Project

General

Profile

QMI » History » Version 12

laforge, 12/25/2016 10:03 PM

1 2 laforge
{{>toc}}
2 2 laforge
3 1 laforge
h1. QMI
4 2 laforge
5 2 laforge
h2. QMI (Qualcomm MSM Interface)
6 1 laforge
7 11 laforge
This is the general term for all related messaging between processors and their software stacks on Qualcomm cellular processors.
8 11 laforge
9 11 laforge
In case of data cards / data modems, QMI is often exposed to the host PC via USB.  On Linux hosts, the open source libqmi-glib (https://www.freedesktop.org/wiki/Software/libqmi/) is often used to inplement the QMI protocols to control the cellular modem.
10 11 laforge
11 11 laforge
QMI offers various different _services_ (e.g. WDS, the wireless data service) which are exposed via the QMI protocol stack on one or many QMI _ports_.
12 11 laforge
13 11 laforge
In the context of multi-processor Qualcomm chipsets, such as the MDM9615/9x07 used in cellular modems / data cards, or also in the case of Android smartphones, QMI ports are exposed to the Linux-running application CPU core inside the chip.  There can be many different transport mechanisms, but in the case of modern integrated chips, it is primarily SMD (Shared Memory Device).
14 11 laforge
15 12 laforge
On the OE based Linux in the cellular modems, there is a proprietary QMI multiplex daemon (@qmuxd@), which acts as a proxy between the shared memory device and various userspace processes accessing QMI services.  Those client programs communicate with qmuxd over a unix-domain socket.  There are (proprietary) libraries (@libqmi.so@, @libqmi-framework.so@) that encapsulate the qmuxd and QMI communication protocols, the message encoding/decoding and state machines.
16 11 laforge
17 11 laforge
On Android phones using integrated Qualcomm chipsets, there is an Android RIL daemon that converts from RIL to QMI.
18 11 laforge
19 11 laforge
20 2 laforge
21 2 laforge
h2. IDL
22 2 laforge
23 2 laforge
* @int32_t qmi_idl_get_service_id(service_obj, service_id)@
24 2 laforge
  get service ID for a given service object
25 2 laforge
26 2 laforge
* @qmi_idl_message_decode()@
27 2 laforge
  Decode from TLV to C structure
28 2 laforge
29 2 laforge
* @qmi_idl_message_encode()@
30 2 laforge
  Encode from C structure to wire format TLV
31 2 laforge
32 2 laforge
h3. IDL Structures
33 2 laforge
34 2 laforge
Individual services are implemented in a data-driven manner by data
35 2 laforge
structures describing the type of messsages and the message TLV
36 2 laforge
structure.
37 2 laforge
38 2 laforge
In the end, a service describes itself using the master structure
39 2 laforge
qmi_idl_service_object, consisting of
40 2 laforge
* library version (0x04)
41 2 laforge
* idl version
42 2 laforge
* service ID
43 2 laforge
* maximum message length
44 2 laforge
* number of command/response/indication messges in tables
45 2 laforge
* tables describing messages (@qmi_idl_service_message_table_entry@)
46 2 laforge
* tables describing types (@qmi_idl_type_table_object@)
47 2 laforge
48 2 laforge
The data structures describing a given service are generated by an IDL
49 2 laforge
compiler.
50 2 laforge
51 3 laforge
If you have a binary libqmi* providing IDL definitions, you can use the following
52 3 laforge
commadn to extract the IDL service definitions supported:
53 3 laforge
<pre>
54 3 laforge
strings libqmi* | grep _idl_service_object | sort | uniq
55 3 laforge
</pre>
56 2 laforge
57 2 laforge
h2. CSI (Common Service Interface)
58 2 laforge
59 2 laforge
Data model (see @qmi_csi_common.h@ for more info):
60 2 laforge
61 2 laforge
* each service list has a list of active services
62 2 laforge
* each service has a table of transports associated with it
63 2 laforge
* each service also has a list of connected clients
64 2 laforge
* each client has a pointer to the transport it connected from
65 2 laforge
* each client also has a list of outstanding transactions
66 2 laforge
67 2 laforge
CSI has only a single transport on Linux, using te AF_MSM_IPC type
68 2 laforge
sockets as a basis.
69 2 laforge
70 2 laforge
71 2 laforge
h2. SAP (Service Access Proxy)
72 2 laforge
73 2 laforge
Intended to export a service off-chip using QMUX daemon.
74 2 laforge
75 2 laforge
Encodes/Decodes messages for registering services:
76 2 laforge
* register_service request/response
77 2 laforge
* deregister_service request/response
78 2 laforge
* client_connect indication
79 2 laforge
* client_disconnect indication
80 2 laforge
81 2 laforge
82 2 laforge
h2. QMUX (QMI Multiplex)
83 2 laforge
84 2 laforge
The related code can either talk directly to the shared-memory devices
85 2 laforge
on Linux and thus the hardware (see @qmi_platform_qmux_io.c@).
86 2 laforge
87 2 laforge
It can however also establish a connection via a multiplex daemon.
88 2 laforge
This connection utilizes unix domain STREAM type sockets in
89 2 laforge
/dev/socket, specifically:
90 2 laforge
* @/dev/socket/qmux_audio/qmux_{client,connect}_socket@
91 2 laforge
* @/dev/socket/qmux_bluetooth/qmux_{client,connect}_socket@
92 2 laforge
* @/dev/socket/qmux_radio/qmux_{client,connect}_socket@
93 2 laforge
* @/dev/socket/qmux_gps/qmux_{client,connect}_socket@
94 2 laforge
* @/var/qmux_{client,connect}_socket@ on non-android devices
95 2 laforge
96 2 laforge
h2. QCCI (QMI Common Client Interface)
97 2 laforge
98 2 laforge
The QCCI layer wraps QMI into the respective transport.  The
99 2 laforge
transports supported are:
100 2 laforge
101 2 laforge
* IPC router (linux kernel socket family)
102 2 laforge
* QMUXD (using qmi_qmux_... API, via unix domain sockets)
103 2 laforge
* UDP packets (base port 10000)
104 2 laforge
105 2 laforge
The CCI API is what QMI clients normally would call to initiate a
106 2 laforge
client connection to a service.  The CCI functions would then normally
107 2 laforge
be wrapped by some service specific code that wraps the IDL
108 2 laforge
definitions for message encoding/decoding and provides
109 2 laforge
service-specific API to the client.
110 2 laforge
111 2 laforge
112 2 laforge
h2. IPC (Inter Process Communications)
113 2 laforge
114 2 laforge
Qualcomm implements a socket-based inter process communication on
115 2 laforge
Linux.  It is implemented usinga new address family, @AF_MSM_IPC@ (27).
116 2 laforge
117 2 laforge
The socket is used as datagram type socket (SOCK_DGRAM).
118 2 laforge
119 2 laforge
The socket address of a related socket consists of:
120 2 laforge
121 2 laforge
* the socket family (AF_MSM_IPC)
122 2 laforge
* a @struct msm_ipc_addr@, consisting of
123 2 laforge
** a single address type byte
124 2 laforge
** a port address (node_id, port_id)
125 2 laforge
** a port name (service, instance)
126 2 laforge
127 2 laforge
h2. IRSC (IPC Router Security Control)
128 2 laforge
129 2 laforge
FIXME
130 2 laforge
131 2 laforge
h2. Shared Memory based Logging
132 2 laforge
133 2 laforge
There's a @/dev/smem_log@ which can be opened and read from.  It
134 2 laforge
supports some specific ioctl() to set binary mode.
135 2 laforge
136 2 laforge
More information in @smem_log.h@
137 2 laforge
138 2 laforge
h2. AT command implementation (QMI ATCOP service layer)
139 1 laforge
140 10 laforge
This is used by client programs to register AT command call-backs within the modems AT command interpreter.
141 1 laforge
142 10 laforge
The QMI ATCOP service layer seems to be pre-IDL, as it doesn't have the usual IDL compiler code structure.
143 10 laforge
144 10 laforge
The baseband firmware appears have a compile-time white-list of AT commands for which the AT command forwarding is permitted.  Any other commands are rejected with error 48 (invalid argument)
145 10 laforge
146 10 laforge
Qualcomm default seems to permit +CLVL, +CKPD, +CMUT, +CTSA, +CBKLT, +CFUN, +CDIS, +CRSL, +CMAR, +CSO, +CSS, +CBC, $QCPWRDN and this may be extended by  vendor-specific commands, such as +QFOTADL in the Quectel case
147 2 laforge
148 2 laforge
h3. qmi_atcop_fwd_at_urc_req()
149 2 laforge
150 2 laforge
used to send unsolicited response codes to modem
151 2 laforge
152 2 laforge
h3. qmi_atcop_fwd_at_cmd_resp()
153 2 laforge
154 6 zecke
used by client to send response to an AT command previously forwarded
155 2 laforge
to the client from the modem
156 2 laforge
157 2 laforge
h3. qmi_atcop_reg_at_command_fwd_req()
158 2 laforge
159 2 laforge
used by client to registre any AT commands that need to be forwarded
160 2 laforge
to it from the modem
161 2 laforge
162 2 laforge
h3. qmi_atcop_srvc_init_client()
163 2 laforge
164 2 laforge
intialization
165 2 laforge
166 2 laforge
h3. qmi_atcop_srvc_release_client()
167 2 laforge
168 2 laforge
cleanup
169 2 laforge
170 2 laforge
h2. QMI Services (via IDL)
171 2 laforge
172 4 laforge
See [[EC20_QMI]] and [[EC25_QMI]] for the IDLs included in the respective modem firmware
173 4 laforge
174 2 laforge
h3. Test Service
175 2 laforge
176 2 laforge
Part of qmi-framework.  IDL descriptions for
177 2 laforge
178 2 laforge
* ping req/resp
179 2 laforge
* test_ind
180 2 laforge
* data req/resp
181 2 laforge
* large_data req/resp
182 2 laforge
* data_ind_reg req/resp
183 2 laforge
* test_data_ind
184 2 laforge
* get_service_name req/resp
185 2 laforge
186 2 laforge
h3. common_v01
187 2 laforge
188 2 laforge
* get_supported_msgs req/resp
189 2 laforge
* get_supported_fields req/resp
190 2 laforge
191 2 laforge
h3. application_traffic_pairing_v01
192 2 laforge
193 2 laforge
h3. card_application_toolkit_v02
194 2 laforge
195 7 zecke
SIM/USIM toolkit related
196 2 laforge
197 2 laforge
h3. circuit_switched_video_telephony_v01
198 2 laforge
199 2 laforge
h3. coexistence_manager_v01
200 2 laforge
201 2 laforge
bt/wifi coexistance?
202 2 laforge
203 2 laforge
h3. control_service_v01
204 2 laforge
205 2 laforge
h3. data_system_determination_v01
206 2 laforge
207 2 laforge
check for availability of wlan/modem/... data bearers and set related
208 2 laforge
policy
209 2 laforge
210 2 laforge
h3. device_management_service_v01
211 2 laforge
212 2 laforge
* inquiry about device maker/model/version
213 2 laforge
* MSISDN, ICCID, IMSI, MAC address inquiry
214 2 laforge
* PIN entry/management
215 2 laforge
* locking
216 2 laforge
217 2 laforge
h3. ip_multimedia_subsystem_application_v01
218 2 laforge
219 2 laforge
h3. ip_multimedia_subsystem_dcm_v01
220 2 laforge
221 2 laforge
h3. ip_multimedia_subsystem_presence_v01
222 2 laforge
223 2 laforge
h3. ip_multimedia_subsystem_rtp_v01
224 2 laforge
225 2 laforge
h3. ip_multimedia_subsystem_settings_v01
226 2 laforge
227 2 laforge
h3. ip_multimedia_subsystem_video_telephony_v01
228 2 laforge
229 2 laforge
h3. network_access_service_common_v01
230 2 laforge
231 2 laforge
h3. network_access_service_v01
232 2 laforge
233 2 laforge
* network scan / registration
234 2 laforge
* network preference
235 2 laforge
* forbidden networks
236 2 laforge
* rf band information
237 2 laforge
* operator name
238 2 laforge
* rx diversity
239 2 laforge
240 2 laforge
h3. persistent_device_configuration_v01
241 2 laforge
242 2 laforge
h3. phonebook_manager_service_v01
243 2 laforge
244 2 laforge
h3. qmi_adc_service_v01
245 2 laforge
246 2 laforge
* ADC conversion/calibration
247 2 laforge
248 2 laforge
h3. qmi_ims_vt_v01
249 2 laforge
250 2 laforge
h3. qualcomm_mobile_access_point_msgr_v01
251 2 laforge
252 2 laforge
h3. qualcomm_mobile_access_point_v01
253 2 laforge
254 9 laforge
See [[QCMAP]]
255 9 laforge
256 2 laforge
h3. radio_frequency_radiated_performance_enhancement_v01
257 2 laforge
258 2 laforge
h3. sar_vs_service_v01
259 2 laforge
260 2 laforge
h3. specific_absorption_rate_v01
261 2 laforge
262 2 laforge
h3. user_identity_module_remote_v01
263 2 laforge
264 2 laforge
APDU forwarding of SIM/USIM to remote location?
265 2 laforge
266 2 laforge
Probably more te opposite: A way how a modem can export a CCID device
267 2 laforge
towards a PC and then map the APDUs in something that the modem can
268 2 laforge
digest?
269 2 laforge
270 2 laforge
h3. user_identity_module_v01
271 2 laforge
272 2 laforge
SIM/USIM card access
273 2 laforge
274 2 laforge
* read/write transparent / record EF
275 2 laforge
* verify / unblock / change pin
276 2 laforge
* card power up/down
277 2 laforge
* authenticate
278 2 laforge
* raw APDU
279 2 laforge
* SAP
280 2 laforge
* logicla channels
281 2 laforge
* ATR
282 2 laforge
* multi sim (slot) management
283 2 laforge
284 2 laforge
h3. voice_service_common_v02
285 2 laforge
286 2 laforge
h3. voice_service_v02
287 2 laforge
288 2 laforge
call control
289 2 laforge
290 2 laforge
h3. wireless_data_administrative_service_v01
291 8 zecke
292 2 laforge
h3. wireless_data_service_v01
293 2 laforge
294 2 laforge
cellular data
295 2 laforge
296 2 laforge
h3. wireless_messaging_service_v01
297 2 laforge
298 2 laforge
SMS-PP, SMS-CB
299 5 laforge
300 5 laforge
h2. further reading
301 5 laforge
302 5 laforge
http://www.lanedo.com/documents/Qualcomm%20Gobi%20devices%20on%20Linux.pdf
Add picture from clipboard (Maximum size: 48.8 MB)