 ret = request_firmware(&fw, fwname, &hdev->dev);
1471 if (ret == -EINVAL) {
1472 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1477 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1480 /* If the correct firmware patch file is not found, use the
1481 * default firmware patch file instead
1483 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1484 ver->hw_platform, ver->hw_variant);
1485 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1486 bt_dev_err(hdev, "failed to open default fw file: %s",
1492 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1497 static int btintel_legacy_rom_patching(struct hci_dev *hdev,
1498 const struct firmware *fw,
1499 const u8 **fw_ptr, int *disable_patch)
1501 struct sk_buff *skb;
1502 struct hci_command_hdr *cmd;
1503 const u8 *cmd_param;
1504 struct hci_event_hdr *evt = NULL;
1505 const u8 *evt_param = NULL;
1506 int remain = fw->size - (*fw_ptr - fw->data);
1508 /* The first byte indicates the types of the patch command or event.
1509 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1510 * in the current firmware buffer doesn't start with 0x01 or
1511 * the size of remain buffer is smaller than HCI command header,
1512 * the firmware file is corrupted and it should stop the patching
1515 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1516 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1522 cmd = (struct hci_command_hdr *)(*fw_ptr);
1523 *fw_ptr += sizeof(*cmd);
1524 remain -= sizeof(*cmd);
1526 /* Ensure that the remain firmware data is long enough than the length
1527 * of command parameter. If not, the firmware file is corrupted.
1529 if (remain < cmd->plen) {
1530 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
1534 /* If there is a command that loads a patch in the firmware
1535 * file, then enable the patch upon success, otherwise just
1536 * disable the manufacturer mode, for example patch activation
1537 * is not required when the default firmware patch file is used
1538 * because there are no patch data to load.
1540 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1543 cmd_param = *fw_ptr;
1544 *fw_ptr += cmd->plen;
1545 remain -= cmd->plen;
1547 /* This reads the expected events when the above command is sent to the
1548 * device. Some vendor commands expects more than one events, for
1549 * example command status event followed by vendor specific event.
1550 * For this case, it only keeps the last expected event. so the command
1551 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1552 * last expected event.
1554 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1558 evt = (struct hci_event_hdr *)(*fw_ptr);
1559 *fw_ptr += sizeof(*evt);
1560 remain -= sizeof(*evt);
1562 if (remain < evt->plen) {
1563 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
1567 evt_param = *fw_ptr;
1568 *fw_ptr += evt->plen;
1569 remain -= evt->plen;
1572 /* Every HCI commands in the firmware file has its correspond event.
1573 * If event is not found or remain is smaller than zero, the firmware
1574 * file is corrupted.
1576 if (!evt || !evt_param || remain < 0) {
1577 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
1581 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1582 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1584 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
1585 cmd->opcode, PTR_ERR(skb));
1586 return PTR_ERR(skb);
1589 /* It ensures that the returned event matches the event data read from
1590 * the firmware file. At fist, it checks the length and then
1591 * the contents of the event.
1593 if (skb->len != evt->plen) {
1594 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
1595 le16_to_cpu(cmd->opcode));
1600 if (memcmp(skb->data, evt_param, evt->plen)) {
1601 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
1602 le16_to_cpu(cmd->opcode));
1611 static int btintel_legacy_rom_setup(struct hci_dev *hdev,
1612 struct intel_version *ver)
1614 const struct firmware *fw;
1616 int disable_patch, err;
1617 struct intel_version new_ver;
1619 BT_DBG("%s", hdev->name);
1621 /* fw_patch_num indicates the version of patch the device currently
1622 * have. If there is no patch data in the device, it is always 0x00.
1623 * So, if it is other than 0x00, no need to patch the device again.
1625 if (ver->fw_patch_num) {
1627 "Intel device is already patched. patch num: %02x",
1632 /* Opens the firmware patch file based on the firmware version read
1633 * from the controller. If it fails to open the matching firmware
1634 * patch file, it tries to open the default firmware patch file.
1635 * If no patch file is found, allow the device to operate without
1638 fw = btintel_legacy_rom_get_fw(hdev, ver);
1643 /* Enable the manufacturer mode of the controller.
1644 * Only while this mode is enabled, the driver can download the
1645 * firmware patch data and configuration parameters.
1647 err = btintel_enter_mfg(hdev);
1649 release_firmware(fw);
1655 /* The firmware data file consists of list of Intel specific HCI
1656 * commands and its expected events. The first byte indicates the
1657 * type of the message, either HCI command or HCI event.
1659 * It reads the command and its expected event from the firmware file,
1660 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1661 * the returned event is compared with the event read from the firmware
1662 * file and it will continue until all the messages are downloaded to
1665 * Once the firmware patching is completed successfully,
1666 * the manufacturer mode is disabled with reset and activating the
1669 * If the firmware patching fails, the manufacturer mode is
1670 * disabled with reset and deactivating the patch.
1672 * If the default patch file is used, no reset is done when disabling
1675 while (fw->size > fw_ptr - fw->data) {
1678 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr,
1681 goto exit_mfg_deactivate;
1684 release_firmware(fw);
1687 goto exit_mfg_disable;
1689 /* Patching completed successfully and disable the manufacturer mode
1690 * with reset and activate the downloaded firmware patches.
1692 err = btintel_exit_mfg(hdev, true, true);
1696 /* Need build number for downloaded fw patches in
1697 * every power-on boot
1699 err = btintel_read_version(hdev, &new_ver);
1703 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
1704 new_ver.fw_patch_num);
1709 /* Disable the manufacturer mode without reset */
1710 err = btintel_exit_mfg(hdev, false, false);
1714 bt_dev_info(hdev, "Intel firmware patch completed");
1718 exit_mfg_deactivate:
1719 release_firmware(fw);
1721 /* Patching failed. Disable the manufacturer mode with reset and
1722 * deactivate the downloaded firmware patches.
1724 err = btintel_exit_mfg(hdev, true, false);
1728 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1731 /* Set the event mask for Intel specific vendor events. This enables
1732 * a few extra events that are useful during general operation.
1734 btintel_set_event_mask_mfg(hdev, false);
1736 btintel_check_bdaddr(hdev);
1741 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1743 ktime_t delta, rettime;
1744 unsigned long long duration;
1747 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1749 bt_dev_info(hdev, "Waiting for firmware download to complete");
1751 err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING,
1753 msecs_to_jiffies(msec));
1754 if (err == -EINTR) {
1755 bt_dev_err(hdev, "Firmware loading interrupted");
1760 bt_dev_err(hdev, "Firmware loading timeout");
1764 if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) {
1765 bt_dev_err(hdev, "Firmware loading failed");
1769 rettime = ktime_get();
1770 delta = ktime_sub(rettime, calltime);
1771 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1773 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
1778 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1780 ktime_t delta, rettime;
1781 unsigned long long duration;
1784 bt_dev_info(hdev, "Waiting for device to boot");
1786 err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING,
1788 msecs_to_jiffies(msec));
1789 if (err == -EINTR) {
1790 bt_dev_err(hdev, "Device boot interrupted");
1795 bt_dev_err(hdev, "Device boot timeout");
1799 rettime = ktime_get();
1800 delta = ktime_sub(rettime, calltime);
1801 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
1803 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
1808 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
1813 calltime = ktime_get();
1815 btintel_set_flag(hdev, INTEL_BOOTING);
1817 err = btintel_send_intel_reset(hdev, boot_addr);
1819 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
1820 btintel_reset_to_bootloader(hdev);
1824 /* The bootloader will not indicate when the device is ready. This
1825 * is done by the operational firmware sending bootup notification.
1827 * Booting into operational firmware should not take longer than
1828 * 1 second. However if that happens, then just fail the setup
1829 * since something went wrong.
1831 err = btintel_boot_wait(hdev, calltime, 1000);
1832 if (err == -ETIMEDOUT)
1833 btintel_reset_to_bootloader(hdev);
1838 static int btintel_get_fw_name(struct intel_version *ver,
1839 struct intel_boot_params *params,
1840 char *fw_name, size_t len,
1843 switch (ver->hw_variant) {
1844 case 0x0b: /* SfP */
1845 case 0x0c: /* WsP */
1846 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
1848 le16_to_cpu(params->dev_revid),
1851 case 0x11: /* JfP */
1852 case 0x12: /* ThP */
1853 case 0x13: /* HrP */
1854 case 0x14: /* CcP */
1855 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
1868 static int btintel_download_fw(struct hci_dev *hdev,
1869 struct intel_version *ver,
1870 struct intel_boot_params *params,
1873 const struct firmware *fw;
1878 if (!ver || !params)
1881 /* The firmware variant determines if the device is in bootloader
1882 * mode or is running operational firmware. The value 0x06 identifies
1883 * the bootloader and the value 0x23 identifies the operational
1886 * When the operational firmware is already present, then only
1887 * the check for valid Bluetooth device address is needed. This
1888 * determines if the device will be added as configured or
1889 * unconfigured controller.
1891 * It is not possible to use the Secure Boot Parameters in this
1892 * case since that command is only available in bootloader mode.
1894 if (ver->fw_variant == 0x23) {
1895 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
1896 btintel_check_bdaddr(hdev);
1898 /* SfP and WsP don't seem to update the firmware version on file
1899 * so version checking is currently possible.
1901 switch (ver->hw_variant) {
1902 case 0x0b: /* SfP */
1903 case 0x0c: /* WsP */
1907 /* Proceed to download to check if the version matches */
1911 /* Read the secure boot parameters to identify the operating
1912 * details of the bootloader.
1914 err = btintel_read_boot_params(hdev, params);
1918 /* It is required that every single firmware fragment is acknowledged
1919 * with a command complete event. If the boot parameters indicate
1920 * that this bootloader does not send them, then abort the setup.
1922 if (params->limited_cce != 0x00) {
1923 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
1924 params->limited_cce);
1928 /* If the OTP has no valid Bluetooth device address, then there will
1929 * also be no valid address for the operational firmware.
1931 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
1932 bt_dev_info(hdev, "No device address configured");
1933 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
1937 /* With this Intel bootloader only the hardware variant and device
1938 * revision information are used to select the right firmware for SfP
1941 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
1943 * Currently the supported hardware variants are:
1944 * 11 (0x0b) for iBT3.0 (LnP/SfP)
1945 * 12 (0x0c) for iBT3.5 (WsP)
1947 * For ThP/JfP and for future SKU's, the FW name varies based on HW
1948 * variant, HW revision and FW revision, as these are dependent on CNVi
1949 * and RF Combination.
1951 * 17 (0x11) for iBT3.5 (JfP)
1952 * 18 (0x12) for iBT3.5 (ThP)
1954 * The firmware file name for these will be
1955 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
1958 err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi");
1960 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1961 /* Firmware has already been loaded */
1962 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1966 bt_dev_err(hdev, "Unsupported Intel firmware naming");
1970 err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
1972 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
1973 /* Firmware has already been loaded */
1974 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1978 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
1983 bt_dev_info(hdev, "Found device firmware: %s", fwname);
1985 if (fw->size < 644) {
1986 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
1992 calltime = ktime_get();
1994 btintel_set_flag(hdev, INTEL_DOWNLOADING);
1996 /* Start firmware downloading and get boot parameter */
1997 err = btintel_download_firmware(hdev, ver, fw, boot_param);
1999 if (err == -EALREADY) {
2000 /* Firmware has already been loaded */
2001 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2006 /* When FW download fails, send Intel Reset to retry
2009 btintel_reset_to_bootloader(hdev);
2013 /* Before switching the device into operational mode and with that
2014 * booting the loaded firmware, wait for the bootloader notification
2015 * that all fragments have been successfully received.
2017 * When the event processing receives the notification, then the
2018 * INTEL_DOWNLOADING flag will be cleared.
2020 * The firmware loading should not take longer than 5 seconds
2021 * and thus just timeout if that happens and fail the setup
2024 err = btintel_download_wait(hdev, calltime, 5000);
2025 if (err == -ETIMEDOUT)
2026 btintel_reset_to_bootloader(hdev);
2029 release_firmware(fw);
2033 static int btintel_bootloader_setup(struct hci_dev *hdev,
2034 struct intel_version *ver)
2036 struct intel_version new_ver;
2037 struct intel_boot_params params;
2042 BT_DBG("%s", hdev->name);
2044 /* Set the default boot parameter to 0x0 and it is updated to
2045 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2046 * command while downloading the firmware.
2048 boot_param = 0x00000000;
2050 btintel_set_flag(hdev, INTEL_BOOTLOADER);
2052 err = btintel_download_fw(hdev, ver, ¶ms, &boot_param);
2056 /* controller is already having an operational firmware */
2057 if (ver->fw_variant == 0x23)
2060 err = btintel_boot(hdev, boot_param);
2064 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2066 err = btintel_get_fw_name(ver, ¶ms, ddcname,
2067 sizeof(ddcname), "ddc");
2070 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2072 /* Once the device is running in operational mode, it needs to
2073 * apply the device configuration (DDC) parameters.
2075 * The device can work without DDC parameters, so even if it
2076 * fails to load the file, no need to fail the setup.
2078 btintel_load_ddc_config(hdev, ddcname);
2081 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2083 /* Read the Intel version information after loading the FW */
2084 err = btintel_read_version(hdev, &new_ver);
2088 btintel_version_info(hdev, &new_ver);
2091 /* Set the event mask for Intel specific vendor events. This enables
2092 * a few extra events that are useful during general operation. It
2093 * does not enable any debugging related events.
2095 * The device will function correctly without these events enabled
2096 * and thus no need to fail the setup.
2098 btintel_set_event_mask(hdev, false);
2103 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver,
2104 char *fw_name, size_t len,
2107 /* The firmware file name for new generation controllers will be
2108 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step>
2110 snprintf(fw_name, len, "intel/ibt-%04x-%04x.%s",
2111 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
2112 INTEL_CNVX_TOP_STEP(ver->cnvi_top)),
2113 INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
2114 INTEL_CNVX_TOP_STEP(ver->cnvr_top)),
2118 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
2119 struct intel_version_tlv *ver,
2122 const struct firmware *fw;
2127 if (!ver || !boot_param)
2130 /* The firmware variant determines if the device is in bootloader
2131 * mode or is running operational firmware. The value 0x03 identifies
2132 * the bootloader and the value 0x23 identifies the operational
2135 * When the operational firmware is already present, then only
2136 * the check for valid Bluetooth device address is needed. This
2137 * determines if the device will be added as configured or
2138 * unconfigured controller.
2140 * It is not possible to use the Secure Boot Parameters in this
2141 * case since that command is only available in bootloader mode.
2143 if (ver->img_type == 0x03) {
2144 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2145 btintel_check_bdaddr(hdev);
2148 * Check for valid bd address in boot loader mode. Device
2149 * will be marked as unconfigured if empty bd address is
2152 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) {
2153 bt_dev_info(hdev, "No device address configured");
2154 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2158 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
2159 err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
2161 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2162 /* Firmware has already been loaded */
2163 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2167 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
2173 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2175 if (fw->size < 644) {
2176 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2182 calltime = ktime_get();
2184 btintel_set_flag(hdev, INTEL_DOWNLOADING);
2186 /* Start firmware downloading and get boot parameter */
2187 err = btintel_download_fw_tlv(hdev, ver, fw, boot_param,
2188 INTEL_HW_VARIANT(ver->cnvi_bt),
2191 if (err == -EALREADY) {
2192 /* Firmware has already been loaded */
2193 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2198 /* When FW download fails, send Intel Reset to retry
2201 btintel_reset_to_bootloader(hdev);
2205 /* Before switching the device into operational mode and with that
2206 * booting the loaded firmware, wait for the bootloader notification
2207 * that all fragments have been successfully received.
2209 * When the event processing receives the notification, then the
2210 * BTUSB_DOWNLOADING flag will be cleared.
2212 * The firmware loading should not take longer than 5 seconds
2213 * and thus just timeout if that happens and fail the setup
2216 err = btintel_download_wait(hdev, calltime, 5000);
2217 if (err == -ETIMEDOUT)
2218 btintel_reset_to_bootloader(hdev);
2221 release_firmware(fw);
2225 static int btintel_get_codec_config_data(struct hci_dev *hdev,
2226 __u8 link, struct bt_codec *codec,
2227 __u8 *ven_len, __u8 **ven_data)
2231 if (!ven_data || !ven_len)
2237 if (link != ESCO_LINK) {
2238 bt_dev_err(hdev, "Invalid link type(%u)", link);
2242 *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL);
2248 /* supports only CVSD and mSBC offload codecs */
2249 switch (codec->id) {
2258 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id);
2261 /* codec and its capabilities are pre-defined to ids
2262 * preset id = 0x00 represents CVSD codec with sampling rate 8K
2263 * preset id = 0x01 represents mSBC codec with sampling rate 16K
2265 *ven_len = sizeof(__u8);
2274 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
2276 /* Intel uses 1 as data path id for all the usecases */
2281 static int btintel_configure_offload(struct hci_dev *hdev)
2283 struct sk_buff *skb;
2285 struct intel_offload_use_cases *use_cases;
2287 skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT);
2289 bt_dev_err(hdev, "Reading offload use cases failed (%ld)",
2291 return PTR_ERR(skb);
2294 if (skb->len < sizeof(*use_cases)) {
2299 use_cases = (void *)skb->data;
2301 if (use_cases->status) {
2302 err = -bt_to_errno(skb->data[0]);
2306 if (use_cases->preset[0] & 0x03) {
2307 hdev->get_data_path_id = btintel_get_data_path_id;
2308 hdev->get_codec_config_data = btintel_get_codec_config_data;
2315 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver)
2318 struct btintel_ppag ppag;
2319 struct sk_buff *skb;
2320 struct btintel_loc_aware_reg ppag_cmd;
2322 /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */
2323 switch (ver->cnvr_top & 0xFFF) {
2324 case 0x504: /* Hrp2 */
2325 case 0x202: /* Jfp2 */
2326 case 0x201: /* Jfp1 */
2330 memset(&ppag, 0, sizeof(ppag));
2333 status = acpi_walk_namespace(ACPI_TYPE_ANY, ACPI_ROOT_OBJECT,
2334 ACPI_UINT32_MAX, NULL,
2335 btintel_ppag_callback, &ppag, NULL);
2337 if (ACPI_FAILURE(status)) {
2338 /* Do not log warning message if ACPI entry is not found */
2339 if (status == AE_NOT_FOUND)
2341 bt_dev_warn(hdev, "PPAG: ACPI Failure: %s", acpi_format_exception(status));
2345 if (ppag.domain != 0x12) {
2346 bt_dev_warn(hdev, "PPAG-BT Domain disabled");
2350 /* PPAG mode, BIT0 = 0 Disabled, BIT0 = 1 Enabled */
2351 if (!(ppag.mode & BIT(0))) {
2352 bt_dev_dbg(hdev, "PPAG disabled");
2356 ppag_cmd.mcc = cpu_to_le32(0);
2357 ppag_cmd.sel = cpu_to_le32(0); /* 0 - Enable , 1 - Disable, 2 - Testing mode */
2358 ppag_cmd.delta = cpu_to_le32(0);
2359 skb = __hci_cmd_sync(hdev, 0xfe19, sizeof(ppag_cmd), &ppag_cmd, HCI_CMD_TIMEOUT);
2361 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb));
2367 static int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
2368 struct intel_version_tlv *ver)
2373 struct intel_version_tlv new_ver;
2375 bt_dev_dbg(hdev, "");
2377 /* Set the default boot parameter to 0x0 and it is updated to
2378 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2379 * command while downloading the firmware.
2381 boot_param = 0x00000000;
2383 btintel_set_flag(hdev, INTEL_BOOTLOADER);
2385 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
2389 /* check if controller is already having an operational firmware */
2390 if (ver->img_type == 0x03)
2393 err = btintel_boot(hdev, boot_param);
2397 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2399 btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc");
2400 /* Once the device is running in operational mode, it needs to
2401 * apply the device configuration (DDC) parameters.
2403 * The device can work without DDC parameters, so even if it
2404 * fails to load the file, no need to fail the setup.
2406 btintel_load_ddc_config(hdev, ddcname);
2408 /* Read supported use cases and set callbacks to fetch datapath id */
2409 btintel_configure_offload(hdev);
2411 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2413 /* Set PPAG feature */
2414 btintel_set_ppag(hdev, ver);
2416 /* Read the Intel version information after loading the FW */
2417 err = btintel_read_version_tlv(hdev, &new_ver);
2421 btintel_version_info_tlv(hdev, &new_ver);
2424 /* Set the event mask for Intel specific vendor events. This enables
2425 * a few extra events that are useful during general operation. It
2426 * does not enable any debugging related events.
2428 * The device will function correctly without these events enabled
2429 * and thus no need to fail the setup.
2431 btintel_set_event_mask(hdev, false);
2436 static void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant)
2438 switch (hw_variant) {
2439 /* Legacy bootloader devices that supports MSFT Extension */
2440 case 0x11: /* JfP */
2441 case 0x12: /* ThP */
2442 case 0x13: /* HrP */
2443 case 0x14: /* CcP */
2444 /* All Intel new genration controllers support the Microsoft vendor
2445 * extension are using 0xFC1E for VsMsftOpCode.
2451 hci_set_msft_opcode(hdev, 0xFC1E);
2459 static int btintel_setup_combined(struct hci_dev *hdev)
2461 const u8 param[1] = { 0xFF };
2462 struct intel_version ver;
2463 struct intel_version_tlv ver_tlv;
2464 struct sk_buff *skb;
2467 BT_DBG("%s", hdev->name);
2469 /* The some controllers have a bug with the first HCI command sent to it
2470 * returning number of completed commands as zero. This would stall the
2471 * command processing in the Bluetooth core.
2473 * As a workaround, send HCI Reset command first which will reset the
2474 * number of completed commands and allow normal command processing
2477 * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe
2478 * in the SW_RFKILL ON state as a workaround of fixing LED issue during
2479 * the shutdown() procedure, and once the device is in SW_RFKILL ON
2480 * state, the only way to exit out of it is sending the HCI_Reset
2483 if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) ||
2484 btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
2485 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
2489 "sending initial HCI reset failed (%ld)",
2491 return PTR_ERR(skb);
2496 /* Starting from TyP device, the command parameter and response are
2497 * changed even though the OCF for HCI_Intel_Read_Version command
2498 * remains same. The legacy devices can handle even if the
2499 * command has a parameter and returns a correct version information.
2500 * So, it uses new format to support both legacy and new format.
2502 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
2504 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
2506 return PTR_ERR(skb);
2509 /* Check the status */
2511 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
2517 /* Apply the common HCI quirks for Intel device */
2518 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
2519 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
2520 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
2522 /* Set up the quality report callback for Intel devices */
2523 hdev->set_quality_report = btintel_set_quality_report;
2525 /* For Legacy device, check the HW platform value and size */
2526 if (skb->len == sizeof(ver) && skb->data[1] == 0x37) {
2527 bt_dev_dbg(hdev, "Read the legacy Intel version information");
2529 memcpy(&ver, skb->data, sizeof(ver));
2531 /* Display version information */
2532 btintel_version_info(hdev, &ver);
2534 /* Check for supported iBT hardware variants of this firmware
2537 * This check has been put in place to ensure correct forward
2538 * compatibility options when newer hardware variants come
2541 switch (ver.hw_variant) {
2543 case 0x08: /* StP */
2544 /* Legacy ROM product */
2545 btintel_set_flag(hdev, INTEL_ROM_LEGACY);
2547 /* Apply the device specific HCI quirks
2549 * WBS for SdP - For the Legacy ROM products, only SdP
2550 * supports the WBS. But the version information is not
2551 * enough to use here because the StP2 and SdP have same
2552 * hw_variant and fw_variant. So, this flag is set by
2553 * the transport driver (btusb) based on the HW info
2556 if (!btintel_test_flag(hdev,
2557 INTEL_ROM_LEGACY_NO_WBS_SUPPORT))
2558 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
2560 if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22)
2561 set_bit(HCI_QUIRK_VALID_LE_STATES,
2564 err = btintel_legacy_rom_setup(hdev, &ver);
2566 case 0x0b: /* SfP */
2567 case 0x11: /* JfP */
2568 case 0x12: /* ThP */
2569 case 0x13: /* HrP */
2570 case 0x14: /* CcP */
2571 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
2573 case 0x0c: /* WsP */
2574 /* Apply the device specific HCI quirks
2576 * All Legacy bootloader devices support WBS
2578 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
2581 /* Setup MSFT Extension support */
2582 btintel_set_msft_opcode(hdev, ver.hw_variant);
2584 err = btintel_bootloader_setup(hdev, &ver);
2587 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
2595 /* memset ver_tlv to start with clean state as few fields are exclusive
2596 * to bootloader mode and are not populated in operational mode
2598 memset(&ver_tlv, 0, sizeof(ver_tlv));
2599 /* For TLV type device, parse the tlv data */
2600 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
2602 bt_dev_err(hdev, "Failed to parse TLV version information");
2606 if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) {
2607 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
2608 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
2613 /* Check for supported iBT hardware variants of this firmware
2616 * This check has been put in place to ensure correct forward
2617 * compatibility options when newer hardware variants come
2620 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
2621 case 0x11: /* JfP */
2622 case 0x12: /* ThP */
2623 case 0x13: /* HrP */
2624 case 0x14: /* CcP */
2625 /* Some legacy bootloader devices starting from JfP,
2626 * the operational firmware supports both old and TLV based
2627 * HCI_Intel_Read_Version command based on the command
2630 * For upgrading firmware case, the TLV based version cannot
2631 * be used because the firmware filename for legacy bootloader
2632 * is based on the old format.
2634 * Also, it is not easy to convert TLV based version from the
2635 * legacy version format.
2637 * So, as a workaround for those devices, use the legacy
2638 * HCI_Intel_Read_Version to get the version information and
2639 * run the legacy bootloader setup.
2641 err = btintel_read_version(hdev, &ver);
2645 /* Apply the device specific HCI quirks
2647 * All Legacy bootloader devices support WBS
2649 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
2651 /* Set Valid LE States quirk */
2652 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
2654 /* Setup MSFT Extension support */
2655 btintel_set_msft_opcode(hdev, ver.hw_variant);
2657 err = btintel_bootloader_setup(hdev, &ver);
2663 /* Display version information of TLV type */
2664 btintel_version_info_tlv(hdev, &ver_tlv);
2666 /* Apply the device specific HCI quirks for TLV based devices
2668 * All TLV based devices support WBS
2670 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
2672 /* Valid LE States quirk for GfP */
2673 if (INTEL_HW_VARIANT(ver_tlv.cnvi_bt) == 0x18)
2674 set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
2676 /* Setup MSFT Extension support */
2677 btintel_set_msft_opcode(hdev,
2678 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
2680 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
2683 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
2684 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
2695 static int btintel_shutdown_combined(struct hci_dev *hdev)
2697 struct sk_buff *skb;
2700 /* Send HCI Reset to the controller to stop any BT activity which
2701 * were triggered. This will help to save power and maintain the
2702 * sync b/w Host and controller
2704 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2706 bt_dev_err(hdev, "HCI reset during shutdown failed");
2707 return PTR_ERR(skb);
2712 /* Some platforms have an issue with BT LED when the interface is
2713 * down or BT radio is turned off, which takes 5 seconds to BT LED
2714 * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the
2715 * device in the RFKILL ON state which turns off the BT LED immediately.
2717 if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
2718 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2721 bt_dev_err(hdev, "turning off Intel device LED failed");
2730 int btintel_configure_setup(struct hci_dev *hdev)
2732 hdev->manufacturer = 2;
2733 hdev->setup = btintel_setup_combined;
2734 hdev->shutdown = btintel_shutdown_combined;
2735 hdev->hw_error = btintel_hw_error;
2736 hdev->set_diag = btintel_set_diag_combined;
2737 hdev->set_bdaddr = btintel_set_bdaddr;
2741 EXPORT_SYMBOL_GPL(btintel_configure_setup);
2743 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len)
2745 const struct intel_bootup *evt = ptr;
2747 if (len != sizeof(*evt))
2750 if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING))
2751 btintel_wake_up_flag(hdev, INTEL_BOOTING);
2753 EXPORT_SYMBOL_GPL(btintel_bootup);
2755 void btintel_secure_send_result(struct hci_dev *hdev,
2756 const void *ptr, unsigned int len)
2758 const struct intel_secure_send_result *evt = ptr;
2760 if (len != sizeof(*evt))
2764 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED);
2766 if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) &&
2767 btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED))
2768 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING);
2770 EXPORT_SYMBOL_GPL(btintel_secure_send_result);
2772 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2773 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
2774 MODULE_VERSION(VERSION);
2775 MODULE_LICENSE("GPL");
2776 MODULE_FIRMWARE("intel/ibt-11-5.sfi");
2777 MODULE_FIRMWARE("intel/ibt-11-5.ddc");
2778 MODULE_FIRMWARE("intel/ibt-12-16.sfi");
2779 MODULE_FIRMWARE("intel/ibt-12-16.ddc");
projects / platform / kernel / linux-starfive.git / blob