mirror of
https://git.kernel.org/pub/scm/bluetooth/bluez.git
synced 2024-12-19 08:53:29 +08:00
0a259dd05b
This patch adds SPDX License Identifier and removes the license text.
-------------------------------------
License COUNT
-------------------------------------
GPL-2.0-or-later : 97
LGPL-2.1-or-later : 38
GPL-2.0-only : 2
License: GPL-2.0-or-later
tools/l2cap-tester.c
tools/hcisecfilter.c
tools/ciptool.c
tools/btsnoop.c
tools/check-selftest.c
tools/btpclientctl.c
tools/hci-tester.c
tools/hcitool.c
tools/btiotest.c
tools/oobtest.c
tools/btinfo.c
tools/hwdb.c
tools/hciattach_bcm43xx.c
tools/mgmt-tester.c
tools/hex2hcd.c
tools/hciattach_st.c
tools/smp-tester.c
tools/bluetooth-player.c
tools/hciattach_tialt.c
tools/gap-tester.c
tools/bluemoon.c
tools/bneptest.c
tools/gatt-service.c
tools/rctest.c
tools/rfcomm-tester.c
tools/hcieventmask.c
tools/hciattach_ti.c
tools/seq2bseq.c
tools/scotest.c
tools/bcmfw.c
tools/hciconfig.c
tools/btattach.c
tools/l2ping.c
tools/obexctl.c
tools/l2test.c
tools/hciattach_intel.c
tools/hciattach.h
tools/create-image.c
tools/bnep-tester.c
tools/userchan-tester.c
tools/rfcomm.c
tools/btmon-logger.c
tools/hcidump.c
tools/rtlfw.c
tools/hciattach_qualcomm.c
tools/btproxy.c
tools/nokfw.c
tools/hciattach_ath3k.c
tools/3dsp.c
tools/bdaddr.c
tools/sco-tester.c
tools/hciattach.c
tools/amptest.c
tools/btgatt-server.c
tools/btgatt-client.c
tools/cltest.c
tools/ibeacon.c
tools/mcaptest.c
tools/hid2hci.c
tools/btmgmt.c
tools/advtest.c
tools/eddystone.c
tools/avtest.c
tools/mpris-proxy.c
tools/avinfo.c
tools/sdptool.c
tools/btconfig.c
tools/update_compids.sh
tools/parser/parser.h
tools/parser/obex.c
tools/parser/amp.c
tools/parser/sdp.c
tools/parser/tcpip.c
tools/parser/sap.c
tools/parser/cmtp.c
tools/parser/avctp.c
tools/parser/lmp.c
tools/parser/ppp.c
tools/parser/rfcomm.h
tools/parser/hci.c
tools/parser/sdp.h
tools/parser/parser.c
tools/parser/rfcomm.c
tools/parser/avdtp.c
tools/parser/avrcp.c
tools/parser/ericsson.c
tools/parser/hcrp.c
tools/parser/bpa.c
tools/parser/hidp.c
tools/parser/bnep.c
tools/parser/capi.c
tools/parser/att.c
tools/parser/l2cap.c
tools/parser/smp.c
tools/parser/csr.c
tools/parser/l2cap.h
tools/parse_companies.pl
License: LGPL-2.1-or-later
tools/test-runner.c
tools/btpclient.c
tools/meshctl.c
tools/mesh-cfgclient.c
tools/mesh/model.h
tools/mesh/util.h
tools/mesh/config-model.h
tools/mesh/cfgcli.h
tools/mesh/mesh-db.c
tools/mesh/mesh-db.h
tools/mesh/keys.c
tools/mesh/util.c
tools/mesh/agent.h
tools/mesh/remote.c
tools/mesh/keys.h
tools/mesh/agent.c
tools/mesh/cfgcli.c
tools/mesh/remote.h
tools/mesh-gatt/prov.c
tools/mesh-gatt/util.h
tools/mesh-gatt/prov.h
tools/mesh-gatt/net.c
tools/mesh-gatt/util.c
tools/mesh-gatt/prov-db.h
tools/mesh-gatt/crypto.c
tools/mesh-gatt/crypto.h
tools/mesh-gatt/gatt.c
tools/mesh-gatt/config-server.c
tools/mesh-gatt/keys.h
tools/mesh-gatt/onoff-model.c
tools/mesh-gatt/net.h
tools/mesh-gatt/gatt.h
tools/mesh-gatt/node.c
tools/mesh-gatt/config-client.c
tools/mesh-gatt/mesh-net.h
tools/mesh-gatt/node.h
tools/mesh-gatt/onoff-model.h
tools/mesh-gatt/prov-db.c
License: GPL-2.0-only
tools/obex-server-tool.c
tools/obex-client-tool.c
1019 lines
23 KiB
C
1019 lines
23 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
*
|
|
* BlueZ - Bluetooth protocol stack for Linux
|
|
*
|
|
* Copyright (C) 2012 Intel Corporation. All rights reserved.
|
|
*
|
|
*
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <ctype.h>
|
|
#include <stdio.h>
|
|
#include <fcntl.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <getopt.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/param.h>
|
|
|
|
#include "monitor/bt.h"
|
|
#include "src/shared/mainloop.h"
|
|
#include "src/shared/util.h"
|
|
#include "src/shared/hci.h"
|
|
|
|
#define CMD_RESET 0xfc01
|
|
struct cmd_reset {
|
|
uint8_t reset_type;
|
|
uint8_t patch_enable;
|
|
uint8_t otp_ddc_reload;
|
|
uint8_t boot_option;
|
|
uint32_t boot_addr;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_NO_OPERATION 0xfc02
|
|
|
|
#define CMD_READ_VERSION 0xfc05
|
|
struct rsp_read_version {
|
|
uint8_t status;
|
|
uint8_t hw_platform;
|
|
uint8_t hw_variant;
|
|
uint8_t hw_revision;
|
|
uint8_t fw_variant;
|
|
uint8_t fw_revision;
|
|
uint8_t fw_build_nn;
|
|
uint8_t fw_build_cw;
|
|
uint8_t fw_build_yy;
|
|
uint8_t fw_patch;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_READ_BOOT_PARAMS 0xfc0d
|
|
struct rsp_read_boot_params {
|
|
uint8_t status;
|
|
uint8_t otp_format;
|
|
uint8_t otp_content;
|
|
uint8_t otp_patch;
|
|
uint16_t dev_revid;
|
|
uint8_t secure_boot;
|
|
uint8_t key_from_hdr;
|
|
uint8_t key_type;
|
|
uint8_t otp_lock;
|
|
uint8_t api_lock;
|
|
uint8_t debug_lock;
|
|
uint8_t otp_bdaddr[6];
|
|
uint8_t min_fw_build_nn;
|
|
uint8_t min_fw_build_cw;
|
|
uint8_t min_fw_build_yy;
|
|
uint8_t limited_cce;
|
|
uint8_t unlocked_state;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_WRITE_BOOT_PARAMS 0xfc0e
|
|
struct cmd_write_boot_params {
|
|
uint32_t boot_addr;
|
|
uint8_t fw_build_nn;
|
|
uint8_t fw_build_cw;
|
|
uint8_t fw_build_yy;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_MANUFACTURER_MODE 0xfc11
|
|
struct cmd_manufacturer_mode {
|
|
uint8_t mode_switch;
|
|
uint8_t reset;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_WRITE_BD_DATA 0xfc2f
|
|
struct cmd_write_bd_data {
|
|
uint8_t bdaddr[6];
|
|
uint8_t reserved1[6];
|
|
uint8_t features[8];
|
|
uint8_t le_features;
|
|
uint8_t reserved2[32];
|
|
uint8_t lmp_version;
|
|
uint8_t reserved3[26];
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_READ_BD_DATA 0xfc30
|
|
struct rsp_read_bd_data {
|
|
uint8_t status;
|
|
uint8_t bdaddr[6];
|
|
uint8_t reserved1[6];
|
|
uint8_t features[8];
|
|
uint8_t le_features;
|
|
uint8_t reserved2[32];
|
|
uint8_t lmp_version;
|
|
uint8_t reserved3[26];
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_WRITE_BD_ADDRESS 0xfc31
|
|
struct cmd_write_bd_address {
|
|
uint8_t bdaddr[6];
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_ACT_DEACT_TRACES 0xfc43
|
|
struct cmd_act_deact_traces {
|
|
uint8_t tx_trace;
|
|
uint8_t tx_arq;
|
|
uint8_t rx_trace;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_TRIGGER_EXCEPTION 0xfc4d
|
|
struct cmd_trigger_exception {
|
|
uint8_t type;
|
|
} __attribute__ ((packed));
|
|
|
|
#define CMD_MEMORY_WRITE 0xfc8e
|
|
|
|
static struct bt_hci *hci_dev;
|
|
static uint16_t hci_index = 0;
|
|
|
|
#define FIRMWARE_BASE_PATH "/lib/firmware"
|
|
|
|
static bool set_bdaddr = false;
|
|
static const char *set_bdaddr_value = NULL;
|
|
static bool get_bddata = false;
|
|
static bool load_firmware = false;
|
|
static const char *load_firmware_value = NULL;
|
|
static uint8_t *firmware_data = NULL;
|
|
static size_t firmware_size = 0;
|
|
static size_t firmware_offset = 0;
|
|
static bool check_firmware = false;
|
|
static const char *check_firmware_value = NULL;
|
|
uint8_t manufacturer_mode_reset = 0x00;
|
|
static bool use_manufacturer_mode = false;
|
|
static bool set_traces = false;
|
|
static bool set_exception = false;
|
|
static bool reset_on_exit = false;
|
|
static bool cold_boot = false;
|
|
|
|
static void reset_complete(const void *data, uint8_t size, void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to reset (0x%02x)\n", status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
static void cold_boot_complete(const void *data, uint8_t size, void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to cold boot (0x%02x)\n", status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (reset_on_exit) {
|
|
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
|
|
reset_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
static void leave_manufacturer_mode_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to leave manufacturer mode (0x%02x)\n",
|
|
status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (reset_on_exit) {
|
|
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
|
|
reset_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
static void shutdown_device(void)
|
|
{
|
|
bt_hci_flush(hci_dev);
|
|
|
|
free(firmware_data);
|
|
|
|
if (use_manufacturer_mode) {
|
|
struct cmd_manufacturer_mode cmd;
|
|
|
|
cmd.mode_switch = 0x00;
|
|
cmd.reset = manufacturer_mode_reset;
|
|
|
|
bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
|
|
leave_manufacturer_mode_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
if (reset_on_exit) {
|
|
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
|
|
reset_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
static void write_bd_address_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to write address (0x%02x)\n", status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void read_bd_addr_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
const struct bt_hci_rsp_read_bd_addr *rsp = data;
|
|
struct cmd_write_bd_address cmd;
|
|
|
|
if (rsp->status) {
|
|
fprintf(stderr, "Failed to read address (0x%02x)\n",
|
|
rsp->status);
|
|
mainloop_quit();
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
if (set_bdaddr_value) {
|
|
fprintf(stderr, "Setting address is not supported\n");
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
printf("Controller Address\n");
|
|
printf("\tOld BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
|
|
rsp->bdaddr[5], rsp->bdaddr[4],
|
|
rsp->bdaddr[3], rsp->bdaddr[2],
|
|
rsp->bdaddr[1], rsp->bdaddr[0]);
|
|
|
|
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
|
|
cmd.bdaddr[0] = (hci_index & 0xff);
|
|
|
|
printf("\tNew BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
|
|
cmd.bdaddr[5], cmd.bdaddr[4],
|
|
cmd.bdaddr[3], cmd.bdaddr[2],
|
|
cmd.bdaddr[1], cmd.bdaddr[0]);
|
|
|
|
bt_hci_send(hci_dev, CMD_WRITE_BD_ADDRESS, &cmd, sizeof(cmd),
|
|
write_bd_address_complete, NULL, NULL);
|
|
}
|
|
|
|
static void act_deact_traces_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to activate traces (0x%02x)\n", status);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void act_deact_traces(void)
|
|
{
|
|
struct cmd_act_deact_traces cmd;
|
|
|
|
cmd.tx_trace = 0x03;
|
|
cmd.tx_arq = 0x03;
|
|
cmd.rx_trace = 0x03;
|
|
|
|
bt_hci_send(hci_dev, CMD_ACT_DEACT_TRACES, &cmd, sizeof(cmd),
|
|
act_deact_traces_complete, NULL, NULL);
|
|
}
|
|
|
|
static void trigger_exception(void)
|
|
{
|
|
struct cmd_trigger_exception cmd;
|
|
|
|
cmd.type = 0x00;
|
|
|
|
bt_hci_send(hci_dev, CMD_TRIGGER_EXCEPTION, &cmd, sizeof(cmd),
|
|
NULL, NULL, NULL);
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void write_bd_data_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to write data (0x%02x)\n", status);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
if (set_traces) {
|
|
act_deact_traces();
|
|
return;
|
|
}
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void read_bd_data_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
const struct rsp_read_bd_data *rsp = data;
|
|
|
|
if (rsp->status) {
|
|
fprintf(stderr, "Failed to read data (0x%02x)\n", rsp->status);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
printf("Controller Data\n");
|
|
printf("\tBD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
|
|
rsp->bdaddr[5], rsp->bdaddr[4],
|
|
rsp->bdaddr[3], rsp->bdaddr[2],
|
|
rsp->bdaddr[1], rsp->bdaddr[0]);
|
|
|
|
printf("\tLMP Version: %u\n", rsp->lmp_version);
|
|
printf("\tLMP Features: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x"
|
|
" 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
|
|
rsp->features[0], rsp->features[1],
|
|
rsp->features[2], rsp->features[3],
|
|
rsp->features[4], rsp->features[5],
|
|
rsp->features[6], rsp->features[7]);
|
|
printf("\tLE Features: 0x%2.2x\n", rsp->le_features);
|
|
|
|
if (set_bdaddr) {
|
|
struct cmd_write_bd_data cmd;
|
|
|
|
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
|
|
cmd.bdaddr[0] = (hci_index & 0xff);
|
|
cmd.lmp_version = 0x07;
|
|
memcpy(cmd.features, rsp->features, 8);
|
|
cmd.le_features = rsp->le_features;
|
|
cmd.le_features |= 0x1e;
|
|
memcpy(cmd.reserved1, rsp->reserved1, sizeof(cmd.reserved1));
|
|
memcpy(cmd.reserved2, rsp->reserved2, sizeof(cmd.reserved2));
|
|
memcpy(cmd.reserved3, rsp->reserved3, sizeof(cmd.reserved3));
|
|
|
|
bt_hci_send(hci_dev, CMD_WRITE_BD_DATA, &cmd, sizeof(cmd),
|
|
write_bd_data_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void firmware_command_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to load firmware (0x%02x)\n", status);
|
|
manufacturer_mode_reset = 0x01;
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
if (firmware_offset >= firmware_size) {
|
|
printf("Activating firmware\n");
|
|
manufacturer_mode_reset = 0x02;
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
if (firmware_data[firmware_offset] == 0x01) {
|
|
uint16_t opcode;
|
|
uint8_t dlen;
|
|
|
|
opcode = firmware_data[firmware_offset + 2] << 8 |
|
|
firmware_data[firmware_offset + 1];
|
|
dlen = firmware_data[firmware_offset + 3];
|
|
|
|
bt_hci_send(hci_dev, opcode, firmware_data +
|
|
firmware_offset + 4, dlen,
|
|
firmware_command_complete, NULL, NULL);
|
|
|
|
firmware_offset += dlen + 4;
|
|
|
|
if (firmware_data[firmware_offset] == 0x02) {
|
|
dlen = firmware_data[firmware_offset + 2];
|
|
firmware_offset += dlen + 3;
|
|
}
|
|
} else {
|
|
fprintf(stderr, "Invalid packet in firmware\n");
|
|
manufacturer_mode_reset = 0x01;
|
|
shutdown_device();
|
|
}
|
|
|
|
}
|
|
|
|
static void enter_manufacturer_mode_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
uint8_t status = *((uint8_t *) data);
|
|
|
|
if (status) {
|
|
fprintf(stderr, "Failed to enter manufacturer mode (0x%02x)\n",
|
|
status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (load_firmware) {
|
|
uint8_t status = BT_HCI_ERR_SUCCESS;
|
|
firmware_command_complete(&status, sizeof(status), NULL);
|
|
return;
|
|
}
|
|
|
|
if (get_bddata || set_bdaddr) {
|
|
bt_hci_send(hci_dev, CMD_READ_BD_DATA, NULL, 0,
|
|
read_bd_data_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
if (set_traces) {
|
|
act_deact_traces();
|
|
return;
|
|
}
|
|
|
|
if (set_exception) {
|
|
trigger_exception();
|
|
return;
|
|
}
|
|
|
|
shutdown_device();
|
|
}
|
|
|
|
static void request_firmware(const char *path)
|
|
{
|
|
unsigned int cmd_num = 0;
|
|
unsigned int evt_num = 0;
|
|
struct stat st;
|
|
ssize_t len;
|
|
int fd;
|
|
|
|
fd = open(path, O_RDONLY);
|
|
if (fd < 0) {
|
|
fprintf(stderr, "Failed to open firmware %s\n", path);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
if (fstat(fd, &st) < 0) {
|
|
fprintf(stderr, "Failed to get firmware size\n");
|
|
close(fd);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
firmware_data = malloc(st.st_size);
|
|
if (!firmware_data) {
|
|
fprintf(stderr, "Failed to allocate firmware buffer\n");
|
|
close(fd);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
len = read(fd, firmware_data, st.st_size);
|
|
if (len < 0) {
|
|
fprintf(stderr, "Failed to read firmware file\n");
|
|
close(fd);
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
close(fd);
|
|
|
|
if (len < st.st_size) {
|
|
fprintf(stderr, "Firmware size does not match buffer\n");
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
|
|
firmware_size = len;
|
|
|
|
if (firmware_data[0] == 0xff)
|
|
firmware_offset = 1;
|
|
|
|
while (firmware_offset < firmware_size) {
|
|
uint16_t opcode;
|
|
uint8_t evt, dlen;
|
|
|
|
switch (firmware_data[firmware_offset]) {
|
|
case 0x01:
|
|
opcode = firmware_data[firmware_offset + 2] << 8 |
|
|
firmware_data[firmware_offset + 1];
|
|
dlen = firmware_data[firmware_offset + 3];
|
|
|
|
if (opcode != CMD_MEMORY_WRITE)
|
|
printf("Unexpected opcode 0x%02x\n", opcode);
|
|
|
|
firmware_offset += dlen + 4;
|
|
cmd_num++;
|
|
break;
|
|
|
|
case 0x02:
|
|
evt = firmware_data[firmware_offset + 1];
|
|
dlen = firmware_data[firmware_offset + 2];
|
|
|
|
if (evt != BT_HCI_EVT_CMD_COMPLETE)
|
|
printf("Unexpected event 0x%02x\n", evt);
|
|
|
|
firmware_offset += dlen + 3;
|
|
evt_num++;
|
|
break;
|
|
|
|
default:
|
|
fprintf(stderr, "Invalid firmware file\n");
|
|
shutdown_device();
|
|
return;
|
|
}
|
|
}
|
|
|
|
printf("Firmware with %u commands and %u events\n", cmd_num, evt_num);
|
|
|
|
if (firmware_data[0] == 0xff)
|
|
firmware_offset = 1;
|
|
}
|
|
|
|
static void read_boot_params_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
const struct rsp_read_boot_params *rsp = data;
|
|
|
|
if (rsp->status) {
|
|
fprintf(stderr, "Failed to read boot params (0x%02x)\n",
|
|
rsp->status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (size != sizeof(*rsp)) {
|
|
fprintf(stderr, "Size mismatch for read boot params\n");
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
printf("Secure Boot Parameters\n");
|
|
printf("\tOTP Format Version:\t%u\n", rsp->otp_format);
|
|
printf("\tOTP Content Version:\t%u\n", rsp->otp_content);
|
|
printf("\tOTP ROM Patch Version:\t%u\n", rsp->otp_patch);
|
|
printf("\tDevice Revision ID:\t%u\n", le16_to_cpu(rsp->dev_revid));
|
|
printf("\tSecure Boot Enable:\t%u\n", rsp->secure_boot);
|
|
printf("\tTake Key From Header:\t%u\n", rsp->key_from_hdr);
|
|
printf("\tRSA Key Type:\t\t%u\n", rsp->key_type);
|
|
printf("\tOTP Lock:\t\t%u\n", rsp->otp_lock);
|
|
printf("\tAPI Lock:\t\t%u\n", rsp->api_lock);
|
|
printf("\tDebug Lock:\t\t%u\n", rsp->debug_lock);
|
|
printf("\tMin FW Build Number:\t%u-%u.%u\n", rsp->min_fw_build_nn,
|
|
rsp->min_fw_build_cw, 2000 + rsp->min_fw_build_yy);
|
|
printf("\tLimited CCE to ISSC:\t%u\n", rsp->limited_cce);
|
|
printf("\tUnlocked State:\t\t%u\n", rsp->unlocked_state);
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
static const struct {
|
|
uint8_t val;
|
|
const char *str;
|
|
} hw_variant_table[] = {
|
|
{ 0x06, "iBT 1.1 (XG223)" },
|
|
{ 0x07, "iBT 2.0 (WP)" },
|
|
{ 0x08, "iBT 2.5 (StP)" },
|
|
{ 0x09, "iBT 1.5 (AG610)" },
|
|
{ 0x0a, "iBT 2.1 (AG620)" },
|
|
{ 0x0b, "iBT 3.0 (LnP)" },
|
|
{ 0x0c, "iBT 3.0 (WsP)" },
|
|
{ 0x12, "iBT 3.5 (ThP)" },
|
|
{ }
|
|
};
|
|
|
|
static const struct {
|
|
uint8_t val;
|
|
const char *str;
|
|
} fw_variant_table[] = {
|
|
{ 0x01, "iBT 1.0 - iBT 2.5" },
|
|
{ 0x06, "iBT Bootloader" },
|
|
{ 0x23, "iBT 3.x Bluetooth FW" },
|
|
{ }
|
|
};
|
|
|
|
static void read_version_complete(const void *data, uint8_t size,
|
|
void *user_data)
|
|
{
|
|
const struct rsp_read_version *rsp = data;
|
|
const char *str;
|
|
int i;
|
|
|
|
if (rsp->status) {
|
|
fprintf(stderr, "Failed to read version (0x%02x)\n",
|
|
rsp->status);
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (size != sizeof(*rsp)) {
|
|
fprintf(stderr, "Size mismatch for read version response\n");
|
|
mainloop_quit();
|
|
return;
|
|
}
|
|
|
|
if (cold_boot) {
|
|
struct cmd_reset cmd;
|
|
|
|
cmd.reset_type = 0x01;
|
|
cmd.patch_enable = 0x00;
|
|
cmd.otp_ddc_reload = 0x01;
|
|
cmd.boot_option = 0x00;
|
|
cmd.boot_addr = cpu_to_le32(0x00000000);
|
|
|
|
bt_hci_send(hci_dev, CMD_RESET, &cmd, sizeof(cmd),
|
|
cold_boot_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
if (load_firmware) {
|
|
if (load_firmware_value) {
|
|
printf("Firmware: %s\n", load_firmware_value);
|
|
request_firmware(load_firmware_value);
|
|
} else {
|
|
char fw_name[PATH_MAX];
|
|
|
|
snprintf(fw_name, sizeof(fw_name),
|
|
"%s/%s/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
|
|
FIRMWARE_BASE_PATH, "intel",
|
|
rsp->hw_platform, rsp->hw_variant,
|
|
rsp->hw_revision, rsp->fw_variant,
|
|
rsp->fw_revision, rsp->fw_build_nn,
|
|
rsp->fw_build_cw, rsp->fw_build_yy);
|
|
|
|
printf("Firmware: %s\n", fw_name);
|
|
printf("Patch level: %d\n", rsp->fw_patch);
|
|
request_firmware(fw_name);
|
|
}
|
|
}
|
|
|
|
if (use_manufacturer_mode) {
|
|
struct cmd_manufacturer_mode cmd;
|
|
|
|
cmd.mode_switch = 0x01;
|
|
cmd.reset = 0x00;
|
|
|
|
bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
|
|
enter_manufacturer_mode_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
if (set_bdaddr) {
|
|
bt_hci_send(hci_dev, BT_HCI_CMD_READ_BD_ADDR, NULL, 0,
|
|
read_bd_addr_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
printf("Controller Version Information\n");
|
|
printf("\tHardware Platform:\t%u\n", rsp->hw_platform);
|
|
|
|
str = "Reserved";
|
|
|
|
for (i = 0; hw_variant_table[i].str; i++) {
|
|
if (hw_variant_table[i].val == rsp->hw_variant) {
|
|
str = hw_variant_table[i].str;
|
|
break;
|
|
}
|
|
}
|
|
|
|
printf("\tHardware Variant:\t%s (0x%02x)\n", str, rsp->hw_variant);
|
|
printf("\tHardware Revision:\t%u.%u\n", rsp->hw_revision >> 4,
|
|
rsp->hw_revision & 0x0f);
|
|
|
|
str = "Reserved";
|
|
|
|
for (i = 0; fw_variant_table[i].str; i++) {
|
|
if (fw_variant_table[i].val == rsp->fw_variant) {
|
|
str = fw_variant_table[i].str;
|
|
break;
|
|
}
|
|
}
|
|
|
|
printf("\tFirmware Variant:\t%s (0x%02x)\n", str, rsp->fw_variant);
|
|
printf("\tFirmware Revision:\t%u.%u\n", rsp->fw_revision >> 4,
|
|
rsp->fw_revision & 0x0f);
|
|
printf("\tFirmware Build Number:\t%u-%u.%u\n", rsp->fw_build_nn,
|
|
rsp->fw_build_cw, 2000 + rsp->fw_build_yy);
|
|
printf("\tFirmware Patch Number:\t%u\n", rsp->fw_patch);
|
|
|
|
if (rsp->hw_variant == 0x0b && rsp->fw_variant == 0x06) {
|
|
bt_hci_send(hci_dev, CMD_READ_BOOT_PARAMS, NULL, 0,
|
|
read_boot_params_complete, NULL, NULL);
|
|
return;
|
|
}
|
|
|
|
mainloop_quit();
|
|
}
|
|
|
|
struct css_hdr {
|
|
uint32_t module_type;
|
|
uint32_t header_len;
|
|
uint32_t header_version;
|
|
uint32_t module_id;
|
|
uint32_t module_vendor;
|
|
uint32_t date;
|
|
uint32_t size;
|
|
uint32_t key_size;
|
|
uint32_t modulus_size;
|
|
uint32_t exponent_size;
|
|
uint8_t reserved[88];
|
|
} __attribute__ ((packed));
|
|
|
|
static void analyze_firmware(const char *path)
|
|
{
|
|
unsigned int cmd_num = 0;
|
|
struct css_hdr *css;
|
|
struct stat st;
|
|
ssize_t len;
|
|
int fd;
|
|
|
|
fd = open(path, O_RDONLY);
|
|
if (fd < 0) {
|
|
fprintf(stderr, "Failed to open firmware %s\n", path);
|
|
return;
|
|
}
|
|
|
|
if (fstat(fd, &st) < 0) {
|
|
fprintf(stderr, "Failed to get firmware size\n");
|
|
close(fd);
|
|
return;
|
|
}
|
|
|
|
firmware_data = malloc(st.st_size);
|
|
if (!firmware_data) {
|
|
fprintf(stderr, "Failed to allocate firmware buffer\n");
|
|
close(fd);
|
|
return;
|
|
}
|
|
|
|
len = read(fd, firmware_data, st.st_size);
|
|
if (len < 0) {
|
|
fprintf(stderr, "Failed to read firmware file\n");
|
|
close(fd);
|
|
goto done;
|
|
}
|
|
|
|
close(fd);
|
|
|
|
if (len != st.st_size) {
|
|
fprintf(stderr, "Failed to read complete firmware file\n");
|
|
goto done;
|
|
}
|
|
|
|
if ((size_t) len < sizeof(*css)) {
|
|
fprintf(stderr, "Firmware file is too short\n");
|
|
goto done;
|
|
}
|
|
|
|
css = (void *) firmware_data;
|
|
|
|
printf("Module type:\t%u\n", le32_to_cpu(css->module_type));
|
|
printf("Header len:\t%u DWORDs / %u bytes\n",
|
|
le32_to_cpu(css->header_len),
|
|
le32_to_cpu(css->header_len) * 4);
|
|
printf("Header version:\t%u.%u\n",
|
|
le32_to_cpu(css->header_version) >> 16,
|
|
le32_to_cpu(css->header_version) & 0xffff);
|
|
printf("Module ID:\t%u\n", le32_to_cpu(css->module_id));
|
|
printf("Module vendor:\t%u\n", le32_to_cpu(css->module_vendor));
|
|
printf("Date:\t\t%u\n", le32_to_cpu(css->date));
|
|
printf("Size:\t\t%u DWORDs / %u bytes\n", le32_to_cpu(css->size),
|
|
le32_to_cpu(css->size) * 4);
|
|
printf("Key size:\t%u DWORDs / %u bytes\n",
|
|
le32_to_cpu(css->key_size),
|
|
le32_to_cpu(css->key_size) * 4);
|
|
printf("Modulus size:\t%u DWORDs / %u bytes\n",
|
|
le32_to_cpu(css->modulus_size),
|
|
le32_to_cpu(css->modulus_size) * 4);
|
|
printf("Exponent size:\t%u DWORDs / %u bytes\n",
|
|
le32_to_cpu(css->exponent_size),
|
|
le32_to_cpu(css->exponent_size) * 4);
|
|
printf("\n");
|
|
|
|
|
|
if ((size_t) len != le32_to_cpu(css->size) * 4) {
|
|
fprintf(stderr, "CSS.size does not match file length\n");
|
|
goto done;
|
|
}
|
|
|
|
if (le32_to_cpu(css->header_len) != (sizeof(*css) / 4) +
|
|
le32_to_cpu(css->key_size) +
|
|
le32_to_cpu(css->modulus_size) +
|
|
le32_to_cpu(css->exponent_size)) {
|
|
fprintf(stderr, "CSS.headerLen does not match data sizes\n");
|
|
goto done;
|
|
}
|
|
|
|
firmware_size = le32_to_cpu(css->size) * 4;
|
|
firmware_offset = le32_to_cpu(css->header_len) * 4;
|
|
|
|
while (firmware_offset < firmware_size) {
|
|
uint16_t opcode;
|
|
uint8_t dlen;
|
|
|
|
opcode = get_le16(firmware_data + firmware_offset);
|
|
dlen = firmware_data[firmware_offset + 2];
|
|
|
|
switch (opcode) {
|
|
case CMD_NO_OPERATION:
|
|
case CMD_WRITE_BOOT_PARAMS:
|
|
case CMD_MEMORY_WRITE:
|
|
break;
|
|
default:
|
|
printf("Unexpected opcode 0x%02x\n", opcode);
|
|
break;
|
|
}
|
|
|
|
firmware_offset += dlen + 3;
|
|
cmd_num++;
|
|
}
|
|
|
|
printf("Firmware with %u commands\n", cmd_num);
|
|
|
|
done:
|
|
free(firmware_data);
|
|
}
|
|
|
|
static void signal_callback(int signum, void *user_data)
|
|
{
|
|
switch (signum) {
|
|
case SIGINT:
|
|
case SIGTERM:
|
|
mainloop_quit();
|
|
break;
|
|
}
|
|
}
|
|
|
|
static void usage(void)
|
|
{
|
|
printf("bluemoon - Bluemoon configuration utility\n"
|
|
"Usage:\n");
|
|
printf("\tbluemoon [options]\n");
|
|
printf("Options:\n"
|
|
"\t-A, --bdaddr [addr] Set Bluetooth address\n"
|
|
"\t-F, --firmware [file] Load firmware\n"
|
|
"\t-C, --check <file> Check firmware image\n"
|
|
"\t-R, --reset Reset controller\n"
|
|
"\t-B, --coldboot Cold boot controller\n"
|
|
"\t-E, --exception Trigger exception\n"
|
|
"\t-i, --index <num> Use specified controller\n"
|
|
"\t-h, --help Show help options\n");
|
|
}
|
|
|
|
static const struct option main_options[] = {
|
|
{ "bdaddr", optional_argument, NULL, 'A' },
|
|
{ "bddata", no_argument, NULL, 'D' },
|
|
{ "firmware", optional_argument, NULL, 'F' },
|
|
{ "check", required_argument, NULL, 'C' },
|
|
{ "traces", no_argument, NULL, 'T' },
|
|
{ "reset", no_argument, NULL, 'R' },
|
|
{ "coldboot", no_argument, NULL, 'B' },
|
|
{ "exception",no_argument, NULL, 'E' },
|
|
{ "index", required_argument, NULL, 'i' },
|
|
{ "raw", no_argument, NULL, 'r' },
|
|
{ "version", no_argument, NULL, 'v' },
|
|
{ "help", no_argument, NULL, 'h' },
|
|
{ }
|
|
};
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
const char *str;
|
|
bool use_raw = false;
|
|
int exit_status;
|
|
|
|
for (;;) {
|
|
int opt;
|
|
|
|
opt = getopt_long(argc, argv, "A::DF::C:TRBEi:rvh",
|
|
main_options, NULL);
|
|
if (opt < 0)
|
|
break;
|
|
|
|
switch (opt) {
|
|
case 'A':
|
|
if (optarg)
|
|
set_bdaddr_value = optarg;
|
|
set_bdaddr = true;
|
|
break;
|
|
case 'D':
|
|
use_manufacturer_mode = true;
|
|
get_bddata = true;
|
|
break;
|
|
case 'F':
|
|
use_manufacturer_mode = true;
|
|
if (optarg)
|
|
load_firmware_value = optarg;
|
|
load_firmware = true;
|
|
break;
|
|
case 'C':
|
|
check_firmware_value = optarg;
|
|
check_firmware = true;
|
|
break;
|
|
case 'E':
|
|
use_manufacturer_mode = true;
|
|
set_exception = true;
|
|
break;
|
|
case 'T':
|
|
use_manufacturer_mode = true;
|
|
set_traces = true;
|
|
break;
|
|
case 'R':
|
|
reset_on_exit = true;
|
|
break;
|
|
case 'B':
|
|
cold_boot = true;
|
|
break;
|
|
case 'i':
|
|
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
|
|
str = optarg + 3;
|
|
else
|
|
str = optarg;
|
|
if (!isdigit(*str)) {
|
|
usage();
|
|
return EXIT_FAILURE;
|
|
}
|
|
hci_index = atoi(str);
|
|
break;
|
|
case 'r':
|
|
use_raw = true;
|
|
break;
|
|
case 'v':
|
|
printf("%s\n", VERSION);
|
|
return EXIT_SUCCESS;
|
|
case 'h':
|
|
usage();
|
|
return EXIT_SUCCESS;
|
|
default:
|
|
return EXIT_FAILURE;
|
|
}
|
|
}
|
|
|
|
if (argc - optind > 0) {
|
|
fprintf(stderr, "Invalid command line parameters\n");
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
mainloop_init();
|
|
|
|
printf("Bluemoon configuration utility ver %s\n", VERSION);
|
|
|
|
if (check_firmware) {
|
|
analyze_firmware(check_firmware_value);
|
|
return EXIT_SUCCESS;
|
|
}
|
|
|
|
if (use_raw) {
|
|
hci_dev = bt_hci_new_raw_device(hci_index);
|
|
if (!hci_dev) {
|
|
fprintf(stderr, "Failed to open HCI raw device\n");
|
|
return EXIT_FAILURE;
|
|
}
|
|
} else {
|
|
hci_dev = bt_hci_new_user_channel(hci_index);
|
|
if (!hci_dev) {
|
|
fprintf(stderr, "Failed to open HCI user channel\n");
|
|
return EXIT_FAILURE;
|
|
}
|
|
}
|
|
|
|
bt_hci_send(hci_dev, CMD_READ_VERSION, NULL, 0,
|
|
read_version_complete, NULL, NULL);
|
|
|
|
exit_status = mainloop_run_with_signal(signal_callback, NULL);
|
|
|
|
bt_hci_unref(hci_dev);
|
|
|
|
return exit_status;
|
|
}
|