Version 211 - History - XMMBoot - Replicant

XMMBoot » History » Version 211

Denis 'GNUtoo' Carikli, 01/04/2022 05:27 AM
Add slavewake

-Denis 'GNUtoo'  Carikli
+h1. XMMBoot
-Denis 'GNUtoo'  Carikli
+{{toc}}
-Denis 'GNUtoo'  Carikli
+h2.  Introduction
 For both libsamsung-ipc and the Linux driver it's interesting to understand better the boot of the modem in order to come with good names for the abstraction.
-Denis 'GNUtoo'  Carikli
+h2. High level boot process
 The exact boot sequence is different on different devices:
 * On most / all the devices we need to start by powering off the modem, and the link between the SOC and the modem. This makes sure that we can reliabily boot the modem at all times.
 * Then we need to configure the hardware to put the modem in loading mode and have everything ready for loading its firmware. On some device, the link needed to load the modem needs to be configured as well.
 * Then we send the modem firmware to the modem
 * Then on some devices we need extra step (like triggering an HSIC re-enumeration) once it's done.
-Denis 'GNUtoo'  Carikli
+h2. Abstraction
 * hci_power -> link_power
-Denis 'GNUtoo'  Carikli
+TODO:
 * Find the difference between power_on and boot_power_on
 ** Look at the GPIOs and understand what they do
 ** Just read the code that use the GPIOs
 ** Diff both procedures
-Denis 'GNUtoo'  Carikli
+* Look which device has which XMM626X
 * Add XMM6210 devices too
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. GPIOs
-Denis 'GNUtoo'  Carikli
+h3. Devices GPIOs assignement and drivers
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+|_\4. Hardware |_\2. Linux |_\1. libsamsung-ipc |
 |_. Variant |_. SOC |_. Modem  |_. Link |_. GPIO usage |_. GPIO assignement |_. device driver name |
 | Galaxy Tab:
-Denis 'GNUtoo'  Carikli
+  GT-P1000 | Exynos 3310 | | RAM | | | aries |
-Denis 'GNUtoo'  Carikli
+| Galaxy S:
-Denis 'GNUtoo'  Carikli
+  GT-I9000 | Exynos 3110 | "XMM6160":https://www.wikidata.org/wiki/Q88838210#Q88838210$d5389045-4624-171a-18c5-ed1b15e1b3f5 | RAM | | | aries |
-Denis 'GNUtoo'  Carikli
+| Nexus S:
   GT-I9020
   GT-I9020A
-Denis 'GNUtoo'  Carikli
+  GT-I9023 | Exynos 3110 | | RAM | | | crespo |
-Denis 'GNUtoo'  Carikli
+| Galaxy SII:
-Denis 'GNUtoo'  Carikli
+  GT-I9100 | Exynos 4210 | XMM6260 | HSIC | "CONFIG_UMTS_MODEM_XMM6260=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9100_defconfig#n1321 | | galaxys2 |
 | Galaxy Note:
   GT-N7000 | Exynos 4210 | XMM6260 | HSIC | "CONFIG_UMTS_MODEM_XMM6260=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_n7000_defconfig#n1330 | | galaxys2 |
-Denis 'GNUtoo'  Carikli
+| Galaxy Nexus:
-Denis 'GNUtoo'  Carikli
+  GT-I9250 | OMAP 4460 | XMM6260 | MIPI | "CONFIG_UMTS_MODEM_XMM6260=y":https://git.replicant.us/replicant/kernel_samsung_tuna/tree/arch/arm/configs/tuna_defconfig#n1209
                                           "Makefile":https://git.replicant.us/replicant/kernel_samsung_tuna/tree/drivers/misc/modem_if/Makefile#n10
                                           "modem_modemctl_device_xmm6260.c":https://git.replicant.us/replicant/kernel_samsung_tuna/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6260.c | | maguro |
-Denis 'GNUtoo'  Carikli
+| Galaxy SIII:
-Denis 'GNUtoo'  Carikli
+  GT-I9300 | Exynos 4412 | XMM6262 | HSIC | "CONFIG_UMTS_MODEM_XMM6262=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n1350
-Denis 'GNUtoo'  Carikli
+"Makefile":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/Makefile#n10
 "modem_modemctl_device_xmm6262.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c | "CONFIG_SEC_MODEM_M0=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n541
 "Makefile":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/Makefile#n320
-Denis 'GNUtoo'  Carikli
+"board-m0-modems.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c
-Denis 'GNUtoo'  Carikli
+"CONFIG_MACH_M0=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n455
 "gpio-midas.h":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-midas.h#n28
-Denis 'GNUtoo'  Carikli
+"gpio-rev00-m0.h":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h | i9300 |
-Denis 'GNUtoo'  Carikli
+| Galaxy Note 8.0 GSM:
-Denis 'GNUtoo'  Carikli
+  GT-N5100 | Exynos 4412 | XMM6262 | HSIC | "CONFIG_UMTS_MODEM_XMM6262=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_n5100_defconfig#n1335 | | n5100 |
-Denis 'GNUtoo'  Carikli
+| Galaxy Note II:
-Denis 'GNUtoo'  Carikli
+  GT-N7100 | Exynos 4412 | XMM6262 | HSIC | "CONFIG_UMTS_MODEM_XMM6262=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_n7100_defconfig#n1356 | | n7100 |
-Denis 'GNUtoo'  Carikli
+| Galaxy Tab 2:
   GT-P3100
-Denis 'GNUtoo'  Carikli
+  GT-P5100 | OMAP 4430 | XMM6262 | MIPI | "CONFIG_UMTS_MODEM_XMM6262=y":https://git.replicant.us/replicant/kernel_samsung_espresso10/tree/arch/arm/configs/espresso_defconfig#n224 | | piranah |
 Denis 'GNUtoo'  Carikli
 h3. GPIOs usage
-Denis 'GNUtoo'  Carikli
+TODO: make sure to mention what applies to what device
 * Start with I9300. Assume I9300 if device is not mentioned. Mention device when not I9300
 * Add more devices and mention them
-Denis 'GNUtoo'  Carikli
+Note that we don't limit ourselves to the drivers that are in use on the devices supported by Replicant.
 As Samsung wrote drivers for the modem interfaces, and that the interface is similar across many different modems, other unused drivers and their comments also gives many hints about what the GPIOs are supposed to be used for.
-Denis 'GNUtoo'  Carikli
+|_. gpio platform data name |_. present |_. absent |_. direction |_. comments |
-Denis 'GNUtoo'  Carikli
+| "gpio_cp_on":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n237 | | | powers on the modem? in which state (PMIC?, CPU?)
-Denis 'GNUtoo'  Carikli
+                     * On GT-I9100 it's connected to the ON1 modem pin and ON2 is not connected. |
-Denis 'GNUtoo'  Carikli
+| "gpio_cp_reset":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n239| | read + write | Resets the modem CPU? PMIC?:
-Denis 'GNUtoo'  Carikli
+                        * "''check the reset timming with C2C connection''":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c#n106 : Here C2C probably means chip to chip
                         Can also read the modem CPU? and/or PMIC? reset state?
-Denis 'GNUtoo'  Carikli
+                        * "Reads from the GPIO and ''CP not ready, Active State low'' comment":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n287
                         Also used in umts_link_reconnect (todo: check firmware status) |
-Denis 'GNUtoo'  Carikli
+| "gpio_reset_req_n":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n238 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n261) | | | It seems to reset the modem. On some device with an MSM SOC (modem? AP?) in the smdk4412 kernel, it resets the modem PMIC. It can also be used to keep the modem (SOC? PMIC? CPU?) in reset mode while powered on.
-Denis 'GNUtoo'  Carikli
+It could very well be the PMIC with the GT-I9300 as we have the following sequence in "xmm6262_on":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c#n31 :
 <pre>
 	gpio_set_value(mc->gpio_reset_req_n, 0);
 	gpio_set_value(mc->gpio_cp_on, 0);
 	gpio_set_value(mc->gpio_cp_reset, 0);
 	msleep(100);
 	gpio_set_value(mc->gpio_cp_reset, 1);
 	/* If XMM6262 was connected with C2C, AP wait 50ms to BB Reset*/
 	msleep(50);
 	gpio_set_value(mc->gpio_reset_req_n, 1);
 	gpio_set_value(mc->gpio_cp_on, 1);
 	udelay(60);
 	gpio_set_value(mc->gpio_cp_on, 0);
 	msleep(20);
 </pre>
 SOCs probably need to have a very specific voltage ramp up sequences to boot (voltage ramps and so on are described in the SOC datasheets, TODO: check with a specific example).
 If that's true it would mean that the CPU has to not be off at boot but still be in some reset mode to accept a firmware?
 In that case, once everything is off, the CPU power would be turned on first, then the PMIC, then the reset line for the firmware loading (way later) |
-Denis 'GNUtoo'  Carikli
+| "gpio_pda_active":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n240| | | Tell the modem if the SOC CPUs are sleeping/active or not?
-Denis 'GNUtoo'  Carikli
+                          * "PDA == Application processor":https://android.stackexchange.com/questions/176515/what-do-the-terms-bl-ap-cp-and-csc-mean-in-odin
                           * "''PDA_ACTIVE, let cp know AP sleep'' comment in status gc1-gpio.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/gc1-gpio.c#n213
                           * "PDA_ACTIVE set to 0 right after cpu_pm_enter()":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/cpuidle-exynos4.c#n701
                           * "PDA_ACTIVE set to 1 right before cpu_pm_exit()":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/cpuidle-exynos4.c#n796
-Denis 'GNUtoo'  Carikli
+                          * GPIO direction is output on AP side and input on BP side, which is also confirmed by the "pinout table in XDA":https://forum.xda-developers.com/galaxy-s2/help/how-to-talk-to-modem-commands-t1471241/page4
                           Also indicates when the CPU is ready to process modem stuff:
                           * "set to 1 *at the end* of xmm6262_on in modem_modemctl_device_xmm6262.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c#n68
-Denis 'GNUtoo'  Carikli
+                          * The CPU can't process stuff if the HSIC link is in low power mode, "as shown in set_hsic_lpa_states in board-m0-modems.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n310 so it sets gpio_pda_active to 0 in these cases. |
-Denis 'GNUtoo'  Carikli
+| "gpio_phone_active":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n241 | | | Seem the modem counterpart of gpio_pda_active:
-Denis 'GNUtoo'  Carikli
+                            * See "umts_link_reconnect in board-m0-modems.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n341
-Denis 'GNUtoo'  Carikli
+                            * See also "mc_work in the unused modemctl.c driver":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/svnet/modemctl.c#n484 where that GPIO is used both to signal when the modem finished booting everything and is ready, and when the modem crashes or is reset
                             * "phone_active_irq_handler in modem_modemctl_device_xmm6262.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c#n139 seem to be doing exactly the same thing. |
-Denis 'GNUtoo'  Carikli
+| "gpio_cp_dump_int":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n246 | | | Maybe used for crash dump. Reference: [[AcademicPapersAndPresentations#A-walk-with-Shannon-Walkthrough-of-a-pwn2own-baseband-exploit|Presentation about exploiting XMM modems]]: The nonfree s-boot 4.0 bootloader can probably get the modem crashdump. (cp is the modem) |
-Denis 'GNUtoo'  Carikli
+| "gpio_flm_uart_sel":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | Only used for the Galaxy Nexus in libsamsung-ipc | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n242 | | Modem download mode ?
-Denis 'GNUtoo'  Carikli
+                                                                                                                                                                                         * FLM could be Firmware Load mode ?
-Denis 'GNUtoo'  Carikli
+                                                                                                                                                                                         * On several devices, that GPIO seem to be used to switch between different UART, and the PMIC seem involved too in some devices. Not sure how it switches |
-Denis 'GNUtoo'  Carikli
+| "gpio_cp_warm_reset":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n248 | | |
-Denis 'GNUtoo'  Carikli
+| gpio_revers_bias_clear | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n268 | | | |
 | gpio_revers_bias_restore | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n268 | | | |
-Denis 'GNUtoo'  Carikli
+| "gpio_sim_detect":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n251 | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n255 (GPIO_SIM_DETECT is not set)| | Detect SIM card presence ? |
-Denis 'GNUtoo'  Carikli
+| "gpio_link_enable":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n112 | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n221 | | "power management (modemlink_pm_data)":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n218 |
 | "gpio_link_active":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n112 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n222 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n257) | | | set to 0 when the (HSIC) link is in low power and to 1 when it's back, "like in set_hsic_lpa_states in board-m0-modems.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n304 , "power management (modemlink_pm_data)":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n218 |
 | "gpio_link_hostwake":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n112 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n223 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n264) | | | "power management (modemlink_pm_data)":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n218 |
-Denis 'GNUtoo'  Carikli
+| "gpio_link_slavewake":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/include/linux/platform_data/modem.h#n112 | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n224 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n263)| | | "power management (modemlink_pm_data)":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n218
 According to the code in board-m0-modems.c, it seems to be used to wakup the modem or to make it exit low power mode by triggering a rising edge but I don't know why it checks the hostwake GPIO in the code below:
 <pre>
 /* HSIC specific function */
 void set_slave_wake(void)
+{
         if (gpio_get_value(modem_link_pm_data.gpio_link_hostwake)) {
                 pr_info("[MODEM_IF]Slave Wake\n");
                 if (gpio_get_value(modem_link_pm_data.gpio_link_slavewake)) {
                         pr_info("[MODEM_IF]Slave Wake set _-\n");
                         gpio_direction_output(
                         modem_link_pm_data.gpio_link_slavewake, 0);
                         mdelay(10);
+                }
                 gpio_direction_output(
                         modem_link_pm_data.gpio_link_slavewake, 1);
+        }
+}
 [...]
 void set_hsic_lpa_states(int states)
+{
         int val = gpio_get_value(umts_modem_data.gpio_cp_reset);
         mif_trace("\n");
         if (val) {
                 switch (states) {
                 [...]
                 case STATE_HSIC_LPA_PHY_INIT:
                         gpio_set_value(umts_modem_data.gpio_pda_active, 1);
                         set_slave_wake();
                         pr_info(LOG_TAG "set hsic lpa phy init: "
                                 "slave wake-up (%d)\n",
                                 gpio_get_value(
                                         modem_link_pm_data.gpio_link_slavewake)
                                 );
                         break;
+                }
+        }
+}
 </pre> |
-Denis 'GNUtoo'  Carikli
+| gpio_ap_dump_int | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n244 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/include/mach/gpio-rev00-m0.h#n268)| | | Maybe used for crash dump. Reference: [[AcademicPapersAndPresentations#A-walk-with-Shannon-Walkthrough-of-a-pwn2own-baseband-exploit|Presentation about exploiting XMM modems]]: The nonfree s-boot 4.0 bootloader can probably get the modem crashdump. Here it would indicate that the host somehow can send crashdumps to the modem somehow? |
-Denis 'GNUtoo'  Carikli
+| gpio_sim_io_sel | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n250 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n539) | |/3. Seem to be used for some dual modem feature which is not present in any Replicant kernels (aries, crespo, espresso10, smdk4412, tuna) for Replicant 6 (or 4.2 for aries and crespo) |
 | gpio_cp_ctrl1 | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n251 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n539) | |
 | gpio_cp_ctrl2 | | "GT-I9300":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n252 ("define":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n539) | |
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h3. Libsamsung-ipc
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+|/2. ioctl / function |\8. Devices |
-Denis 'GNUtoo'  Carikli
+| GT-I9250 | GT-I9100 / GT-N7000 | GT-I9300 | GT-N5100 | GT-N7100 | GT-P3100 / GT-P5100 | Galaxy S (GT-I9000) / Galaxy Tab  | Nexus S (GT-I902x) |
 | libsamsung-ipc driver | maguro | galaxys2 | i9300 | n5100 | n7100 | piranah | aries | crespo |
-Denis 'GNUtoo'  Carikli
+| open, close, read, write
-Denis 'GNUtoo'  Carikli
+fmt/rfs
 gprs
-Denis 'GNUtoo'  Carikli
+power |\6. Yes |
-Denis 'GNUtoo'  Carikli
+| boot_power
-Denis 'GNUtoo'  Carikli
+status_online_wait | Yes |\5. No |/3\2. No |
-Denis 'GNUtoo'  Carikli
+| hci_power
-Denis 'GNUtoo'  Carikli
+link_control_active
-Denis 'GNUtoo'  Carikli
+link_connected_wait
-Denis 'GNUtoo'  Carikli
+link_get_hostwake_wait |/2. No |\4. Yes |/2. No |
-Denis 'GNUtoo'  Carikli
+| link_control_enable | Yes (ignored by Linux[4][5][6]) |\3. Yes (ignored by Linux[1][2][3]) |
-Denis 'GNUtoo'  Carikli
+| psi_send | xmm626_mipi_psi_send |\4. xmm626_hsic_psi_send | xmm626_mipi_psi_send |\2. xmm616_psi_send |
-Denis 'GNUtoo'  Carikli
+| firmware_send | xmm626_mipi_firmware_send |\4. xmm626_hsic_firmware_send | xmm626_mipi_firmware_send |\2. xmm616_firmware_send |
 | nv_data_send | xmm626_mipi_nv_data_send |\4. xmm626_hsic_nv_data_send | xmm626_mipi_nv_data_send |\2. xmm616_nv_data_send |
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+fn1. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n221
 fn2. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n218
-Denis 'GNUtoo'  Carikli
+fn3. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n136
 Denis 'GNUtoo'  Carikli
 fn4. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-u1-modems.c#n153
 fn5. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-u1-modems.c#n151
 fn6. https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-u1-modems.c#n139
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h3. libsamsung-ipc <-> kernel functions <-> gpios
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+|_. libsamsung-ipc |_\3. Kernel |
-Denis 'GNUtoo'  Carikli
+|_. Function using the ioctl |_. ioctl name |_. pointer signature |_. GPIO used | comment |
-Denis 'GNUtoo'  Carikli
+| xmm626_kernel_smdk4412_power | IOCTL_MODEM_ON
-Denis 'GNUtoo'  Carikli
+                                 IOCTL_MODEM_OFF | <pre>int (*modem_on)(struct modem_ctl*);</pre>
                                                    <pre>int (*modem_off)(struct modem_ctl*);</pre> | gpio_cp_on
-Denis 'GNUtoo'  Carikli
+                                                                                      gpio_cp_reset
                                                                                       gpio_reset_req_n
                                                                                       gpio_pda_active |
-Denis 'GNUtoo'  Carikli
+| | | | gpio_phone_active |
-Denis 'GNUtoo'  Carikli
+| | | | gpio_cp_dump_int |
-Denis 'GNUtoo'  Carikli
+| xmm626_kernel_smdk4412_boot_power | IOCTL_MODEM_BOOT_ON
-Denis 'GNUtoo'  Carikli
+                                      IOCTL_MODEM_BOOT_OFF | <pre>int (*modem_boot_on)(struct modem_ctl*);</pre>
                                                              <pre>int (*modem_boot_off)(struct modem_ctl*);</pre> | gpio_flm_uart_sel |
-Denis 'GNUtoo'  Carikli
+| | | | gpio_cp_warm_reset |
 | | | | gpio_revers_bias_clear |
 | | | | gpio_revers_bias_restore |
-Denis 'GNUtoo'  Carikli
+| | | | gpio_sim_detect |
-Denis 'GNUtoo'  Carikli
+| xmm626_kernel_smdk4412_status_online_wait | IOCTL_MODEM_STATUS | int phone_state; | gpio_cp_on
                                                                                       gpio_cp_reset
                                                                                       gpio_pda_active
                                                                                       gpio_reset_req_n
-Denis 'GNUtoo'  Carikli
+                                                                                      gpio_phone_active | int phone_state get assigned the status computed from the various GPIO states
                                                                                                           xmm626_kernel_smdk4412_status_online_wait only waits for the online status    |
-Denis 'GNUtoo'  Carikli
+| xmm626_kernel_smdk4412_link_control_enable | IOCTL_LINK_CONTROL_ENABLE | <pre>int (*link_ldo_enable)(bool);</pre> | gpio_link_enable | on i9300:
                                                                                                                                         * link_ldo_enable only returns 0 and has a comment ("Exynos HSIC V1.2 LDO was controlled by kernel")
                                                                                                                                         * gpio_link_enable is set to 0 (so it's ignored) |
 Denis 'GNUtoo'  Carikli
 h3. Glossary
-Denis 'GNUtoo'  Carikli
+Terms for the modem CPU:
-Denis 'GNUtoo'  Carikli
+* BP: Baseband processor
 * CP: Cellular? processor
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+Term for the CPU of the system on a chip running Replicant:
-Denis 'GNUtoo'  Carikli
+* AP: Application processor
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+TODO: move in its own page and point to it
-Denis 'GNUtoo'  Carikli
+LPA: Low power mode active (Related to ULPI specs only?)
 ULPI: Probably a USB PHY spec
-Denis 'GNUtoo'  Carikli
+h3. SIM card presence detection
 Denis 'GNUtoo'  Carikli
 Do we really want to check the SIM card presence?
 Would it be possible not to for privacy reasons?
 Example:
 * Boot a modem with a SIM
 * Take away the SIM card
-Denis 'GNUtoo'  Carikli
+* Go to a protest with only the SIM card and a phone with no data on it to be able to call if necessary.
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h3. TODO
 Denis 'GNUtoo'  Carikli
 * check gpio_flm_uart_sel in smdk4412 kernel too
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. Potential privacy and security issues
-Denis 'GNUtoo'  Carikli
+h3. gpio_pda_active
 From "cpuidle-exynos4.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/cpuidle-exynos4.c#n701 we have things like that:
 <pre>
 	cpu_pm_enter();
 #if defined(CONFIG_INTERNAL_MODEM_IF) || defined(CONFIG_SAMSUNG_PHONE_TTY)
 	gpio_set_value(GPIO_PDA_ACTIVE, 0);
 #endif
 	if (log_en)
 		pr_debug("+++lpa\n")
 </pre>
 and:
 <pre>
 	if (log_en)
 		pr_debug("---lpa\n");
 #if defined(CONFIG_INTERNAL_MODEM_IF) || defined(CONFIG_SAMSUNG_PHONE_TTY)
 	gpio_set_value(GPIO_PDA_ACTIVE, 1);
 #endif
 	cpu_pm_exit();
 </pre>
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+Does it means that we are telling the modem about each time we go in suspend to RAM?
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+Devices affected or not affected:
-Denis 'GNUtoo'  Carikli
+|_. Device |_. Config |
 | GT-I9300 | "# CONFIG_INTERNAL_MODEM_IF is not set":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n1373
              "# CONFIG_SAMSUNG_PHONE_TTY is not set":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n3039 |
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h3. gpio_phone_active
 From "ehci-s5p.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/usb/host/ehci-s5p.c#n129 we have things like that:
 <pre>
 #if defined(CONFIG_UMTS_MODEM_XMM6262)
 	if (pdata->get_cp_active_state && !pdata->get_cp_active_state()) {
 		s5p_ehci_port_control(pdev, CP_PORT, 0);
 		pr_err("mif: force port%d off by cp reset\n", CP_PORT);
+	}
 #endif
 </pre>
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+Does it allows the modem to trigger a re-enumeration of the HSIC bus?
 Denis 'GNUtoo'  Carikli
 Devices affected or not affected:
 |_. Device |_. Config |
-Denis 'GNUtoo'  Carikli
+| GT-I9300 | "CONFIG_UMTS_MODEM_XMM6262=y":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/configs/lineageos_i9300_defconfig#n1350
              ".gpio_phone_active = GPIO_PHONE_ACTIVE":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/board-m0-modems.c#n241 |
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. Links
-Denis 'GNUtoo'  Carikli
+* "modem_modemctl_device_xmm6262.c":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/misc/modem_if/modem_modemctl_device_xmm6262.c
-Denis 'GNUtoo'  Carikli
+* https://forum.xda-developers.com/galaxy-s2/help/how-to-talk-to-modem-commands-t1471241/page4
-Denis 'GNUtoo'  Carikli
+* http://www.arteris.com/blog/bid/59433/Interchip-Connectivity-HSIC-UniPro-HSI-C2C-LLI-oh-my
-Denis 'GNUtoo'  Carikli
+** TODO: move this link somewhere where it's more useful

Project

General

Profile

Replicant

XMMBoot » History » Version 211