diff options
Diffstat (limited to '2016/33c3/33c3-modems.adoc')
| -rw-r--r-- | 2016/33c3/33c3-modems.adoc | 72 |
1 files changed, 58 insertions, 14 deletions
diff --git a/2016/33c3/33c3-modems.adoc b/2016/33c3/33c3-modems.adoc index dc4070d..815ec96 100644 --- a/2016/33c3/33c3-modems.adoc +++ b/2016/33c3/33c3-modems.adoc @@ -207,35 +207,79 @@ image:images/legato_flash.png[width="80%"] // Show it is a highly complex SoC... with even more things // that are unknown.. device tree file, periperhal, etc -== MDM SW Overview +== MDM 9615 AP SW Overview image:images/gandroid_logo.png[height=200,role="gimmick_right"] -* GNU libc, busybox userland -* Android Debug Bridge (adb) -* Android Linux kernel +The software stack seems to be called *Qualcomm LE* + * Android Bootloader +* Android Linux kernel +* Android Debug Bridge (adb) +* but: GNU libc, busybox userland * Using OpenEmbedded to build images * Developed and maintained by Qualcomm +== Qualcomm Linux kernel overview + +* Qualcomm Android Linux kernel +* Huge changes compared to mainline `git diff -w | wc -l` +** `v3.0.21` in EC20: 1.5 million lines +** `v3.18.20` in EC25: 1.9 million lines +* Expected: CPU + peripheral drivers +* Less expected: +** smem_log, ipc_log, remote spinlocks, etc. +== Qualcomm Linux kernel subsystems -== Linux kernel overview +[cols="20%,80%"] +|=== +|SMD|Shared Memory Device +|IPC|Inter Processor Communications +|RMNET|Remote Network +|BAM|Bus Access Manager +|IPA|Internet Packet Accelerator +|DIAGFWD|DIAG Forwarding +|=== -* Qualcomm Android Linux kernel -* Huge changes compared to mainline -* CPU and peripheral support -* <List frameworks here> +== Qualcomm LE System Architecture + +image:images/qualcomm_le.svg[width="50%",role="gimmick_right"] + +* simplified block diagram +* USB interface fully controlled by Linux AP +** very complex Qualcomm Android USB Gadget +** some endpoints mapped to SMD queues +** other endpoints handled by _regular_ Linux +** GPS NMEA takes completely different path than AT commands, despite +both being serial ports? +** DIAG and QMI handled in more complex ways + +== DIAG in Qualcomm LE + +* DIAG interface of Modem exposed on SMD +* diagfwd distributes messages between USB, SMD and `/dev/diagchar` +* Linux userspace processes don't use syslog, but diag msg for logging via `libdiag.so` + +image:images/diag.svg[width="100%"] + +== QMI in Qualcomm LE + +every `rmnet` data device has associated QMI control + +* on your Linux PC: `qmi_wwan` and `/dev/cdc-wdm` +* on Qualcomm LE modem: `/dev/smdcntlN`, multiplexed by `qmuxd` -== ... +image:images/qmi_smd_qmuxd.svg[width="100%"] == Funny commands -* AT+QLINUXCMD, e.g. switch usb config to get adb -* AT+QFASTBOOT, switch to the bootloader -* AT+QPRINT, print dmesg -* AT for system("echo mem > /sys/power/state") +* `AT+QLINUXCMD`, e.g. switch usb config to get adb +** arbitrary shell commands executed as root on r/w rootfs! +* `AT+QFASTBOOT`, switch to the bootloader +* `AT+QPRINT`, print dmesg +* AT for `system("echo mem > /sys/power/state")` |