Project

General

Profile

QMI » History » Version 10

laforge, 12/25/2016 09:54 PM

1 2 laforge
{{>toc}}
2 2 laforge
3 1 laforge
h1. QMI
4 2 laforge
5 2 laforge
6 2 laforge
h2. QMI (Qualcomm MSM Interface)
7 2 laforge
8 2 laforge
This is the general term for all related messaging between processors
9 2 laforge
and their software stacks on Qualcomm cellular processors.
10 2 laforge
11 2 laforge
h2. IDL
12 2 laforge
13 2 laforge
* @int32_t qmi_idl_get_service_id(service_obj, service_id)@
14 2 laforge
  get service ID for a given service object
15 2 laforge
16 2 laforge
* @qmi_idl_message_decode()@
17 2 laforge
  Decode from TLV to C structure
18 2 laforge
19 2 laforge
* @qmi_idl_message_encode()@
20 2 laforge
  Encode from C structure to wire format TLV
21 2 laforge
22 2 laforge
h3. IDL Structures
23 2 laforge
24 2 laforge
Individual services are implemented in a data-driven manner by data
25 2 laforge
structures describing the type of messsages and the message TLV
26 2 laforge
structure.
27 2 laforge
28 2 laforge
In the end, a service describes itself using the master structure
29 2 laforge
qmi_idl_service_object, consisting of
30 2 laforge
* library version (0x04)
31 2 laforge
* idl version
32 2 laforge
* service ID
33 2 laforge
* maximum message length
34 2 laforge
* number of command/response/indication messges in tables
35 2 laforge
* tables describing messages (@qmi_idl_service_message_table_entry@)
36 2 laforge
* tables describing types (@qmi_idl_type_table_object@)
37 2 laforge
38 2 laforge
The data structures describing a given service are generated by an IDL
39 2 laforge
compiler.
40 2 laforge
41 3 laforge
If you have a binary libqmi* providing IDL definitions, you can use the following
42 3 laforge
commadn to extract the IDL service definitions supported:
43 3 laforge
<pre>
44 3 laforge
strings libqmi* | grep _idl_service_object | sort | uniq
45 3 laforge
</pre>
46 2 laforge
47 2 laforge
h2. CSI (Common Service Interface)
48 2 laforge
49 2 laforge
Data model (see @qmi_csi_common.h@ for more info):
50 2 laforge
51 2 laforge
* each service list has a list of active services
52 2 laforge
* each service has a table of transports associated with it
53 2 laforge
* each service also has a list of connected clients
54 2 laforge
* each client has a pointer to the transport it connected from
55 2 laforge
* each client also has a list of outstanding transactions
56 2 laforge
57 2 laforge
CSI has only a single transport on Linux, using te AF_MSM_IPC type
58 2 laforge
sockets as a basis.
59 2 laforge
60 2 laforge
61 2 laforge
h2. SAP (Service Access Proxy)
62 2 laforge
63 2 laforge
Intended to export a service off-chip using QMUX daemon.
64 2 laforge
65 2 laforge
Encodes/Decodes messages for registering services:
66 2 laforge
* register_service request/response
67 2 laforge
* deregister_service request/response
68 2 laforge
* client_connect indication
69 2 laforge
* client_disconnect indication
70 2 laforge
71 2 laforge
72 2 laforge
h2. QMUX (QMI Multiplex)
73 2 laforge
74 2 laforge
The related code can either talk directly to the shared-memory devices
75 2 laforge
on Linux and thus the hardware (see @qmi_platform_qmux_io.c@).
76 2 laforge
77 2 laforge
It can however also establish a connection via a multiplex daemon.
78 2 laforge
This connection utilizes unix domain STREAM type sockets in
79 2 laforge
/dev/socket, specifically:
80 2 laforge
* @/dev/socket/qmux_audio/qmux_{client,connect}_socket@
81 2 laforge
* @/dev/socket/qmux_bluetooth/qmux_{client,connect}_socket@
82 2 laforge
* @/dev/socket/qmux_radio/qmux_{client,connect}_socket@
83 2 laforge
* @/dev/socket/qmux_gps/qmux_{client,connect}_socket@
84 2 laforge
* @/var/qmux_{client,connect}_socket@ on non-android devices
85 2 laforge
86 2 laforge
h2. QCCI (QMI Common Client Interface)
87 2 laforge
88 2 laforge
The QCCI layer wraps QMI into the respective transport.  The
89 2 laforge
transports supported are:
90 2 laforge
91 2 laforge
* IPC router (linux kernel socket family)
92 2 laforge
* QMUXD (using qmi_qmux_... API, via unix domain sockets)
93 2 laforge
* UDP packets (base port 10000)
94 2 laforge
95 2 laforge
The CCI API is what QMI clients normally would call to initiate a
96 2 laforge
client connection to a service.  The CCI functions would then normally
97 2 laforge
be wrapped by some service specific code that wraps the IDL
98 2 laforge
definitions for message encoding/decoding and provides
99 2 laforge
service-specific API to the client.
100 2 laforge
101 2 laforge
102 2 laforge
h2. IPC (Inter Process Communications)
103 2 laforge
104 2 laforge
Qualcomm implements a socket-based inter process communication on
105 2 laforge
Linux.  It is implemented usinga new address family, @AF_MSM_IPC@ (27).
106 2 laforge
107 2 laforge
The socket is used as datagram type socket (SOCK_DGRAM).
108 2 laforge
109 2 laforge
The socket address of a related socket consists of:
110 2 laforge
111 2 laforge
* the socket family (AF_MSM_IPC)
112 2 laforge
* a @struct msm_ipc_addr@, consisting of
113 2 laforge
** a single address type byte
114 2 laforge
** a port address (node_id, port_id)
115 2 laforge
** a port name (service, instance)
116 2 laforge
117 2 laforge
h2. IRSC (IPC Router Security Control)
118 2 laforge
119 2 laforge
FIXME
120 2 laforge
121 2 laforge
h2. Shared Memory based Logging
122 2 laforge
123 2 laforge
There's a @/dev/smem_log@ which can be opened and read from.  It
124 2 laforge
supports some specific ioctl() to set binary mode.
125 2 laforge
126 2 laforge
More information in @smem_log.h@
127 2 laforge
128 2 laforge
h2. AT command implementation (QMI ATCOP service layer)
129 1 laforge
130 10 laforge
This is used by client programs to register AT command call-backs within the modems AT command interpreter.
131 1 laforge
132 10 laforge
The QMI ATCOP service layer seems to be pre-IDL, as it doesn't have the usual IDL compiler code structure.
133 10 laforge
134 10 laforge
The baseband firmware appears have a compile-time white-list of AT commands for which the AT command forwarding is permitted.  Any other commands are rejected with error 48 (invalid argument)
135 10 laforge
136 10 laforge
Qualcomm default seems to permit +CLVL, +CKPD, +CMUT, +CTSA, +CBKLT, +CFUN, +CDIS, +CRSL, +CMAR, +CSO, +CSS, +CBC, $QCPWRDN and this may be extended by  vendor-specific commands, such as +QFOTADL in the Quectel case
137 2 laforge
138 2 laforge
h3. qmi_atcop_fwd_at_urc_req()
139 2 laforge
140 2 laforge
used to send unsolicited response codes to modem
141 2 laforge
142 2 laforge
h3. qmi_atcop_fwd_at_cmd_resp()
143 2 laforge
144 6 zecke
used by client to send response to an AT command previously forwarded
145 2 laforge
to the client from the modem
146 2 laforge
147 2 laforge
h3. qmi_atcop_reg_at_command_fwd_req()
148 2 laforge
149 2 laforge
used by client to registre any AT commands that need to be forwarded
150 2 laforge
to it from the modem
151 2 laforge
152 2 laforge
h3. qmi_atcop_srvc_init_client()
153 2 laforge
154 2 laforge
intialization
155 2 laforge
156 2 laforge
h3. qmi_atcop_srvc_release_client()
157 2 laforge
158 2 laforge
cleanup
159 2 laforge
160 2 laforge
h2. QMI Services (via IDL)
161 2 laforge
162 4 laforge
See [[EC20_QMI]] and [[EC25_QMI]] for the IDLs included in the respective modem firmware
163 4 laforge
164 2 laforge
h3. Test Service
165 2 laforge
166 2 laforge
Part of qmi-framework.  IDL descriptions for
167 2 laforge
168 2 laforge
* ping req/resp
169 2 laforge
* test_ind
170 2 laforge
* data req/resp
171 2 laforge
* large_data req/resp
172 2 laforge
* data_ind_reg req/resp
173 2 laforge
* test_data_ind
174 2 laforge
* get_service_name req/resp
175 2 laforge
176 2 laforge
h3. common_v01
177 2 laforge
178 2 laforge
* get_supported_msgs req/resp
179 2 laforge
* get_supported_fields req/resp
180 2 laforge
181 2 laforge
h3. application_traffic_pairing_v01
182 2 laforge
183 2 laforge
h3. card_application_toolkit_v02
184 2 laforge
185 7 zecke
SIM/USIM toolkit related
186 2 laforge
187 2 laforge
h3. circuit_switched_video_telephony_v01
188 2 laforge
189 2 laforge
h3. coexistence_manager_v01
190 2 laforge
191 2 laforge
bt/wifi coexistance?
192 2 laforge
193 2 laforge
h3. control_service_v01
194 2 laforge
195 2 laforge
h3. data_system_determination_v01
196 2 laforge
197 2 laforge
check for availability of wlan/modem/... data bearers and set related
198 2 laforge
policy
199 2 laforge
200 2 laforge
h3. device_management_service_v01
201 2 laforge
202 2 laforge
* inquiry about device maker/model/version
203 2 laforge
* MSISDN, ICCID, IMSI, MAC address inquiry
204 2 laforge
* PIN entry/management
205 2 laforge
* locking
206 2 laforge
207 2 laforge
h3. ip_multimedia_subsystem_application_v01
208 2 laforge
209 2 laforge
h3. ip_multimedia_subsystem_dcm_v01
210 2 laforge
211 2 laforge
h3. ip_multimedia_subsystem_presence_v01
212 2 laforge
213 2 laforge
h3. ip_multimedia_subsystem_rtp_v01
214 2 laforge
215 2 laforge
h3. ip_multimedia_subsystem_settings_v01
216 2 laforge
217 2 laforge
h3. ip_multimedia_subsystem_video_telephony_v01
218 2 laforge
219 2 laforge
h3. network_access_service_common_v01
220 2 laforge
221 2 laforge
h3. network_access_service_v01
222 2 laforge
223 2 laforge
* network scan / registration
224 2 laforge
* network preference
225 2 laforge
* forbidden networks
226 2 laforge
* rf band information
227 2 laforge
* operator name
228 2 laforge
* rx diversity
229 2 laforge
230 2 laforge
h3. persistent_device_configuration_v01
231 2 laforge
232 2 laforge
h3. phonebook_manager_service_v01
233 2 laforge
234 2 laforge
h3. qmi_adc_service_v01
235 2 laforge
236 2 laforge
* ADC conversion/calibration
237 2 laforge
238 2 laforge
h3. qmi_ims_vt_v01
239 2 laforge
240 2 laforge
h3. qualcomm_mobile_access_point_msgr_v01
241 2 laforge
242 2 laforge
h3. qualcomm_mobile_access_point_v01
243 2 laforge
244 9 laforge
See [[QCMAP]]
245 9 laforge
246 2 laforge
h3. radio_frequency_radiated_performance_enhancement_v01
247 2 laforge
248 2 laforge
h3. sar_vs_service_v01
249 2 laforge
250 2 laforge
h3. specific_absorption_rate_v01
251 2 laforge
252 2 laforge
h3. user_identity_module_remote_v01
253 2 laforge
254 2 laforge
APDU forwarding of SIM/USIM to remote location?
255 2 laforge
256 2 laforge
Probably more te opposite: A way how a modem can export a CCID device
257 2 laforge
towards a PC and then map the APDUs in something that the modem can
258 2 laforge
digest?
259 2 laforge
260 2 laforge
h3. user_identity_module_v01
261 2 laforge
262 2 laforge
SIM/USIM card access
263 2 laforge
264 2 laforge
* read/write transparent / record EF
265 2 laforge
* verify / unblock / change pin
266 2 laforge
* card power up/down
267 2 laforge
* authenticate
268 2 laforge
* raw APDU
269 2 laforge
* SAP
270 2 laforge
* logicla channels
271 2 laforge
* ATR
272 2 laforge
* multi sim (slot) management
273 2 laforge
274 2 laforge
h3. voice_service_common_v02
275 2 laforge
276 2 laforge
h3. voice_service_v02
277 2 laforge
278 2 laforge
call control
279 2 laforge
280 2 laforge
h3. wireless_data_administrative_service_v01
281 8 zecke
282 2 laforge
h3. wireless_data_service_v01
283 2 laforge
284 2 laforge
cellular data
285 2 laforge
286 2 laforge
h3. wireless_messaging_service_v01
287 2 laforge
288 2 laforge
SMS-PP, SMS-CB
289 5 laforge
290 5 laforge
h2. further reading
291 5 laforge
292 5 laforge
http://www.lanedo.com/documents/Qualcomm%20Gobi%20devices%20on%20Linux.pdf
Add picture from clipboard (Maximum size: 48.8 MB)