"original version":https://docs.google.com/document/d/1pg27qHGx-2hsx9tGCwj0l9EtJZU-viquaOKC02WRt6Y/edit# usb packet format htc - host target communications wmi - Wireless Module Interface Service Implementation TODO: Do this struct actually work? It was wronlgy configured on linux driver fw:HTC_CONNECT_SERVICE_MSG = kernel:htc_conn_svc_msg 0040 01 00 00 4c 01 88 ff ff 00 15 00 20 00 00 98 d8 ...L.... ... .... 0050 00 00 70 58 00 00 98 80 00 01 00 00 00 00 98 80 ..pX.... ........ 0060 00 01 00 00 00 00 98 80 00 01 00 00 00 00 98 80 ........ ........ 0070 00 01 00 00 00 00 98 80 00 01 00 00 00 00 98 80 ........ ........ 0080 00 01 00 00 00 00 98 80 00 01 00 00 00 00 98 80 ........ ........ 0090 00 01 00 00 .... fw: HTC_FRAME_HDR = kernel: htc_frame_hdr wmi_cmd_hdr (currently 4 byte) commad data... depends on wmi command type Incomming packet path: - vUsb_Reg_Out_patch - HTCMsgRecvHandler - WMIRecvMessageHandler registers USB base addr is ? Based on: target_firmware/magpie_fw_dev/build/magpie_1_1/sboot/hif/usb/src/usb_api.c target_firmware/magpie_fw_dev/build/magpie_1_1/inc/usb_defs.h #define ZM_MAIN_CTRL_OFFSET 0x00 #define ZM_DEVICE_ADDRESS_OFFSET 0x01 #define ZM_TEST_OFFSET 0x02 #define ZM_PHY_TEST_SELECT_OFFSET 0x08 #define ZM_VDR_SPECIFIC_MODE_OFFSET 0x0A #define ZM_CX_CONFIG_STATUS_OFFSET 0x0B #define ZM_EP0_DATA1_OFFSET 0x0C #define ZM_EP0_DATA2_OFFSET 0x0D #define ZM_EP0_DATA_OFFSET 0x0C #define ZM_INTR_MASK_BYTE_0_OFFSET 0x11 #define ZM_INTR_MASK_BYTE_1_OFFSET 0x12 #define ZM_INTR_MASK_BYTE_2_OFFSET 0x13 #define ZM_INTR_MASK_BYTE_3_OFFSET 0x14 #define ZM_INTR_MASK_BYTE_4_OFFSET 0x15 #define ZM_INTR_MASK_BYTE_5_OFFSET 0x16 #define ZM_INTR_MASK_BYTE_6_OFFSET 0x17 #define ZM_INTR_MASK_BYTE_7_OFFSET 0x18 #define ZM_INTR_GROUP_OFFSET 0x20 #define ZM_INTR_SOURCE_0_OFFSET 0x21 #define ZM_INTR_SOURCE_1_OFFSET 0x22 #define ZM_INTR_SOURCE_2_OFFSET 0x23 #define ZM_INTR_SOURCE_3_OFFSET 0x24 #define ZM_INTR_SOURCE_4_OFFSET 0x25 #define ZM_INTR_SOURCE_5_OFFSET 0x26 #define ZM_INTR_SOURCE_6_OFFSET 0x27 #define ZM_INTR_SOURCE_7_OFFSET 0x28 #define ZM_EP_IN_MAX_SIZE_HIGH_OFFSET 0x3F #define ZM_EP_IN_MAX_SIZE_LOW_OFFSET 0x3E #define ZM_EP_OUT_MAX_SIZE_HIGH_OFFSET 0x5F #define ZM_EP_OUT_MAX_SIZE_LOW_OFFSET 0x5E #define ZM_EP3_BYTE_COUNT_HIGH_OFFSET 0xAE BIT3 - 1 xfer done? comments: after sending data from target to host, set BIT3 #define ZM_EP3_BYTE_COUNT_LOW_OFFSET 0xBE #define ZM_EP4_BYTE_COUNT_HIGH_OFFSET 0xAF BIT4 - 1 - reset fifo; 0 - disable reset? comments: probably compatible with #define ZM_EP4_BYTE_COUNT_LOW_OFFSET 0xBF size of data in fifo buffer #define ZM_EP3_DATA_OFFSET 0xF8 #define ZM_EP4_DATA_OFFSET 0xFC #define ZM_SOC_USB_MODE_CTRL_OFFSET 0x108 BIT10 - 1 - enable MP (EP6) downstream stream mode BIT9 - 1 - enable MP (EP6) downstream DMA mode BIT8 - 1 - enable HP (EP5) downstream DMA mode BIT7 - 1 - enable HP (EP5) downstream stream mode BIT6 - 1 - enable LP downstream stream mode BIT5 - define the host dma buffer size - 4096(00) 8192 (01) 16384(10) 32768(11) bytes BIT4 - ^ BIT3 - 0 - enable upstream stream mode: 1 - enable upstream packed mode; BIT2 - 0 - Set into 64 byte mode (full speed) 1 - Set into 512 byte mode (usb highspeed) BIT1 - 0 - disable upstream dma mode; 1 - enable upstream dma mode BIT0 - 0 - disable LP down stream dma mode; 1 - eanble LP down stream dma mode comments: ryan: 04/01: bit0 could disable lpdn dma, which is good at debugging while async_fifo have problem, we could disable this and check the fifo_rcv_size to see if we have correct at fifo or not LP - lo priotiry; MP - middle priority; HP - High priority; #define ZM_SOC_USB_MAX_AGGREGATE_OFFSET 0x110 set stream mode packet buffer critirea 0x0 = disable stream mode or 1 packet. So 0x9 is 10 packets? #define ZM_SOC_USB_TIME_CTRL_OFFSET 0x114 set stream mode timeout critirea. the unit is 32 USB (30Mhz) clock cycles.