1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Bluetooth support for Intel devices
6 * Copyright (C) 2015 Intel Corporation
9 #include <linux/module.h>
10 #include <linux/firmware.h>
11 #include <linux/regmap.h>
12 #include <linux/string_choices.h>
13 #include <linux/acpi.h>
14 #include <acpi/acpi_bus.h>
15 #include <linux/unaligned.h>
16 #include <linux/efi.h>
18 #include <net/bluetooth/bluetooth.h>
19 #include <net/bluetooth/hci_core.h>
25 #define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
26 #define RSA_HEADER_LEN 644
27 #define CSS_HEADER_OFFSET 8
28 #define ECDSA_OFFSET 644
29 #define ECDSA_HEADER_LEN 320
31 #define BTINTEL_EFI_DSBR L"UefiCnvCommonDSBR"
34 DSM_SET_WDISABLE2_DELAY = 1,
35 DSM_SET_RESET_METHOD = 3,
38 #define CMD_WRITE_BOOT_PARAMS 0xfc0e
39 struct cmd_write_boot_params {
47 const char *driver_name;
52 static const guid_t btintel_guid_dsm =
53 GUID_INIT(0xaa10f4e0, 0x81ac, 0x4233,
54 0xab, 0xf6, 0x3b, 0x2a, 0xc5, 0x0e, 0x28, 0xd9);
56 int btintel_check_bdaddr(struct hci_dev *hdev)
58 struct hci_rp_read_bd_addr *bda;
61 skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
64 int err = PTR_ERR(skb);
65 bt_dev_err(hdev, "Reading Intel device address failed (%d)",
70 if (skb->len != sizeof(*bda)) {
71 bt_dev_err(hdev, "Intel device address length mismatch");
76 bda = (struct hci_rp_read_bd_addr *)skb->data;
78 /* For some Intel based controllers, the default Bluetooth device
79 * address 00:03:19:9E:8B:00 can be found. These controllers are
80 * fully operational, but have the danger of duplicate addresses
81 * and that in turn can cause problems with Bluetooth operation.
83 if (!bacmp(&bda->bdaddr, BDADDR_INTEL)) {
84 bt_dev_err(hdev, "Found Intel default device address (%pMR)",
86 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
93 EXPORT_SYMBOL_GPL(btintel_check_bdaddr);
95 int btintel_enter_mfg(struct hci_dev *hdev)
97 static const u8 param[] = { 0x01, 0x00 };
100 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
102 bt_dev_err(hdev, "Entering manufacturer mode failed (%ld)",
110 EXPORT_SYMBOL_GPL(btintel_enter_mfg);
112 int btintel_exit_mfg(struct hci_dev *hdev, bool reset, bool patched)
114 u8 param[] = { 0x00, 0x00 };
117 /* The 2nd command parameter specifies the manufacturing exit method:
118 * 0x00: Just disable the manufacturing mode (0x00).
119 * 0x01: Disable manufacturing mode and reset with patches deactivated.
120 * 0x02: Disable manufacturing mode and reset with patches activated.
123 param[1] |= patched ? 0x02 : 0x01;
125 skb = __hci_cmd_sync(hdev, 0xfc11, 2, param, HCI_CMD_TIMEOUT);
127 bt_dev_err(hdev, "Exiting manufacturer mode failed (%ld)",
135 EXPORT_SYMBOL_GPL(btintel_exit_mfg);
137 int btintel_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
142 skb = __hci_cmd_sync(hdev, 0xfc31, 6, bdaddr, HCI_INIT_TIMEOUT);
145 bt_dev_err(hdev, "Changing Intel device address failed (%d)",
153 EXPORT_SYMBOL_GPL(btintel_set_bdaddr);
155 static int btintel_set_event_mask(struct hci_dev *hdev, bool debug)
157 u8 mask[8] = { 0x87, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
164 skb = __hci_cmd_sync(hdev, 0xfc52, 8, mask, HCI_INIT_TIMEOUT);
167 bt_dev_err(hdev, "Setting Intel event mask failed (%d)", err);
175 int btintel_set_diag(struct hci_dev *hdev, bool enable)
191 skb = __hci_cmd_sync(hdev, 0xfc43, 3, param, HCI_INIT_TIMEOUT);
196 bt_dev_err(hdev, "Changing Intel diagnostic mode failed (%d)",
203 btintel_set_event_mask(hdev, enable);
206 EXPORT_SYMBOL_GPL(btintel_set_diag);
208 static int btintel_set_diag_mfg(struct hci_dev *hdev, bool enable)
212 err = btintel_enter_mfg(hdev);
216 ret = btintel_set_diag(hdev, enable);
218 err = btintel_exit_mfg(hdev, false, false);
225 static int btintel_set_diag_combined(struct hci_dev *hdev, bool enable)
229 /* Legacy ROM device needs to be in the manufacturer mode to apply
232 * This flag is set after reading the Intel version.
234 if (btintel_test_flag(hdev, INTEL_ROM_LEGACY))
235 ret = btintel_set_diag_mfg(hdev, enable);
237 ret = btintel_set_diag(hdev, enable);
242 void btintel_hw_error(struct hci_dev *hdev, u8 code)
247 bt_dev_err(hdev, "Hardware error 0x%2.2x", code);
249 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
251 bt_dev_err(hdev, "Reset after hardware error failed (%ld)",
257 skb = __hci_cmd_sync(hdev, 0xfc22, 1, &type, HCI_INIT_TIMEOUT);
259 bt_dev_err(hdev, "Retrieving Intel exception info failed (%ld)",
264 if (skb->len != 13) {
265 bt_dev_err(hdev, "Exception info size mismatch");
270 bt_dev_err(hdev, "Exception info %s", (char *)(skb->data + 1));
274 EXPORT_SYMBOL_GPL(btintel_hw_error);
276 int btintel_version_info(struct hci_dev *hdev, struct intel_version *ver)
280 /* The hardware platform number has a fixed value of 0x37 and
281 * for now only accept this single value.
283 if (ver->hw_platform != 0x37) {
284 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
289 /* Check for supported iBT hardware variants of this firmware
292 * This check has been put in place to ensure correct forward
293 * compatibility options when newer hardware variants come along.
295 switch (ver->hw_variant) {
296 case 0x07: /* WP - Legacy ROM */
297 case 0x08: /* StP - Legacy ROM */
306 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
311 switch (ver->fw_variant) {
313 variant = "Legacy ROM 2.5";
316 variant = "Bootloader";
319 variant = "Legacy ROM 2.x";
322 variant = "Firmware";
325 bt_dev_err(hdev, "Unsupported firmware variant(%02x)", ver->fw_variant);
329 coredump_info.hw_variant = ver->hw_variant;
330 coredump_info.fw_build_num = ver->fw_build_num;
332 bt_dev_info(hdev, "%s revision %u.%u build %u week %u %u",
333 variant, ver->fw_revision >> 4, ver->fw_revision & 0x0f,
334 ver->fw_build_num, ver->fw_build_ww,
335 2000 + ver->fw_build_yy);
339 EXPORT_SYMBOL_GPL(btintel_version_info);
341 static int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
346 u8 cmd_param[253], fragment_len = (plen > 252) ? 252 : plen;
348 cmd_param[0] = fragment_type;
349 memcpy(cmd_param + 1, param, fragment_len);
351 skb = __hci_cmd_sync(hdev, 0xfc09, fragment_len + 1,
352 cmd_param, HCI_INIT_TIMEOUT);
358 plen -= fragment_len;
359 param += fragment_len;
365 int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name)
367 const struct firmware *fw;
372 err = request_firmware_direct(&fw, ddc_name, &hdev->dev);
374 bt_dev_err(hdev, "Failed to load Intel DDC file %s (%d)",
379 bt_dev_info(hdev, "Found Intel DDC parameters: %s", ddc_name);
383 /* DDC file contains one or more DDC structure which has
384 * Length (1 byte), DDC ID (2 bytes), and DDC value (Length - 2).
386 while (fw->size > fw_ptr - fw->data) {
387 u8 cmd_plen = fw_ptr[0] + sizeof(u8);
389 skb = __hci_cmd_sync(hdev, 0xfc8b, cmd_plen, fw_ptr,
392 bt_dev_err(hdev, "Failed to send Intel_Write_DDC (%ld)",
394 release_firmware(fw);
402 release_firmware(fw);
404 bt_dev_info(hdev, "Applying Intel DDC parameters completed");
408 EXPORT_SYMBOL_GPL(btintel_load_ddc_config);
410 int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug)
414 err = btintel_enter_mfg(hdev);
418 ret = btintel_set_event_mask(hdev, debug);
420 err = btintel_exit_mfg(hdev, false, false);
426 EXPORT_SYMBOL_GPL(btintel_set_event_mask_mfg);
428 int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
432 skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
434 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
439 if (!skb || skb->len != sizeof(*ver)) {
440 bt_dev_err(hdev, "Intel version event size mismatch");
445 memcpy(ver, skb->data, sizeof(*ver));
451 EXPORT_SYMBOL_GPL(btintel_read_version);
453 int btintel_version_info_tlv(struct hci_dev *hdev,
454 struct intel_version_tlv *version)
458 /* The hardware platform number has a fixed value of 0x37 and
459 * for now only accept this single value.
461 if (INTEL_HW_PLATFORM(version->cnvi_bt) != 0x37) {
462 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
463 INTEL_HW_PLATFORM(version->cnvi_bt));
467 /* Check for supported iBT hardware variants of this firmware
470 * This check has been put in place to ensure correct forward
471 * compatibility options when newer hardware variants come along.
473 switch (INTEL_HW_VARIANT(version->cnvi_bt)) {
476 case 0x19: /* Slr-F */
478 case 0x1c: /* Gale Peak (GaP) */
479 case 0x1d: /* BlazarU (BzrU) */
480 case 0x1e: /* BlazarI (Bzr) */
483 bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
484 INTEL_HW_VARIANT(version->cnvi_bt));
488 switch (version->img_type) {
489 case BTINTEL_IMG_BOOTLOADER:
490 variant = "Bootloader";
491 /* It is required that every single firmware fragment is acknowledged
492 * with a command complete event. If the boot parameters indicate
493 * that this bootloader does not send them, then abort the setup.
495 if (version->limited_cce != 0x00) {
496 bt_dev_err(hdev, "Unsupported Intel firmware loading method (0x%x)",
497 version->limited_cce);
501 /* Secure boot engine type should be either 1 (ECDSA) or 0 (RSA) */
502 if (version->sbe_type > 0x01) {
503 bt_dev_err(hdev, "Unsupported Intel secure boot engine type (0x%x)",
508 bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id);
509 bt_dev_info(hdev, "Secure boot is %s",
510 str_enabled_disabled(version->secure_boot));
511 bt_dev_info(hdev, "OTP lock is %s",
512 str_enabled_disabled(version->otp_lock));
513 bt_dev_info(hdev, "API lock is %s",
514 str_enabled_disabled(version->api_lock));
515 bt_dev_info(hdev, "Debug lock is %s",
516 str_enabled_disabled(version->debug_lock));
517 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
518 version->min_fw_build_nn, version->min_fw_build_cw,
519 2000 + version->min_fw_build_yy);
521 case BTINTEL_IMG_IML:
522 variant = "Intermediate loader";
525 variant = "Firmware";
528 bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type);
532 coredump_info.hw_variant = INTEL_HW_VARIANT(version->cnvi_bt);
533 coredump_info.fw_build_num = version->build_num;
535 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant,
536 2000 + (version->timestamp >> 8), version->timestamp & 0xff,
537 version->build_type, version->build_num);
538 if (version->img_type == BTINTEL_IMG_OP)
539 bt_dev_info(hdev, "Firmware SHA1: 0x%8.8x", version->git_sha1);
543 EXPORT_SYMBOL_GPL(btintel_version_info_tlv);
545 int btintel_parse_version_tlv(struct hci_dev *hdev,
546 struct intel_version_tlv *version,
549 /* Consume Command Complete Status field */
552 /* Event parameters contatin multiple TLVs. Read each of them
553 * and only keep the required data. Also, it use existing legacy
554 * version field like hw_platform, hw_variant, and fw_variant
555 * to keep the existing setup flow
558 struct intel_tlv *tlv;
560 /* Make sure skb has a minimum length of the header */
561 if (skb->len < sizeof(*tlv))
564 tlv = (struct intel_tlv *)skb->data;
566 /* Make sure skb has a enough data */
567 if (skb->len < tlv->len + sizeof(*tlv))
571 case INTEL_TLV_CNVI_TOP:
572 version->cnvi_top = get_unaligned_le32(tlv->val);
574 case INTEL_TLV_CNVR_TOP:
575 version->cnvr_top = get_unaligned_le32(tlv->val);
577 case INTEL_TLV_CNVI_BT:
578 version->cnvi_bt = get_unaligned_le32(tlv->val);
580 case INTEL_TLV_CNVR_BT:
581 version->cnvr_bt = get_unaligned_le32(tlv->val);
583 case INTEL_TLV_DEV_REV_ID:
584 version->dev_rev_id = get_unaligned_le16(tlv->val);
586 case INTEL_TLV_IMAGE_TYPE:
587 version->img_type = tlv->val[0];
589 case INTEL_TLV_TIME_STAMP:
590 /* If image type is Operational firmware (0x03), then
591 * running FW Calendar Week and Year information can
592 * be extracted from Timestamp information
594 version->min_fw_build_cw = tlv->val[0];
595 version->min_fw_build_yy = tlv->val[1];
596 version->timestamp = get_unaligned_le16(tlv->val);
598 case INTEL_TLV_BUILD_TYPE:
599 version->build_type = tlv->val[0];
601 case INTEL_TLV_BUILD_NUM:
602 /* If image type is Operational firmware (0x03), then
603 * running FW build number can be extracted from the
606 version->min_fw_build_nn = tlv->val[0];
607 version->build_num = get_unaligned_le32(tlv->val);
609 case INTEL_TLV_SECURE_BOOT:
610 version->secure_boot = tlv->val[0];
612 case INTEL_TLV_OTP_LOCK:
613 version->otp_lock = tlv->val[0];
615 case INTEL_TLV_API_LOCK:
616 version->api_lock = tlv->val[0];
618 case INTEL_TLV_DEBUG_LOCK:
619 version->debug_lock = tlv->val[0];
621 case INTEL_TLV_MIN_FW:
622 version->min_fw_build_nn = tlv->val[0];
623 version->min_fw_build_cw = tlv->val[1];
624 version->min_fw_build_yy = tlv->val[2];
626 case INTEL_TLV_LIMITED_CCE:
627 version->limited_cce = tlv->val[0];
629 case INTEL_TLV_SBE_TYPE:
630 version->sbe_type = tlv->val[0];
632 case INTEL_TLV_OTP_BDADDR:
633 memcpy(&version->otp_bd_addr, tlv->val,
636 case INTEL_TLV_GIT_SHA1:
637 version->git_sha1 = get_unaligned_le32(tlv->val);
639 case INTEL_TLV_FW_ID:
640 snprintf(version->fw_id, sizeof(version->fw_id),
644 /* Ignore rest of information */
647 /* consume the current tlv and move to next*/
648 skb_pull(skb, tlv->len + sizeof(*tlv));
653 EXPORT_SYMBOL_GPL(btintel_parse_version_tlv);
655 static int btintel_read_version_tlv(struct hci_dev *hdev,
656 struct intel_version_tlv *version)
659 const u8 param[1] = { 0xFF };
664 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
666 bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
672 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
678 btintel_parse_version_tlv(hdev, version, skb);
684 /* ------- REGMAP IBT SUPPORT ------- */
686 #define IBT_REG_MODE_8BIT 0x00
687 #define IBT_REG_MODE_16BIT 0x01
688 #define IBT_REG_MODE_32BIT 0x02
690 struct regmap_ibt_context {
691 struct hci_dev *hdev;
696 struct ibt_cp_reg_access {
703 struct ibt_rp_reg_access {
709 static int regmap_ibt_read(void *context, const void *addr, size_t reg_size,
710 void *val, size_t val_size)
712 struct regmap_ibt_context *ctx = context;
713 struct ibt_cp_reg_access cp;
714 struct ibt_rp_reg_access *rp;
718 if (reg_size != sizeof(__le32))
723 cp.mode = IBT_REG_MODE_8BIT;
726 cp.mode = IBT_REG_MODE_16BIT;
729 cp.mode = IBT_REG_MODE_32BIT;
735 /* regmap provides a little-endian formatted addr */
736 cp.addr = *(__le32 *)addr;
739 bt_dev_dbg(ctx->hdev, "Register (0x%x) read", le32_to_cpu(cp.addr));
741 skb = hci_cmd_sync(ctx->hdev, ctx->op_read, sizeof(cp), &cp,
745 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error (%d)",
746 le32_to_cpu(cp.addr), err);
750 if (skb->len != sizeof(*rp) + val_size) {
751 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad len",
752 le32_to_cpu(cp.addr));
757 rp = (struct ibt_rp_reg_access *)skb->data;
759 if (rp->addr != cp.addr) {
760 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) read error, bad addr",
761 le32_to_cpu(rp->addr));
766 memcpy(val, rp->data, val_size);
773 static int regmap_ibt_gather_write(void *context,
774 const void *addr, size_t reg_size,
775 const void *val, size_t val_size)
777 struct regmap_ibt_context *ctx = context;
778 struct ibt_cp_reg_access *cp;
780 int plen = sizeof(*cp) + val_size;
784 if (reg_size != sizeof(__le32))
789 mode = IBT_REG_MODE_8BIT;
792 mode = IBT_REG_MODE_16BIT;
795 mode = IBT_REG_MODE_32BIT;
801 cp = kmalloc(plen, GFP_KERNEL);
805 /* regmap provides a little-endian formatted addr/value */
806 cp->addr = *(__le32 *)addr;
809 memcpy(&cp->data, val, val_size);
811 bt_dev_dbg(ctx->hdev, "Register (0x%x) write", le32_to_cpu(cp->addr));
813 skb = hci_cmd_sync(ctx->hdev, ctx->op_write, plen, cp, HCI_CMD_TIMEOUT);
816 bt_dev_err(ctx->hdev, "regmap: Register (0x%x) write error (%d)",
817 le32_to_cpu(cp->addr), err);
827 static int regmap_ibt_write(void *context, const void *data, size_t count)
829 /* data contains register+value, since we only support 32bit addr,
830 * minimum data size is 4 bytes.
832 if (WARN_ONCE(count < 4, "Invalid register access"))
835 return regmap_ibt_gather_write(context, data, 4, data + 4, count - 4);
838 static void regmap_ibt_free_context(void *context)
843 static const struct regmap_bus regmap_ibt = {
844 .read = regmap_ibt_read,
845 .write = regmap_ibt_write,
846 .gather_write = regmap_ibt_gather_write,
847 .free_context = regmap_ibt_free_context,
848 .reg_format_endian_default = REGMAP_ENDIAN_LITTLE,
849 .val_format_endian_default = REGMAP_ENDIAN_LITTLE,
852 /* Config is the same for all register regions */
853 static const struct regmap_config regmap_ibt_cfg = {
854 .name = "btintel_regmap",
859 struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
862 struct regmap_ibt_context *ctx;
864 bt_dev_info(hdev, "regmap: Init R%x-W%x region", opcode_read,
867 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
869 return ERR_PTR(-ENOMEM);
871 ctx->op_read = opcode_read;
872 ctx->op_write = opcode_write;
875 return regmap_init(&hdev->dev, ®map_ibt, ctx, ®map_ibt_cfg);
877 EXPORT_SYMBOL_GPL(btintel_regmap_init);
879 int btintel_send_intel_reset(struct hci_dev *hdev, u32 boot_param)
881 struct intel_reset params = { 0x00, 0x01, 0x00, 0x01, 0x00000000 };
884 params.boot_param = cpu_to_le32(boot_param);
886 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params), ¶ms,
889 bt_dev_err(hdev, "Failed to send Intel Reset command");
897 EXPORT_SYMBOL_GPL(btintel_send_intel_reset);
899 int btintel_read_boot_params(struct hci_dev *hdev,
900 struct intel_boot_params *params)
904 skb = __hci_cmd_sync(hdev, 0xfc0d, 0, NULL, HCI_INIT_TIMEOUT);
906 bt_dev_err(hdev, "Reading Intel boot parameters failed (%ld)",
911 if (skb->len != sizeof(*params)) {
912 bt_dev_err(hdev, "Intel boot parameters size mismatch");
917 memcpy(params, skb->data, sizeof(*params));
921 if (params->status) {
922 bt_dev_err(hdev, "Intel boot parameters command failed (%02x)",
924 return -bt_to_errno(params->status);
927 bt_dev_info(hdev, "Device revision is %u",
928 le16_to_cpu(params->dev_revid));
930 bt_dev_info(hdev, "Secure boot is %s",
931 str_enabled_disabled(params->secure_boot));
933 bt_dev_info(hdev, "OTP lock is %s",
934 str_enabled_disabled(params->otp_lock));
936 bt_dev_info(hdev, "API lock is %s",
937 str_enabled_disabled(params->api_lock));
939 bt_dev_info(hdev, "Debug lock is %s",
940 str_enabled_disabled(params->debug_lock));
942 bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
943 params->min_fw_build_nn, params->min_fw_build_cw,
944 2000 + params->min_fw_build_yy);
948 EXPORT_SYMBOL_GPL(btintel_read_boot_params);
950 static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev,
951 const struct firmware *fw)
955 /* Start the firmware download transaction with the Init fragment
956 * represented by the 128 bytes of CSS header.
958 err = btintel_secure_send(hdev, 0x00, 128, fw->data);
960 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
964 /* Send the 256 bytes of public key information from the firmware
965 * as the PKey fragment.
967 err = btintel_secure_send(hdev, 0x03, 256, fw->data + 128);
969 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
973 /* Send the 256 bytes of signature information from the firmware
974 * as the Sign fragment.
976 err = btintel_secure_send(hdev, 0x02, 256, fw->data + 388);
978 bt_dev_err(hdev, "Failed to send firmware signature (%d)", err);
986 static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev,
987 const struct firmware *fw)
991 /* Start the firmware download transaction with the Init fragment
992 * represented by the 128 bytes of CSS header.
994 err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644);
996 bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
1000 /* Send the 96 bytes of public key information from the firmware
1001 * as the PKey fragment.
1003 err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128);
1005 bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
1009 /* Send the 96 bytes of signature information from the firmware
1010 * as the Sign fragment
1012 err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224);
1014 bt_dev_err(hdev, "Failed to send firmware signature (%d)",
1021 static int btintel_download_firmware_payload(struct hci_dev *hdev,
1022 const struct firmware *fw,
1029 fw_ptr = fw->data + offset;
1033 while (fw_ptr - fw->data < fw->size) {
1034 struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
1036 frag_len += sizeof(*cmd) + cmd->plen;
1038 /* The parameter length of the secure send command requires
1039 * a 4 byte alignment. It happens so that the firmware file
1040 * contains proper Intel_NOP commands to align the fragments
1043 * Send set of commands with 4 byte alignment from the
1044 * firmware data buffer as a single Data fragment.
1046 if (!(frag_len % 4)) {
1047 err = btintel_secure_send(hdev, 0x01, frag_len, fw_ptr);
1050 "Failed to send firmware data (%d)",
1064 static bool btintel_firmware_version(struct hci_dev *hdev,
1065 u8 num, u8 ww, u8 yy,
1066 const struct firmware *fw,
1073 while (fw_ptr - fw->data < fw->size) {
1074 struct hci_command_hdr *cmd = (void *)(fw_ptr);
1076 /* Each SKU has a different reset parameter to use in the
1077 * HCI_Intel_Reset command and it is embedded in the firmware
1078 * data. So, instead of using static value per SKU, check
1079 * the firmware data and save it for later use.
1081 if (le16_to_cpu(cmd->opcode) == CMD_WRITE_BOOT_PARAMS) {
1082 struct cmd_write_boot_params *params;
1084 params = (void *)(fw_ptr + sizeof(*cmd));
1086 *boot_addr = le32_to_cpu(params->boot_addr);
1088 bt_dev_info(hdev, "Boot Address: 0x%x", *boot_addr);
1090 bt_dev_info(hdev, "Firmware Version: %u-%u.%u",
1091 params->fw_build_num, params->fw_build_ww,
1092 params->fw_build_yy);
1094 return (num == params->fw_build_num &&
1095 ww == params->fw_build_ww &&
1096 yy == params->fw_build_yy);
1099 fw_ptr += sizeof(*cmd) + cmd->plen;
1105 int btintel_download_firmware(struct hci_dev *hdev,
1106 struct intel_version *ver,
1107 const struct firmware *fw,
1112 /* SfP and WsP don't seem to update the firmware version on file
1113 * so version checking is currently not possible.
1115 switch (ver->hw_variant) {
1116 case 0x0b: /* SfP */
1117 case 0x0c: /* WsP */
1118 /* Skip version checking */
1122 /* Skip download if firmware has the same version */
1123 if (btintel_firmware_version(hdev, ver->fw_build_num,
1124 ver->fw_build_ww, ver->fw_build_yy,
1126 bt_dev_info(hdev, "Firmware already loaded");
1127 /* Return -EALREADY to indicate that the firmware has
1128 * already been loaded.
1134 /* The firmware variant determines if the device is in bootloader
1135 * mode or is running operational firmware. The value 0x06 identifies
1136 * the bootloader and the value 0x23 identifies the operational
1139 * If the firmware version has changed that means it needs to be reset
1140 * to bootloader when operational so the new firmware can be loaded.
1142 if (ver->fw_variant == 0x23)
1145 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1149 return btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1151 EXPORT_SYMBOL_GPL(btintel_download_firmware);
1153 static int btintel_download_fw_tlv(struct hci_dev *hdev,
1154 struct intel_version_tlv *ver,
1155 const struct firmware *fw, u32 *boot_param,
1156 u8 hw_variant, u8 sbe_type)
1161 /* Skip download if firmware has the same version */
1162 if (btintel_firmware_version(hdev, ver->min_fw_build_nn,
1163 ver->min_fw_build_cw,
1164 ver->min_fw_build_yy,
1166 bt_dev_info(hdev, "Firmware already loaded");
1167 /* Return -EALREADY to indicate that firmware has
1168 * already been loaded.
1173 /* The firmware variant determines if the device is in bootloader
1174 * mode or is running operational firmware. The value 0x01 identifies
1175 * the bootloader and the value 0x03 identifies the operational
1178 * If the firmware version has changed that means it needs to be reset
1179 * to bootloader when operational so the new firmware can be loaded.
1181 if (ver->img_type == BTINTEL_IMG_OP)
1184 /* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support
1185 * only RSA secure boot engine. Hence, the corresponding sfi file will
1186 * have RSA header of 644 bytes followed by Command Buffer.
1188 * iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA
1189 * secure boot engine. As a result, the corresponding sfi file will
1190 * have RSA header of 644, ECDSA header of 320 bytes followed by
1193 * CSS Header byte positions 0x08 to 0x0B represent the CSS Header
1194 * version: RSA(0x00010000) , ECDSA (0x00020000)
1196 css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET);
1197 if (css_header_ver != 0x00010000) {
1198 bt_dev_err(hdev, "Invalid CSS Header version");
1202 if (hw_variant <= 0x14) {
1203 if (sbe_type != 0x00) {
1204 bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)",
1209 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1213 err = btintel_download_firmware_payload(hdev, fw, RSA_HEADER_LEN);
1216 } else if (hw_variant >= 0x17) {
1217 /* Check if CSS header for ECDSA follows the RSA header */
1218 if (fw->data[ECDSA_OFFSET] != 0x06)
1221 /* Check if the CSS Header version is ECDSA(0x00020000) */
1222 css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET);
1223 if (css_header_ver != 0x00020000) {
1224 bt_dev_err(hdev, "Invalid CSS Header version");
1228 if (sbe_type == 0x00) {
1229 err = btintel_sfi_rsa_header_secure_send(hdev, fw);
1233 err = btintel_download_firmware_payload(hdev, fw,
1234 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1237 } else if (sbe_type == 0x01) {
1238 err = btintel_sfi_ecdsa_header_secure_send(hdev, fw);
1242 err = btintel_download_firmware_payload(hdev, fw,
1243 RSA_HEADER_LEN + ECDSA_HEADER_LEN);
1251 static void btintel_reset_to_bootloader(struct hci_dev *hdev)
1253 struct intel_reset params;
1254 struct sk_buff *skb;
1256 /* PCIe transport uses shared hardware reset mechanism for recovery
1257 * which gets triggered in pcie *setup* function on error.
1259 if (hdev->bus == HCI_PCI)
1262 /* Send Intel Reset command. This will result in
1263 * re-enumeration of BT controller.
1265 * Intel Reset parameter description:
1266 * reset_type : 0x00 (Soft reset),
1268 * patch_enable : 0x00 (Do not enable),
1270 * ddc_reload : 0x00 (Do not reload),
1272 * boot_option: 0x00 (Current image),
1273 * 0x01 (Specified boot address)
1274 * boot_param: Boot address
1278 params.reset_type = 0x01;
1279 params.patch_enable = 0x01;
1280 params.ddc_reload = 0x01;
1281 params.boot_option = 0x00;
1282 params.boot_param = cpu_to_le32(0x00000000);
1284 skb = __hci_cmd_sync(hdev, 0xfc01, sizeof(params),
1285 ¶ms, HCI_INIT_TIMEOUT);
1287 bt_dev_err(hdev, "FW download error recovery failed (%ld)",
1291 bt_dev_info(hdev, "Intel reset sent to retry FW download");
1294 /* Current Intel BT controllers(ThP/JfP) hold the USB reset
1295 * lines for 2ms when it receives Intel Reset in bootloader mode.
1296 * Whereas, the upcoming Intel BT controllers will hold USB reset
1297 * for 150ms. To keep the delay generic, 150ms is chosen here.
1302 static int btintel_read_debug_features(struct hci_dev *hdev,
1303 struct intel_debug_features *features)
1305 struct sk_buff *skb;
1308 /* Intel controller supports two pages, each page is of 128-bit
1309 * feature bit mask. And each bit defines specific feature support
1311 skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no,
1314 bt_dev_err(hdev, "Reading supported features failed (%ld)",
1316 return PTR_ERR(skb);
1319 if (skb->len != (sizeof(features->page1) + 3)) {
1320 bt_dev_err(hdev, "Supported features event size mismatch");
1325 memcpy(features->page1, skb->data + 3, sizeof(features->page1));
1327 /* Read the supported features page2 if required in future.
1333 static int btintel_set_debug_features(struct hci_dev *hdev,
1334 const struct intel_debug_features *features)
1336 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x7f, 0x00, 0x00, 0x00, 0x00,
1338 u8 period[5] = { 0x04, 0x91, 0x02, 0x05, 0x00 };
1339 u8 trace_enable = 0x02;
1340 struct sk_buff *skb;
1343 bt_dev_warn(hdev, "Debug features not read");
1347 if (!(features->page1[0] & 0x3f)) {
1348 bt_dev_info(hdev, "Telemetry exception format not supported");
1352 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1354 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1356 return PTR_ERR(skb);
1360 skb = __hci_cmd_sync(hdev, 0xfc8b, 5, period, HCI_INIT_TIMEOUT);
1362 bt_dev_err(hdev, "Setting periodicity for link statistics traces failed (%ld)",
1364 return PTR_ERR(skb);
1368 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1370 bt_dev_err(hdev, "Enable tracing of link statistics events failed (%ld)",
1372 return PTR_ERR(skb);
1376 bt_dev_info(hdev, "set debug features: trace_enable 0x%02x mask 0x%02x",
1377 trace_enable, mask[3]);
1382 static int btintel_reset_debug_features(struct hci_dev *hdev,
1383 const struct intel_debug_features *features)
1385 u8 mask[11] = { 0x0a, 0x92, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
1387 u8 trace_enable = 0x00;
1388 struct sk_buff *skb;
1391 bt_dev_warn(hdev, "Debug features not read");
1395 if (!(features->page1[0] & 0x3f)) {
1396 bt_dev_info(hdev, "Telemetry exception format not supported");
1400 /* Should stop the trace before writing ddc event mask. */
1401 skb = __hci_cmd_sync(hdev, 0xfca1, 1, &trace_enable, HCI_INIT_TIMEOUT);
1403 bt_dev_err(hdev, "Stop tracing of link statistics events failed (%ld)",
1405 return PTR_ERR(skb);
1409 skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT);
1411 bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)",
1413 return PTR_ERR(skb);
1417 bt_dev_info(hdev, "reset debug features: trace_enable 0x%02x mask 0x%02x",
1418 trace_enable, mask[3]);
1423 int btintel_set_quality_report(struct hci_dev *hdev, bool enable)
1425 struct intel_debug_features features;
1428 bt_dev_dbg(hdev, "enable %d", enable);
1430 /* Read the Intel supported features and if new exception formats
1431 * supported, need to load the additional DDC config to enable.
1433 err = btintel_read_debug_features(hdev, &features);
1437 /* Set or reset the debug features. */
1439 err = btintel_set_debug_features(hdev, &features);
1441 err = btintel_reset_debug_features(hdev, &features);
1445 EXPORT_SYMBOL_GPL(btintel_set_quality_report);
1447 static void btintel_coredump(struct hci_dev *hdev)
1449 struct sk_buff *skb;
1451 skb = __hci_cmd_sync(hdev, 0xfc4e, 0, NULL, HCI_CMD_TIMEOUT);
1453 bt_dev_err(hdev, "Coredump failed (%ld)", PTR_ERR(skb));
1460 static void btintel_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
1464 snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
1465 coredump_info.hw_variant);
1466 skb_put_data(skb, buf, strlen(buf));
1468 snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
1469 coredump_info.fw_build_num);
1470 skb_put_data(skb, buf, strlen(buf));
1472 snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info.driver_name);
1473 skb_put_data(skb, buf, strlen(buf));
1475 snprintf(buf, sizeof(buf), "Vendor: Intel\n");
1476 skb_put_data(skb, buf, strlen(buf));
1479 static int btintel_register_devcoredump_support(struct hci_dev *hdev)
1481 struct intel_debug_features features;
1484 err = btintel_read_debug_features(hdev, &features);
1486 bt_dev_info(hdev, "Error reading debug features");
1490 if (!(features.page1[0] & 0x3f)) {
1491 bt_dev_dbg(hdev, "Telemetry exception format not supported");
1495 hci_devcd_register(hdev, btintel_coredump, btintel_dmp_hdr, NULL);
1500 static const struct firmware *btintel_legacy_rom_get_fw(struct hci_dev *hdev,
1501 struct intel_version *ver)
1503 const struct firmware *fw;
1507 snprintf(fwname, sizeof(fwname),
1508 "intel/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
1509 ver->hw_platform, ver->hw_variant, ver->hw_revision,
1510 ver->fw_variant, ver->fw_revision, ver->fw_build_num,
1511 ver->fw_build_ww, ver->fw_build_yy);
1513 ret = request_firmware(&fw, fwname, &hdev->dev);
1515 if (ret == -EINVAL) {
1516 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1521 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1524 /* If the correct firmware patch file is not found, use the
1525 * default firmware patch file instead
1527 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1528 ver->hw_platform, ver->hw_variant);
1529 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1530 bt_dev_err(hdev, "failed to open default fw file: %s",
1536 bt_dev_info(hdev, "Intel Bluetooth firmware file: %s", fwname);
1541 static int btintel_legacy_rom_patching(struct hci_dev *hdev,
1542 const struct firmware *fw,
1543 const u8 **fw_ptr, int *disable_patch)
1545 struct sk_buff *skb;
1546 struct hci_command_hdr *cmd;
1547 const u8 *cmd_param;
1548 struct hci_event_hdr *evt = NULL;
1549 const u8 *evt_param = NULL;
1550 int remain = fw->size - (*fw_ptr - fw->data);
1552 /* The first byte indicates the types of the patch command or event.
1553 * 0x01 means HCI command and 0x02 is HCI event. If the first bytes
1554 * in the current firmware buffer doesn't start with 0x01 or
1555 * the size of remain buffer is smaller than HCI command header,
1556 * the firmware file is corrupted and it should stop the patching
1559 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1560 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1566 cmd = (struct hci_command_hdr *)(*fw_ptr);
1567 *fw_ptr += sizeof(*cmd);
1568 remain -= sizeof(*cmd);
1570 /* Ensure that the remain firmware data is long enough than the length
1571 * of command parameter. If not, the firmware file is corrupted.
1573 if (remain < cmd->plen) {
1574 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
1578 /* If there is a command that loads a patch in the firmware
1579 * file, then enable the patch upon success, otherwise just
1580 * disable the manufacturer mode, for example patch activation
1581 * is not required when the default firmware patch file is used
1582 * because there are no patch data to load.
1584 if (*disable_patch && le16_to_cpu(cmd->opcode) == 0xfc8e)
1587 cmd_param = *fw_ptr;
1588 *fw_ptr += cmd->plen;
1589 remain -= cmd->plen;
1591 /* This reads the expected events when the above command is sent to the
1592 * device. Some vendor commands expects more than one events, for
1593 * example command status event followed by vendor specific event.
1594 * For this case, it only keeps the last expected event. so the command
1595 * can be sent with __hci_cmd_sync_ev() which returns the sk_buff of
1596 * last expected event.
1598 while (remain > HCI_EVENT_HDR_SIZE && *fw_ptr[0] == 0x02) {
1602 evt = (struct hci_event_hdr *)(*fw_ptr);
1603 *fw_ptr += sizeof(*evt);
1604 remain -= sizeof(*evt);
1606 if (remain < evt->plen) {
1607 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
1611 evt_param = *fw_ptr;
1612 *fw_ptr += evt->plen;
1613 remain -= evt->plen;
1616 /* Every HCI commands in the firmware file has its correspond event.
1617 * If event is not found or remain is smaller than zero, the firmware
1618 * file is corrupted.
1620 if (!evt || !evt_param || remain < 0) {
1621 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
1625 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1626 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1628 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
1629 cmd->opcode, PTR_ERR(skb));
1630 return PTR_ERR(skb);
1633 /* It ensures that the returned event matches the event data read from
1634 * the firmware file. At fist, it checks the length and then
1635 * the contents of the event.
1637 if (skb->len != evt->plen) {
1638 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
1639 le16_to_cpu(cmd->opcode));
1644 if (memcmp(skb->data, evt_param, evt->plen)) {
1645 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
1646 le16_to_cpu(cmd->opcode));
1655 static int btintel_legacy_rom_setup(struct hci_dev *hdev,
1656 struct intel_version *ver)
1658 const struct firmware *fw;
1660 int disable_patch, err;
1661 struct intel_version new_ver;
1663 BT_DBG("%s", hdev->name);
1665 /* fw_patch_num indicates the version of patch the device currently
1666 * have. If there is no patch data in the device, it is always 0x00.
1667 * So, if it is other than 0x00, no need to patch the device again.
1669 if (ver->fw_patch_num) {
1671 "Intel device is already patched. patch num: %02x",
1676 /* Opens the firmware patch file based on the firmware version read
1677 * from the controller. If it fails to open the matching firmware
1678 * patch file, it tries to open the default firmware patch file.
1679 * If no patch file is found, allow the device to operate without
1682 fw = btintel_legacy_rom_get_fw(hdev, ver);
1687 /* Enable the manufacturer mode of the controller.
1688 * Only while this mode is enabled, the driver can download the
1689 * firmware patch data and configuration parameters.
1691 err = btintel_enter_mfg(hdev);
1693 release_firmware(fw);
1699 /* The firmware data file consists of list of Intel specific HCI
1700 * commands and its expected events. The first byte indicates the
1701 * type of the message, either HCI command or HCI event.
1703 * It reads the command and its expected event from the firmware file,
1704 * and send to the controller. Once __hci_cmd_sync_ev() returns,
1705 * the returned event is compared with the event read from the firmware
1706 * file and it will continue until all the messages are downloaded to
1709 * Once the firmware patching is completed successfully,
1710 * the manufacturer mode is disabled with reset and activating the
1713 * If the firmware patching fails, the manufacturer mode is
1714 * disabled with reset and deactivating the patch.
1716 * If the default patch file is used, no reset is done when disabling
1719 while (fw->size > fw_ptr - fw->data) {
1722 ret = btintel_legacy_rom_patching(hdev, fw, &fw_ptr,
1725 goto exit_mfg_deactivate;
1728 release_firmware(fw);
1731 goto exit_mfg_disable;
1733 /* Patching completed successfully and disable the manufacturer mode
1734 * with reset and activate the downloaded firmware patches.
1736 err = btintel_exit_mfg(hdev, true, true);
1740 /* Need build number for downloaded fw patches in
1741 * every power-on boot
1743 err = btintel_read_version(hdev, &new_ver);
1747 bt_dev_info(hdev, "Intel BT fw patch 0x%02x completed & activated",
1748 new_ver.fw_patch_num);
1753 /* Disable the manufacturer mode without reset */
1754 err = btintel_exit_mfg(hdev, false, false);
1758 bt_dev_info(hdev, "Intel firmware patch completed");
1762 exit_mfg_deactivate:
1763 release_firmware(fw);
1765 /* Patching failed. Disable the manufacturer mode with reset and
1766 * deactivate the downloaded firmware patches.
1768 err = btintel_exit_mfg(hdev, true, false);
1772 bt_dev_info(hdev, "Intel firmware patch completed and deactivated");
1775 /* Set the event mask for Intel specific vendor events. This enables
1776 * a few extra events that are useful during general operation.
1778 btintel_set_event_mask_mfg(hdev, false);
1780 btintel_check_bdaddr(hdev);
1785 static int btintel_download_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1787 ktime_t delta, rettime;
1788 unsigned long long duration;
1791 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
1793 bt_dev_info(hdev, "Waiting for firmware download to complete");
1795 err = btintel_wait_on_flag_timeout(hdev, INTEL_DOWNLOADING,
1797 msecs_to_jiffies(msec));
1798 if (err == -EINTR) {
1799 bt_dev_err(hdev, "Firmware loading interrupted");
1804 bt_dev_err(hdev, "Firmware loading timeout");
1808 if (btintel_test_flag(hdev, INTEL_FIRMWARE_FAILED)) {
1809 bt_dev_err(hdev, "Firmware loading failed");
1813 rettime = ktime_get();
1814 delta = ktime_sub(rettime, calltime);
1815 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1817 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration);
1822 static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
1824 ktime_t delta, rettime;
1825 unsigned long long duration;
1828 bt_dev_info(hdev, "Waiting for device to boot");
1830 err = btintel_wait_on_flag_timeout(hdev, INTEL_BOOTING,
1832 msecs_to_jiffies(msec));
1833 if (err == -EINTR) {
1834 bt_dev_err(hdev, "Device boot interrupted");
1839 bt_dev_err(hdev, "Device boot timeout");
1843 rettime = ktime_get();
1844 delta = ktime_sub(rettime, calltime);
1845 duration = (unsigned long long) ktime_to_ns(delta) >> 10;
1847 bt_dev_info(hdev, "Device booted in %llu usecs", duration);
1852 static int btintel_boot_wait_d0(struct hci_dev *hdev, ktime_t calltime,
1855 ktime_t delta, rettime;
1856 unsigned long long duration;
1859 bt_dev_info(hdev, "Waiting for device transition to d0");
1861 err = btintel_wait_on_flag_timeout(hdev, INTEL_WAIT_FOR_D0,
1863 msecs_to_jiffies(msec));
1864 if (err == -EINTR) {
1865 bt_dev_err(hdev, "Device d0 move interrupted");
1870 bt_dev_err(hdev, "Device d0 move timeout");
1874 rettime = ktime_get();
1875 delta = ktime_sub(rettime, calltime);
1876 duration = (unsigned long long)ktime_to_ns(delta) >> 10;
1878 bt_dev_info(hdev, "Device moved to D0 in %llu usecs", duration);
1883 static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
1888 calltime = ktime_get();
1890 btintel_set_flag(hdev, INTEL_BOOTING);
1891 btintel_set_flag(hdev, INTEL_WAIT_FOR_D0);
1893 err = btintel_send_intel_reset(hdev, boot_addr);
1895 bt_dev_err(hdev, "Intel Soft Reset failed (%d)", err);
1896 btintel_reset_to_bootloader(hdev);
1900 /* The bootloader will not indicate when the device is ready. This
1901 * is done by the operational firmware sending bootup notification.
1903 * Booting into operational firmware should not take longer than
1904 * 5 second. However if that happens, then just fail the setup
1905 * since something went wrong.
1907 err = btintel_boot_wait(hdev, calltime, 5000);
1908 if (err == -ETIMEDOUT) {
1909 btintel_reset_to_bootloader(hdev);
1913 if (hdev->bus == HCI_PCI) {
1914 /* In case of PCIe, after receiving bootup event, driver performs
1915 * D0 entry by writing 0 to sleep control register (check
1916 * btintel_pcie_recv_event())
1917 * Firmware acks with alive interrupt indicating host is full ready to
1918 * perform BT operation. Lets wait here till INTEL_WAIT_FOR_D0
1921 calltime = ktime_get();
1922 err = btintel_boot_wait_d0(hdev, calltime, 2000);
1929 static int btintel_get_fw_name(struct intel_version *ver,
1930 struct intel_boot_params *params,
1931 char *fw_name, size_t len,
1934 switch (ver->hw_variant) {
1935 case 0x0b: /* SfP */
1936 case 0x0c: /* WsP */
1937 snprintf(fw_name, len, "intel/ibt-%u-%u.%s",
1939 le16_to_cpu(params->dev_revid),
1942 case 0x11: /* JfP */
1943 case 0x12: /* ThP */
1944 case 0x13: /* HrP */
1945 case 0x14: /* CcP */
1946 snprintf(fw_name, len, "intel/ibt-%u-%u-%u.%s",
1959 static int btintel_download_fw(struct hci_dev *hdev,
1960 struct intel_version *ver,
1961 struct intel_boot_params *params,
1964 const struct firmware *fw;
1969 if (!ver || !params)
1972 /* The firmware variant determines if the device is in bootloader
1973 * mode or is running operational firmware. The value 0x06 identifies
1974 * the bootloader and the value 0x23 identifies the operational
1977 * When the operational firmware is already present, then only
1978 * the check for valid Bluetooth device address is needed. This
1979 * determines if the device will be added as configured or
1980 * unconfigured controller.
1982 * It is not possible to use the Secure Boot Parameters in this
1983 * case since that command is only available in bootloader mode.
1985 if (ver->fw_variant == 0x23) {
1986 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
1987 btintel_check_bdaddr(hdev);
1989 /* SfP and WsP don't seem to update the firmware version on file
1990 * so version checking is currently possible.
1992 switch (ver->hw_variant) {
1993 case 0x0b: /* SfP */
1994 case 0x0c: /* WsP */
1998 /* Proceed to download to check if the version matches */
2002 /* Read the secure boot parameters to identify the operating
2003 * details of the bootloader.
2005 err = btintel_read_boot_params(hdev, params);
2009 /* It is required that every single firmware fragment is acknowledged
2010 * with a command complete event. If the boot parameters indicate
2011 * that this bootloader does not send them, then abort the setup.
2013 if (params->limited_cce != 0x00) {
2014 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
2015 params->limited_cce);
2019 /* If the OTP has no valid Bluetooth device address, then there will
2020 * also be no valid address for the operational firmware.
2022 if (!bacmp(¶ms->otp_bdaddr, BDADDR_ANY)) {
2023 bt_dev_info(hdev, "No device address configured");
2024 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2028 /* With this Intel bootloader only the hardware variant and device
2029 * revision information are used to select the right firmware for SfP
2032 * The firmware filename is ibt-<hw_variant>-<dev_revid>.sfi.
2034 * Currently the supported hardware variants are:
2035 * 11 (0x0b) for iBT3.0 (LnP/SfP)
2036 * 12 (0x0c) for iBT3.5 (WsP)
2038 * For ThP/JfP and for future SKU's, the FW name varies based on HW
2039 * variant, HW revision and FW revision, as these are dependent on CNVi
2040 * and RF Combination.
2042 * 17 (0x11) for iBT3.5 (JfP)
2043 * 18 (0x12) for iBT3.5 (ThP)
2045 * The firmware file name for these will be
2046 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi.
2049 err = btintel_get_fw_name(ver, params, fwname, sizeof(fwname), "sfi");
2051 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2052 /* Firmware has already been loaded */
2053 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2057 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2061 err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
2063 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2064 /* Firmware has already been loaded */
2065 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2069 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
2074 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2076 if (fw->size < 644) {
2077 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2083 calltime = ktime_get();
2085 btintel_set_flag(hdev, INTEL_DOWNLOADING);
2087 /* Start firmware downloading and get boot parameter */
2088 err = btintel_download_firmware(hdev, ver, fw, boot_param);
2090 if (err == -EALREADY) {
2091 /* Firmware has already been loaded */
2092 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2097 /* When FW download fails, send Intel Reset to retry
2100 btintel_reset_to_bootloader(hdev);
2104 /* Before switching the device into operational mode and with that
2105 * booting the loaded firmware, wait for the bootloader notification
2106 * that all fragments have been successfully received.
2108 * When the event processing receives the notification, then the
2109 * INTEL_DOWNLOADING flag will be cleared.
2111 * The firmware loading should not take longer than 5 seconds
2112 * and thus just timeout if that happens and fail the setup
2115 err = btintel_download_wait(hdev, calltime, 5000);
2116 if (err == -ETIMEDOUT)
2117 btintel_reset_to_bootloader(hdev);
2120 release_firmware(fw);
2124 static int btintel_bootloader_setup(struct hci_dev *hdev,
2125 struct intel_version *ver)
2127 struct intel_version new_ver;
2128 struct intel_boot_params params;
2133 BT_DBG("%s", hdev->name);
2135 /* Set the default boot parameter to 0x0 and it is updated to
2136 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2137 * command while downloading the firmware.
2139 boot_param = 0x00000000;
2141 btintel_set_flag(hdev, INTEL_BOOTLOADER);
2143 err = btintel_download_fw(hdev, ver, ¶ms, &boot_param);
2147 /* controller is already having an operational firmware */
2148 if (ver->fw_variant == 0x23)
2151 err = btintel_boot(hdev, boot_param);
2155 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2157 err = btintel_get_fw_name(ver, ¶ms, ddcname,
2158 sizeof(ddcname), "ddc");
2161 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2163 /* Once the device is running in operational mode, it needs to
2164 * apply the device configuration (DDC) parameters.
2166 * The device can work without DDC parameters, so even if it
2167 * fails to load the file, no need to fail the setup.
2169 btintel_load_ddc_config(hdev, ddcname);
2172 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2174 /* Read the Intel version information after loading the FW */
2175 err = btintel_read_version(hdev, &new_ver);
2179 btintel_version_info(hdev, &new_ver);
2182 /* Set the event mask for Intel specific vendor events. This enables
2183 * a few extra events that are useful during general operation. It
2184 * does not enable any debugging related events.
2186 * The device will function correctly without these events enabled
2187 * and thus no need to fail the setup.
2189 btintel_set_event_mask(hdev, false);
2194 static void btintel_get_fw_name_tlv(const struct intel_version_tlv *ver,
2195 char *fw_name, size_t len,
2201 cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
2202 INTEL_CNVX_TOP_STEP(ver->cnvi_top));
2204 cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
2205 INTEL_CNVX_TOP_STEP(ver->cnvr_top));
2207 /* Only Blazar product supports downloading of intermediate loader
2210 if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e) {
2211 u8 zero[BTINTEL_FWID_MAXLEN];
2213 if (ver->img_type == BTINTEL_IMG_BOOTLOADER) {
2214 format = "intel/ibt-%04x-%04x-iml.%s";
2215 snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2219 memset(zero, 0, sizeof(zero));
2221 /* ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step-fw_id> */
2222 if (memcmp(ver->fw_id, zero, sizeof(zero))) {
2223 format = "intel/ibt-%04x-%04x-%s.%s";
2224 snprintf(fw_name, len, format, cnvi, cnvr,
2225 ver->fw_id, suffix);
2228 /* If firmware id is not present, fallback to legacy naming
2232 /* Fallback to legacy naming convention for other controllers
2233 * ibt-<cnvi_top type+cnvi_top step>-<cnvr_top type+cnvr_top step>
2235 format = "intel/ibt-%04x-%04x.%s";
2236 snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2239 static void btintel_get_iml_tlv(const struct intel_version_tlv *ver,
2240 char *fw_name, size_t len,
2246 cnvi = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvi_top),
2247 INTEL_CNVX_TOP_STEP(ver->cnvi_top));
2249 cnvr = INTEL_CNVX_TOP_PACK_SWAB(INTEL_CNVX_TOP_TYPE(ver->cnvr_top),
2250 INTEL_CNVX_TOP_STEP(ver->cnvr_top));
2252 format = "intel/ibt-%04x-%04x-iml.%s";
2253 snprintf(fw_name, len, format, cnvi, cnvr, suffix);
2256 static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
2257 struct intel_version_tlv *ver,
2260 const struct firmware *fw;
2265 if (!ver || !boot_param)
2268 /* The firmware variant determines if the device is in bootloader
2269 * mode or is running operational firmware. The value 0x03 identifies
2270 * the bootloader and the value 0x23 identifies the operational
2273 * When the operational firmware is already present, then only
2274 * the check for valid Bluetooth device address is needed. This
2275 * determines if the device will be added as configured or
2276 * unconfigured controller.
2278 * It is not possible to use the Secure Boot Parameters in this
2279 * case since that command is only available in bootloader mode.
2281 if (ver->img_type == BTINTEL_IMG_OP) {
2282 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2283 btintel_check_bdaddr(hdev);
2286 * Check for valid bd address in boot loader mode. Device
2287 * will be marked as unconfigured if empty bd address is
2290 if (!bacmp(&ver->otp_bd_addr, BDADDR_ANY)) {
2291 bt_dev_info(hdev, "No device address configured");
2292 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks);
2296 if (ver->img_type == BTINTEL_IMG_OP) {
2297 /* Controller running OP image. In case of FW downgrade,
2298 * FWID TLV may not be present and driver may attempt to load
2299 * firmware image which doesn't exist. Lets compare the version
2302 if (INTEL_HW_VARIANT(ver->cnvi_bt) >= 0x1e)
2303 btintel_get_iml_tlv(ver, fwname, sizeof(fwname), "sfi");
2305 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
2307 btintel_get_fw_name_tlv(ver, fwname, sizeof(fwname), "sfi");
2310 err = firmware_request_nowarn(&fw, fwname, &hdev->dev);
2312 if (!btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2313 /* Firmware has already been loaded */
2314 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2318 bt_dev_err(hdev, "Failed to load Intel firmware file %s (%d)",
2324 bt_dev_info(hdev, "Found device firmware: %s", fwname);
2326 if (fw->size < 644) {
2327 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2333 calltime = ktime_get();
2335 btintel_set_flag(hdev, INTEL_DOWNLOADING);
2337 /* Start firmware downloading and get boot parameter */
2338 err = btintel_download_fw_tlv(hdev, ver, fw, boot_param,
2339 INTEL_HW_VARIANT(ver->cnvi_bt),
2342 if (err == -EALREADY) {
2343 /* Firmware has already been loaded */
2344 btintel_set_flag(hdev, INTEL_FIRMWARE_LOADED);
2349 /* When FW download fails, send Intel Reset to retry
2352 btintel_reset_to_bootloader(hdev);
2356 /* Before switching the device into operational mode and with that
2357 * booting the loaded firmware, wait for the bootloader notification
2358 * that all fragments have been successfully received.
2360 * When the event processing receives the notification, then the
2361 * BTUSB_DOWNLOADING flag will be cleared.
2363 * The firmware loading should not take longer than 5 seconds
2364 * and thus just timeout if that happens and fail the setup
2367 err = btintel_download_wait(hdev, calltime, 5000);
2368 if (err == -ETIMEDOUT)
2369 btintel_reset_to_bootloader(hdev);
2372 release_firmware(fw);
2376 static int btintel_get_codec_config_data(struct hci_dev *hdev,
2377 __u8 link, struct bt_codec *codec,
2378 __u8 *ven_len, __u8 **ven_data)
2382 if (!ven_data || !ven_len)
2388 if (link != ESCO_LINK) {
2389 bt_dev_err(hdev, "Invalid link type(%u)", link);
2393 *ven_data = kmalloc(sizeof(__u8), GFP_KERNEL);
2399 /* supports only CVSD and mSBC offload codecs */
2400 switch (codec->id) {
2409 bt_dev_err(hdev, "Invalid codec id(%u)", codec->id);
2412 /* codec and its capabilities are pre-defined to ids
2413 * preset id = 0x00 represents CVSD codec with sampling rate 8K
2414 * preset id = 0x01 represents mSBC codec with sampling rate 16K
2416 *ven_len = sizeof(__u8);
2425 static int btintel_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
2427 /* Intel uses 1 as data path id for all the usecases */
2432 static int btintel_configure_offload(struct hci_dev *hdev)
2434 struct sk_buff *skb;
2436 struct intel_offload_use_cases *use_cases;
2438 skb = __hci_cmd_sync(hdev, 0xfc86, 0, NULL, HCI_INIT_TIMEOUT);
2440 bt_dev_err(hdev, "Reading offload use cases failed (%ld)",
2442 return PTR_ERR(skb);
2445 if (skb->len < sizeof(*use_cases)) {
2450 use_cases = (void *)skb->data;
2452 if (use_cases->status) {
2453 err = -bt_to_errno(skb->data[0]);
2457 if (use_cases->preset[0] & 0x03) {
2458 hdev->get_data_path_id = btintel_get_data_path_id;
2459 hdev->get_codec_config_data = btintel_get_codec_config_data;
2466 static void btintel_set_ppag(struct hci_dev *hdev, struct intel_version_tlv *ver)
2468 struct sk_buff *skb;
2469 struct hci_ppag_enable_cmd ppag_cmd;
2471 struct acpi_buffer buffer = {ACPI_ALLOCATE_BUFFER, NULL};
2472 union acpi_object *p, *elements;
2476 /* PPAG is not supported if CRF is HrP2, Jfp2, JfP1 */
2477 switch (ver->cnvr_top & 0xFFF) {
2478 case 0x504: /* Hrp2 */
2479 case 0x202: /* Jfp2 */
2480 case 0x201: /* Jfp1 */
2481 bt_dev_dbg(hdev, "PPAG not supported for Intel CNVr (0x%3x)",
2482 ver->cnvr_top & 0xFFF);
2486 handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2488 bt_dev_info(hdev, "No support for BT device in ACPI firmware");
2492 status = acpi_evaluate_object(handle, "PPAG", NULL, &buffer);
2493 if (ACPI_FAILURE(status)) {
2494 if (status == AE_NOT_FOUND) {
2495 bt_dev_dbg(hdev, "PPAG-BT: ACPI entry not found");
2498 bt_dev_warn(hdev, "PPAG-BT: ACPI Failure: %s", acpi_format_exception(status));
2503 if (p->type != ACPI_TYPE_PACKAGE || p->package.count != 2) {
2504 bt_dev_warn(hdev, "PPAG-BT: Invalid object type: %d or package count: %d",
2505 p->type, p->package.count);
2506 kfree(buffer.pointer);
2510 elements = p->package.elements;
2512 /* PPAG table is located at element[1] */
2515 domain = (u32)p->package.elements[0].integer.value;
2516 mode = (u32)p->package.elements[1].integer.value;
2517 kfree(buffer.pointer);
2519 if (domain != 0x12) {
2520 bt_dev_dbg(hdev, "PPAG-BT: Bluetooth domain is disabled in ACPI firmware");
2525 * BIT 0 : 0 Disabled in EU
2527 * BIT 1 : 0 Disabled in China
2528 * 1 Enabled in China
2533 bt_dev_dbg(hdev, "PPAG-BT: EU, China mode are disabled in BIOS");
2537 ppag_cmd.ppag_enable_flags = cpu_to_le32(mode);
2539 skb = __hci_cmd_sync(hdev, INTEL_OP_PPAG_CMD, sizeof(ppag_cmd),
2540 &ppag_cmd, HCI_CMD_TIMEOUT);
2542 bt_dev_warn(hdev, "Failed to send PPAG Enable (%ld)", PTR_ERR(skb));
2545 bt_dev_info(hdev, "PPAG-BT: Enabled (Mode %d)", mode);
2549 static int btintel_acpi_reset_method(struct hci_dev *hdev)
2553 union acpi_object *p, *ref;
2554 struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
2556 status = acpi_evaluate_object(ACPI_HANDLE(GET_HCIDEV_DEV(hdev)), "_PRR", NULL, &buffer);
2557 if (ACPI_FAILURE(status)) {
2558 bt_dev_err(hdev, "Failed to run _PRR method");
2564 if (p->package.count != 1 || p->type != ACPI_TYPE_PACKAGE) {
2565 bt_dev_err(hdev, "Invalid arguments");
2570 ref = &p->package.elements[0];
2571 if (ref->type != ACPI_TYPE_LOCAL_REFERENCE) {
2572 bt_dev_err(hdev, "Invalid object type: 0x%x", ref->type);
2577 status = acpi_evaluate_object(ref->reference.handle, "_RST", NULL, NULL);
2578 if (ACPI_FAILURE(status)) {
2579 bt_dev_err(hdev, "Failed to run_RST method");
2585 kfree(buffer.pointer);
2589 static void btintel_set_dsm_reset_method(struct hci_dev *hdev,
2590 struct intel_version_tlv *ver_tlv)
2592 struct btintel_data *data = hci_get_priv(hdev);
2593 acpi_handle handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2594 u8 reset_payload[4] = {0x01, 0x00, 0x01, 0x00};
2595 union acpi_object *obj, argv4;
2597 RESET_TYPE_WDISABLE2,
2601 handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2604 bt_dev_dbg(hdev, "No support for bluetooth device in ACPI firmware");
2608 if (!acpi_has_method(handle, "_PRR")) {
2609 bt_dev_err(hdev, "No support for _PRR ACPI method");
2613 switch (ver_tlv->cnvi_top & 0xfff) {
2614 case 0x910: /* GalePeak2 */
2615 reset_payload[2] = RESET_TYPE_VSEC;
2618 /* WDISABLE2 is the default reset method */
2619 reset_payload[2] = RESET_TYPE_WDISABLE2;
2621 if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2622 BIT(DSM_SET_WDISABLE2_DELAY))) {
2623 bt_dev_err(hdev, "No dsm support to set reset delay");
2626 argv4.integer.type = ACPI_TYPE_INTEGER;
2627 /* delay required to toggle BT power */
2628 argv4.integer.value = 160;
2629 obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2630 DSM_SET_WDISABLE2_DELAY, &argv4);
2632 bt_dev_err(hdev, "Failed to call dsm to set reset delay");
2638 bt_dev_info(hdev, "DSM reset method type: 0x%02x", reset_payload[2]);
2640 if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2641 DSM_SET_RESET_METHOD)) {
2642 bt_dev_warn(hdev, "No support for dsm to set reset method");
2645 argv4.buffer.type = ACPI_TYPE_BUFFER;
2646 argv4.buffer.length = sizeof(reset_payload);
2647 argv4.buffer.pointer = reset_payload;
2649 obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2650 DSM_SET_RESET_METHOD, &argv4);
2652 bt_dev_err(hdev, "Failed to call dsm to set reset method");
2656 data->acpi_reset_method = btintel_acpi_reset_method;
2659 #define BTINTEL_ISODATA_HANDLE_BASE 0x900
2661 static u8 btintel_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb)
2664 * Distinguish ISO data packets form ACL data packets
2665 * based on their connection handle value range.
2667 if (hci_skb_pkt_type(skb) == HCI_ACLDATA_PKT) {
2668 __u16 handle = __le16_to_cpu(hci_acl_hdr(skb)->handle);
2670 if (hci_handle(handle) >= BTINTEL_ISODATA_HANDLE_BASE)
2671 return HCI_ISODATA_PKT;
2674 return hci_skb_pkt_type(skb);
2678 * UefiCnvCommonDSBR UEFI variable provides information from the OEM platforms
2679 * if they have replaced the BRI (Bluetooth Radio Interface) resistor to
2680 * overcome the potential STEP errors on their designs. Based on the
2681 * configauration, bluetooth firmware shall adjust the BRI response line drive
2682 * strength. The below structure represents DSBR data.
2688 * header - defines revision number of the structure
2689 * dsbr - defines drive strength BRI response
2691 * 0 - instructs bluetooth firmware to use default values
2692 * 1 - instructs bluetooth firmware to override default values
2696 * DSBR override values (only if bit0 is set. Default value is 0xF
2699 * Expected values for dsbr field:
2700 * 1. 0xF1 - indicates that the resistor on board is 33 Ohm
2701 * 2. 0x00 or 0xB1 - indicates that the resistor on board is 10 Ohm
2702 * 3. Non existing UEFI variable or invalid (none of the above) - indicates
2703 * that the resistor on board is 10 Ohm
2704 * Even if uefi variable is not present, driver shall send 0xfc0a command to
2705 * firmware to use default values.
2708 static int btintel_uefi_get_dsbr(u32 *dsbr_var)
2710 struct btintel_dsbr {
2715 efi_status_t status;
2716 unsigned long data_size = 0;
2717 efi_guid_t guid = EFI_GUID(0xe65d8884, 0xd4af, 0x4b20, 0x8d, 0x03,
2718 0x77, 0x2e, 0xcc, 0x3d, 0xa5, 0x31);
2720 if (!IS_ENABLED(CONFIG_EFI))
2723 if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))
2726 status = efi.get_variable(BTINTEL_EFI_DSBR, &guid, NULL, &data_size,
2729 if (status != EFI_BUFFER_TOO_SMALL || !data_size)
2732 status = efi.get_variable(BTINTEL_EFI_DSBR, &guid, NULL, &data_size,
2735 if (status != EFI_SUCCESS)
2738 *dsbr_var = data.dsbr;
2742 static int btintel_set_dsbr(struct hci_dev *hdev, struct intel_version_tlv *ver)
2744 struct btintel_dsbr_cmd {
2749 struct btintel_dsbr_cmd cmd;
2750 struct sk_buff *skb;
2755 cnvi = ver->cnvi_top & 0xfff;
2756 /* DSBR command needs to be sent for,
2757 * 1. BlazarI or BlazarIW + B0 step product in IML image.
2758 * 2. Gale Peak2 or BlazarU in OP image.
2762 case BTINTEL_CNVI_BLAZARI:
2763 case BTINTEL_CNVI_BLAZARIW:
2764 if (ver->img_type == BTINTEL_IMG_IML &&
2765 INTEL_CNVX_TOP_STEP(ver->cnvi_top) == 0x01)
2768 case BTINTEL_CNVI_GAP:
2769 case BTINTEL_CNVI_BLAZARU:
2770 if (ver->img_type == BTINTEL_IMG_OP &&
2771 hdev->bus == HCI_USB)
2779 err = btintel_uefi_get_dsbr(&dsbr);
2781 bt_dev_dbg(hdev, "Error reading efi: %ls (%d)",
2782 BTINTEL_EFI_DSBR, err);
2784 cmd.enable = dsbr & BIT(0);
2785 cmd.dsbr = dsbr >> 4 & 0xF;
2787 bt_dev_info(hdev, "dsbr: enable: 0x%2.2x value: 0x%2.2x", cmd.enable,
2790 skb = __hci_cmd_sync(hdev, 0xfc0a, sizeof(cmd), &cmd, HCI_CMD_TIMEOUT);
2792 return -bt_to_errno(PTR_ERR(skb));
2794 status = skb->data[0];
2798 return -bt_to_errno(status);
2803 int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
2804 struct intel_version_tlv *ver)
2809 struct intel_version_tlv new_ver;
2811 bt_dev_dbg(hdev, "");
2813 /* Set the default boot parameter to 0x0 and it is updated to
2814 * SKU specific boot parameter after reading Intel_Write_Boot_Params
2815 * command while downloading the firmware.
2817 boot_param = 0x00000000;
2819 /* In case of PCIe, this function might get called multiple times with
2820 * same hdev instance if there is any error on firmware download.
2821 * Need to clear stale bits of previous firmware download attempt.
2823 for (int i = 0; i < __INTEL_NUM_FLAGS; i++)
2824 btintel_clear_flag(hdev, i);
2826 btintel_set_flag(hdev, INTEL_BOOTLOADER);
2828 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
2832 /* check if controller is already having an operational firmware */
2833 if (ver->img_type == BTINTEL_IMG_OP)
2836 err = btintel_boot(hdev, boot_param);
2840 err = btintel_read_version_tlv(hdev, ver);
2844 /* set drive strength of BRI response */
2845 err = btintel_set_dsbr(hdev, ver);
2847 bt_dev_err(hdev, "Failed to send dsbr command (%d)", err);
2851 /* If image type returned is BTINTEL_IMG_IML, then controller supports
2852 * intermediate loader image
2854 if (ver->img_type == BTINTEL_IMG_IML) {
2855 err = btintel_prepare_fw_download_tlv(hdev, ver, &boot_param);
2859 err = btintel_boot(hdev, boot_param);
2864 btintel_clear_flag(hdev, INTEL_BOOTLOADER);
2866 btintel_get_fw_name_tlv(ver, ddcname, sizeof(ddcname), "ddc");
2867 /* Once the device is running in operational mode, it needs to
2868 * apply the device configuration (DDC) parameters.
2870 * The device can work without DDC parameters, so even if it
2871 * fails to load the file, no need to fail the setup.
2873 btintel_load_ddc_config(hdev, ddcname);
2875 /* Read supported use cases and set callbacks to fetch datapath id */
2876 btintel_configure_offload(hdev);
2878 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
2880 /* Set PPAG feature */
2881 btintel_set_ppag(hdev, ver);
2883 /* Read the Intel version information after loading the FW */
2884 err = btintel_read_version_tlv(hdev, &new_ver);
2888 btintel_version_info_tlv(hdev, &new_ver);
2891 /* Set the event mask for Intel specific vendor events. This enables
2892 * a few extra events that are useful during general operation. It
2893 * does not enable any debugging related events.
2895 * The device will function correctly without these events enabled
2896 * and thus no need to fail the setup.
2898 btintel_set_event_mask(hdev, false);
2902 EXPORT_SYMBOL_GPL(btintel_bootloader_setup_tlv);
2904 void btintel_set_msft_opcode(struct hci_dev *hdev, u8 hw_variant)
2906 switch (hw_variant) {
2907 /* Legacy bootloader devices that supports MSFT Extension */
2908 case 0x11: /* JfP */
2909 case 0x12: /* ThP */
2910 case 0x13: /* HrP */
2911 case 0x14: /* CcP */
2912 /* All Intel new generation controllers support the Microsoft vendor
2913 * extension are using 0xFC1E for VsMsftOpCode.
2922 hci_set_msft_opcode(hdev, 0xFC1E);
2929 EXPORT_SYMBOL_GPL(btintel_set_msft_opcode);
2931 void btintel_print_fseq_info(struct hci_dev *hdev)
2933 struct sk_buff *skb;
2938 skb = __hci_cmd_sync(hdev, 0xfcb3, 0, NULL, HCI_CMD_TIMEOUT);
2940 bt_dev_dbg(hdev, "Reading fseq status command failed (%ld)",
2945 if (skb->len < (sizeof(u32) * 16 + 2)) {
2946 bt_dev_dbg(hdev, "Malformed packet of length %u received",
2952 p = skb_pull_data(skb, 1);
2954 bt_dev_dbg(hdev, "Failed to get fseq status (0x%2.2x)", *p);
2959 p = skb_pull_data(skb, 1);
2965 str = "Fatal error";
2968 str = "Semaphore acquire error";
2971 str = "Unknown error";
2976 bt_dev_err(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
2981 bt_dev_info(hdev, "Fseq status: %s (0x%2.2x)", str, *p);
2983 val = get_unaligned_le32(skb_pull_data(skb, 4));
2984 bt_dev_dbg(hdev, "Reason: 0x%8.8x", val);
2986 val = get_unaligned_le32(skb_pull_data(skb, 4));
2987 bt_dev_dbg(hdev, "Global version: 0x%8.8x", val);
2989 val = get_unaligned_le32(skb_pull_data(skb, 4));
2990 bt_dev_dbg(hdev, "Installed version: 0x%8.8x", val);
2993 skb_pull_data(skb, 4);
2994 bt_dev_info(hdev, "Fseq executed: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
2998 skb_pull_data(skb, 4);
2999 bt_dev_info(hdev, "Fseq BT Top: %2.2u.%2.2u.%2.2u.%2.2u", p[0], p[1],
3002 val = get_unaligned_le32(skb_pull_data(skb, 4));
3003 bt_dev_dbg(hdev, "Fseq Top init version: 0x%8.8x", val);
3005 val = get_unaligned_le32(skb_pull_data(skb, 4));
3006 bt_dev_dbg(hdev, "Fseq Cnvio init version: 0x%8.8x", val);
3008 val = get_unaligned_le32(skb_pull_data(skb, 4));
3009 bt_dev_dbg(hdev, "Fseq MBX Wifi file version: 0x%8.8x", val);
3011 val = get_unaligned_le32(skb_pull_data(skb, 4));
3012 bt_dev_dbg(hdev, "Fseq BT version: 0x%8.8x", val);
3014 val = get_unaligned_le32(skb_pull_data(skb, 4));
3015 bt_dev_dbg(hdev, "Fseq Top reset address: 0x%8.8x", val);
3017 val = get_unaligned_le32(skb_pull_data(skb, 4));
3018 bt_dev_dbg(hdev, "Fseq MBX timeout: 0x%8.8x", val);
3020 val = get_unaligned_le32(skb_pull_data(skb, 4));
3021 bt_dev_dbg(hdev, "Fseq MBX ack: 0x%8.8x", val);
3023 val = get_unaligned_le32(skb_pull_data(skb, 4));
3024 bt_dev_dbg(hdev, "Fseq CNVi id: 0x%8.8x", val);
3026 val = get_unaligned_le32(skb_pull_data(skb, 4));
3027 bt_dev_dbg(hdev, "Fseq CNVr id: 0x%8.8x", val);
3029 val = get_unaligned_le32(skb_pull_data(skb, 4));
3030 bt_dev_dbg(hdev, "Fseq Error handle: 0x%8.8x", val);
3032 val = get_unaligned_le32(skb_pull_data(skb, 4));
3033 bt_dev_dbg(hdev, "Fseq Magic noalive indication: 0x%8.8x", val);
3035 val = get_unaligned_le32(skb_pull_data(skb, 4));
3036 bt_dev_dbg(hdev, "Fseq OTP version: 0x%8.8x", val);
3038 val = get_unaligned_le32(skb_pull_data(skb, 4));
3039 bt_dev_dbg(hdev, "Fseq MBX otp version: 0x%8.8x", val);
3043 EXPORT_SYMBOL_GPL(btintel_print_fseq_info);
3045 static int btintel_setup_combined(struct hci_dev *hdev)
3047 const u8 param[1] = { 0xFF };
3048 struct intel_version ver;
3049 struct intel_version_tlv ver_tlv;
3050 struct sk_buff *skb;
3053 BT_DBG("%s", hdev->name);
3055 /* The some controllers have a bug with the first HCI command sent to it
3056 * returning number of completed commands as zero. This would stall the
3057 * command processing in the Bluetooth core.
3059 * As a workaround, send HCI Reset command first which will reset the
3060 * number of completed commands and allow normal command processing
3063 * Regarding the INTEL_BROKEN_SHUTDOWN_LED flag, these devices maybe
3064 * in the SW_RFKILL ON state as a workaround of fixing LED issue during
3065 * the shutdown() procedure, and once the device is in SW_RFKILL ON
3066 * state, the only way to exit out of it is sending the HCI_Reset
3069 if (btintel_test_flag(hdev, INTEL_BROKEN_INITIAL_NCMD) ||
3070 btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
3071 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
3075 "sending initial HCI reset failed (%ld)",
3077 return PTR_ERR(skb);
3082 /* Starting from TyP device, the command parameter and response are
3083 * changed even though the OCF for HCI_Intel_Read_Version command
3084 * remains same. The legacy devices can handle even if the
3085 * command has a parameter and returns a correct version information.
3086 * So, it uses new format to support both legacy and new format.
3088 skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
3090 bt_dev_err(hdev, "Reading Intel version command failed (%ld)",
3092 return PTR_ERR(skb);
3095 /* Check the status */
3097 bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
3103 /* Apply the common HCI quirks for Intel device */
3104 set_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks);
3105 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
3106 set_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks);
3108 /* Set up the quality report callback for Intel devices */
3109 hdev->set_quality_report = btintel_set_quality_report;
3111 /* For Legacy device, check the HW platform value and size */
3112 if (skb->len == sizeof(ver) && skb->data[1] == 0x37) {
3113 bt_dev_dbg(hdev, "Read the legacy Intel version information");
3115 memcpy(&ver, skb->data, sizeof(ver));
3117 /* Display version information */
3118 btintel_version_info(hdev, &ver);
3120 /* Check for supported iBT hardware variants of this firmware
3123 * This check has been put in place to ensure correct forward
3124 * compatibility options when newer hardware variants come
3127 switch (ver.hw_variant) {
3129 case 0x08: /* StP */
3130 /* Legacy ROM product */
3131 btintel_set_flag(hdev, INTEL_ROM_LEGACY);
3133 /* Apply the device specific HCI quirks
3135 * WBS for SdP - For the Legacy ROM products, only SdP
3136 * supports the WBS. But the version information is not
3137 * enough to use here because the StP2 and SdP have same
3138 * hw_variant and fw_variant. So, this flag is set by
3139 * the transport driver (btusb) based on the HW info
3142 if (!btintel_test_flag(hdev,
3143 INTEL_ROM_LEGACY_NO_WBS_SUPPORT))
3144 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
3147 err = btintel_legacy_rom_setup(hdev, &ver);
3149 case 0x0b: /* SfP */
3150 case 0x11: /* JfP */
3151 case 0x12: /* ThP */
3152 case 0x13: /* HrP */
3153 case 0x14: /* CcP */
3155 case 0x0c: /* WsP */
3156 /* Apply the device specific HCI quirks
3158 * All Legacy bootloader devices support WBS
3160 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
3163 /* These variants don't seem to support LE Coded PHY */
3164 set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);
3166 /* Setup MSFT Extension support */
3167 btintel_set_msft_opcode(hdev, ver.hw_variant);
3169 err = btintel_bootloader_setup(hdev, &ver);
3170 btintel_register_devcoredump_support(hdev);
3173 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
3178 hci_set_hw_info(hdev,
3179 "INTEL platform=%u variant=%u revision=%u",
3180 ver.hw_platform, ver.hw_variant,
3186 /* memset ver_tlv to start with clean state as few fields are exclusive
3187 * to bootloader mode and are not populated in operational mode
3189 memset(&ver_tlv, 0, sizeof(ver_tlv));
3190 /* For TLV type device, parse the tlv data */
3191 err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
3193 bt_dev_err(hdev, "Failed to parse TLV version information");
3197 if (INTEL_HW_PLATFORM(ver_tlv.cnvi_bt) != 0x37) {
3198 bt_dev_err(hdev, "Unsupported Intel hardware platform (0x%2x)",
3199 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt));
3204 /* Check for supported iBT hardware variants of this firmware
3207 * This check has been put in place to ensure correct forward
3208 * compatibility options when newer hardware variants come
3211 switch (INTEL_HW_VARIANT(ver_tlv.cnvi_bt)) {
3212 case 0x11: /* JfP */
3213 case 0x12: /* ThP */
3214 case 0x13: /* HrP */
3215 case 0x14: /* CcP */
3216 /* Some legacy bootloader devices starting from JfP,
3217 * the operational firmware supports both old and TLV based
3218 * HCI_Intel_Read_Version command based on the command
3221 * For upgrading firmware case, the TLV based version cannot
3222 * be used because the firmware filename for legacy bootloader
3223 * is based on the old format.
3225 * Also, it is not easy to convert TLV based version from the
3226 * legacy version format.
3228 * So, as a workaround for those devices, use the legacy
3229 * HCI_Intel_Read_Version to get the version information and
3230 * run the legacy bootloader setup.
3232 err = btintel_read_version(hdev, &ver);
3236 /* Apply the device specific HCI quirks
3238 * All Legacy bootloader devices support WBS
3240 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3242 /* These variants don't seem to support LE Coded PHY */
3243 set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);
3245 /* Setup MSFT Extension support */
3246 btintel_set_msft_opcode(hdev, ver.hw_variant);
3248 err = btintel_bootloader_setup(hdev, &ver);
3249 btintel_register_devcoredump_support(hdev);
3251 case 0x18: /* GfP2 */
3252 case 0x1c: /* GaP */
3253 /* Re-classify packet type for controllers with LE audio */
3254 hdev->classify_pkt_type = btintel_classify_pkt_type;
3261 /* Display version information of TLV type */
3262 btintel_version_info_tlv(hdev, &ver_tlv);
3264 /* Apply the device specific HCI quirks for TLV based devices
3266 * All TLV based devices support WBS
3268 set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
3270 /* Setup MSFT Extension support */
3271 btintel_set_msft_opcode(hdev,
3272 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3273 btintel_set_dsm_reset_method(hdev, &ver_tlv);
3275 err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
3279 btintel_register_devcoredump_support(hdev);
3280 btintel_print_fseq_info(hdev);
3283 bt_dev_err(hdev, "Unsupported Intel hw variant (%u)",
3284 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3289 hci_set_hw_info(hdev, "INTEL platform=%u variant=%u",
3290 INTEL_HW_PLATFORM(ver_tlv.cnvi_bt),
3291 INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
3299 int btintel_shutdown_combined(struct hci_dev *hdev)
3301 struct sk_buff *skb;
3304 /* Send HCI Reset to the controller to stop any BT activity which
3305 * were triggered. This will help to save power and maintain the
3306 * sync b/w Host and controller
3308 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
3310 bt_dev_err(hdev, "HCI reset during shutdown failed");
3311 return PTR_ERR(skb);
3316 /* Some platforms have an issue with BT LED when the interface is
3317 * down or BT radio is turned off, which takes 5 seconds to BT LED
3318 * goes off. As a workaround, sends HCI_Intel_SW_RFKILL to put the
3319 * device in the RFKILL ON state which turns off the BT LED immediately.
3321 if (btintel_test_flag(hdev, INTEL_BROKEN_SHUTDOWN_LED)) {
3322 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
3325 bt_dev_err(hdev, "turning off Intel device LED failed");
3333 EXPORT_SYMBOL_GPL(btintel_shutdown_combined);
3335 int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name)
3337 hdev->manufacturer = 2;
3338 hdev->setup = btintel_setup_combined;
3339 hdev->shutdown = btintel_shutdown_combined;
3340 hdev->hw_error = btintel_hw_error;
3341 hdev->set_diag = btintel_set_diag_combined;
3342 hdev->set_bdaddr = btintel_set_bdaddr;
3344 coredump_info.driver_name = driver_name;
3348 EXPORT_SYMBOL_GPL(btintel_configure_setup);
3350 int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
3352 struct intel_tlv *tlv = (void *)&skb->data[5];
3354 /* The first event is always an event type TLV */
3355 if (tlv->type != INTEL_TLV_TYPE_ID)
3358 switch (tlv->val[0]) {
3359 case INTEL_TLV_SYSTEM_EXCEPTION:
3360 case INTEL_TLV_FATAL_EXCEPTION:
3361 case INTEL_TLV_DEBUG_EXCEPTION:
3362 case INTEL_TLV_TEST_EXCEPTION:
3363 /* Generate devcoredump from exception */
3364 if (!hci_devcd_init(hdev, skb->len)) {
3365 hci_devcd_append(hdev, skb_clone(skb, GFP_ATOMIC));
3366 hci_devcd_complete(hdev);
3368 bt_dev_err(hdev, "Failed to generate devcoredump");
3372 bt_dev_err(hdev, "Invalid exception type %02X", tlv->val[0]);
3376 return hci_recv_frame(hdev, skb);
3378 EXPORT_SYMBOL_GPL(btintel_diagnostics);
3380 int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
3382 struct hci_event_hdr *hdr = (void *)skb->data;
3383 const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
3385 if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
3387 const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
3388 unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
3390 if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
3391 switch (skb->data[2]) {
3393 /* When switching to the operational firmware
3394 * the device sends a vendor specific event
3395 * indicating that the bootup completed.
3397 btintel_bootup(hdev, ptr, len);
3401 /* When the firmware loading completes the
3402 * device sends out a vendor specific event
3403 * indicating the result of the firmware
3406 btintel_secure_send_result(hdev, ptr, len);
3412 /* Handle all diagnostics events separately. May still call
3415 if (len >= sizeof(diagnostics_hdr) &&
3416 memcmp(&skb->data[2], diagnostics_hdr,
3417 sizeof(diagnostics_hdr)) == 0) {
3418 return btintel_diagnostics(hdev, skb);
3422 return hci_recv_frame(hdev, skb);
3424 EXPORT_SYMBOL_GPL(btintel_recv_event);
3426 void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len)
3428 const struct intel_bootup *evt = ptr;
3430 if (len != sizeof(*evt))
3433 if (btintel_test_and_clear_flag(hdev, INTEL_BOOTING))
3434 btintel_wake_up_flag(hdev, INTEL_BOOTING);
3436 EXPORT_SYMBOL_GPL(btintel_bootup);
3438 void btintel_secure_send_result(struct hci_dev *hdev,
3439 const void *ptr, unsigned int len)
3441 const struct intel_secure_send_result *evt = ptr;
3443 if (len != sizeof(*evt))
3447 btintel_set_flag(hdev, INTEL_FIRMWARE_FAILED);
3449 if (btintel_test_and_clear_flag(hdev, INTEL_DOWNLOADING) &&
3450 btintel_test_flag(hdev, INTEL_FIRMWARE_LOADED))
3451 btintel_wake_up_flag(hdev, INTEL_DOWNLOADING);
3453 EXPORT_SYMBOL_GPL(btintel_secure_send_result);
3456 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION);
3457 MODULE_VERSION(VERSION);
3458 MODULE_LICENSE("GPL");
3459 MODULE_FIRMWARE("intel/ibt-11-5.sfi");
3460 MODULE_FIRMWARE("intel/ibt-11-5.ddc");
3461 MODULE_FIRMWARE("intel/ibt-12-16.sfi");
3462 MODULE_FIRMWARE("intel/ibt-12-16.ddc");
projects / linux.git / blob