2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { fprintf(stderr, "SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff80;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
246 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
247 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
249 static const uint8_t sd_csd_rw_mask[16] = {
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
254 static void sd_set_csd(SDState *sd, uint32_t size)
256 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
257 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
258 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
287 static void sd_set_rca(SDState *sd)
292 #define CARD_STATUS_A 0x02004100
293 #define CARD_STATUS_B 0x00c01e00
294 #define CARD_STATUS_C 0xfd39a028
296 static void sd_set_cardstatus(SDState *sd)
298 sd->card_status = 0x00000100;
301 static void sd_set_sdstatus(SDState *sd)
303 memset(sd->sd_status, 0, 64);
306 static int sd_req_crc_validate(struct sd_request_s *req)
309 buffer[0] = 0x40 | req->cmd;
310 buffer[1] = (req->arg >> 24) & 0xff;
311 buffer[2] = (req->arg >> 16) & 0xff;
312 buffer[3] = (req->arg >> 8) & 0xff;
313 buffer[4] = (req->arg >> 0) & 0xff;
315 return sd_crc7(buffer, 5) != req->crc; /* TODO */
318 static void sd_response_r1_make(SDState *sd,
319 uint8_t *response, uint32_t last_status)
321 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
324 status = (sd->card_status & ~mask) | (last_status & mask);
325 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
327 response[0] = (status >> 24) & 0xff;
328 response[1] = (status >> 16) & 0xff;
329 response[2] = (status >> 8) & 0xff;
330 response[3] = (status >> 0) & 0xff;
333 static void sd_response_r3_make(SDState *sd, uint8_t *response)
335 response[0] = (sd->ocr >> 24) & 0xff;
336 response[1] = (sd->ocr >> 16) & 0xff;
337 response[2] = (sd->ocr >> 8) & 0xff;
338 response[3] = (sd->ocr >> 0) & 0xff;
341 static void sd_response_r6_make(SDState *sd, uint8_t *response)
347 status = ((sd->card_status >> 8) & 0xc000) |
348 ((sd->card_status >> 6) & 0x2000) |
349 (sd->card_status & 0x1fff);
351 response[0] = (arg >> 8) & 0xff;
352 response[1] = arg & 0xff;
353 response[2] = (status >> 8) & 0xff;
354 response[3] = status & 0xff;
357 static void sd_response_r7_make(SDState *sd, uint8_t *response)
359 response[0] = (sd->vhs >> 24) & 0xff;
360 response[1] = (sd->vhs >> 16) & 0xff;
361 response[2] = (sd->vhs >> 8) & 0xff;
362 response[3] = (sd->vhs >> 0) & 0xff;
365 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
370 bdrv_get_geometry(bdrv, §);
373 if (sect > 0x40000000)
374 size = 0x40000000; /* 1 gig */
378 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
380 sd->state = sd_idle_state;
385 sd_set_csd(sd, size);
386 sd_set_cardstatus(sd);
392 qemu_free(sd->wp_groups);
393 sd->wp_switch = bdrv_is_read_only(bdrv);
394 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
395 memset(sd->function_group, 0, sizeof(int) * 6);
403 static void sd_cardchange(void *opaque)
405 SDState *sd = opaque;
406 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
407 if (bdrv_is_inserted(sd->bdrv)) {
408 sd_reset(sd, sd->bdrv);
409 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
413 /* We do not model the chip select pin, so allow the board to select
414 whether card should be in SSI or MMC/SD mode. It is also up to the
415 board to ensure that ssi transfers only occur when the chip select
417 SDState *sd_init(BlockDriverState *bs, int is_spi)
421 sd = (SDState *) qemu_mallocz(sizeof(SDState));
422 sd->buf = qemu_memalign(512, 512);
426 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
430 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
432 sd->readonly_cb = readonly;
433 sd->inserted_cb = insert;
434 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
435 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
438 static void sd_erase(SDState *sd)
441 if (!sd->erase_start || !sd->erase_end) {
442 sd->card_status |= ERASE_SEQ_ERROR;
446 start = sd->erase_start >>
447 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
448 end = sd->erase_end >>
449 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
454 for (i = start; i <= end; i ++)
455 if (sd->wp_groups[i])
456 sd->card_status |= WP_ERASE_SKIP;
459 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
464 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
466 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
467 if (addr < sd->size && sd->wp_groups[wpnum])
473 static void sd_function_switch(SDState *sd, uint32_t arg)
475 int i, mode, new_func, crc;
476 mode = !!(arg & 0x80000000);
478 sd->data[0] = 0x00; /* Maximum current consumption */
480 sd->data[2] = 0x80; /* Supported group 6 functions */
482 sd->data[4] = 0x80; /* Supported group 5 functions */
484 sd->data[6] = 0x80; /* Supported group 4 functions */
486 sd->data[8] = 0x80; /* Supported group 3 functions */
488 sd->data[10] = 0x80; /* Supported group 2 functions */
490 sd->data[12] = 0x80; /* Supported group 1 functions */
492 for (i = 0; i < 6; i ++) {
493 new_func = (arg >> (i * 4)) & 0x0f;
494 if (mode && new_func != 0x0f)
495 sd->function_group[i] = new_func;
496 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
498 memset(&sd->data[17], 0, 47);
499 crc = sd_crc16(sd->data, 64);
500 sd->data[65] = crc >> 8;
501 sd->data[66] = crc & 0xff;
504 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
506 return sd->wp_groups[addr >>
507 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
510 static void sd_lock_command(SDState *sd)
512 int erase, lock, clr_pwd, set_pwd, pwd_len;
513 erase = !!(sd->data[0] & 0x08);
514 lock = sd->data[0] & 0x04;
515 clr_pwd = sd->data[0] & 0x02;
516 set_pwd = sd->data[0] & 0x01;
519 pwd_len = sd->data[1];
524 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
525 set_pwd || clr_pwd || lock || sd->wp_switch ||
526 (sd->csd[14] & 0x20)) {
527 sd->card_status |= LOCK_UNLOCK_FAILED;
530 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
531 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
532 sd->csd[14] &= ~0x10;
533 sd->card_status &= ~CARD_IS_LOCKED;
535 /* Erasing the entire card here! */
536 fprintf(stderr, "SD: Card force-erased by CMD42\n");
540 if (sd->blk_len < 2 + pwd_len ||
541 pwd_len <= sd->pwd_len ||
542 pwd_len > sd->pwd_len + 16) {
543 sd->card_status |= LOCK_UNLOCK_FAILED;
547 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
548 sd->card_status |= LOCK_UNLOCK_FAILED;
552 pwd_len -= sd->pwd_len;
553 if ((pwd_len && !set_pwd) ||
554 (clr_pwd && (set_pwd || lock)) ||
555 (lock && !sd->pwd_len && !set_pwd) ||
556 (!set_pwd && !clr_pwd &&
557 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
558 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
559 sd->card_status |= LOCK_UNLOCK_FAILED;
564 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
565 sd->pwd_len = pwd_len;
573 sd->card_status |= CARD_IS_LOCKED;
575 sd->card_status &= ~CARD_IS_LOCKED;
578 static sd_rsp_type_t sd_normal_command(SDState *sd,
579 struct sd_request_s req)
581 uint32_t rca = 0x0000;
583 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
586 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
588 /* Basic commands (Class 0 and Class 1) */
589 case 0: /* CMD0: GO_IDLE_STATE */
591 case sd_inactive_state:
592 return sd->spi ? sd_r1 : sd_r0;
595 sd->state = sd_idle_state;
596 sd_reset(sd, sd->bdrv);
597 return sd->spi ? sd_r1 : sd_r0;
601 case 1: /* CMD1: SEND_OP_CMD */
605 sd->state = sd_transfer_state;
608 case 2: /* CMD2: ALL_SEND_CID */
613 sd->state = sd_identification_state;
621 case 3: /* CMD3: SEND_RELATIVE_ADDR */
625 case sd_identification_state:
626 case sd_standby_state:
627 sd->state = sd_standby_state;
636 case 4: /* CMD4: SEND_DSR */
640 case sd_standby_state:
648 case 6: /* CMD6: SWITCH_FUNCTION */
652 case sd_data_transfer_mode:
653 sd_function_switch(sd, req.arg);
654 sd->state = sd_sendingdata_state;
664 case 7: /* CMD7: SELECT/DESELECT_CARD */
668 case sd_standby_state:
672 sd->state = sd_transfer_state;
675 case sd_transfer_state:
676 case sd_sendingdata_state:
680 sd->state = sd_standby_state;
683 case sd_disconnect_state:
687 sd->state = sd_programming_state;
690 case sd_programming_state:
694 sd->state = sd_disconnect_state;
702 case 8: /* CMD8: SEND_IF_COND */
703 /* Physical Layer Specification Version 2.00 command */
708 /* No response if not exactly one VHS bit is set. */
709 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
710 return sd->spi ? sd_r7 : sd_r0;
721 case 9: /* CMD9: SEND_CSD */
723 case sd_standby_state:
729 case sd_transfer_state:
732 sd->state = sd_sendingdata_state;
733 memcpy(sd->data, sd->csd, 16);
734 sd->data_start = req.arg;
743 case 10: /* CMD10: SEND_CID */
745 case sd_standby_state:
751 case sd_transfer_state:
754 sd->state = sd_sendingdata_state;
755 memcpy(sd->data, sd->cid, 16);
756 sd->data_start = req.arg;
765 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
769 case sd_transfer_state:
770 sd->state = sd_sendingdata_state;
771 sd->data_start = req.arg;
774 if (sd->data_start + sd->blk_len > sd->size)
775 sd->card_status |= ADDRESS_ERROR;
783 case 12: /* CMD12: STOP_TRANSMISSION */
785 case sd_sendingdata_state:
786 sd->state = sd_transfer_state;
789 case sd_receivingdata_state:
790 sd->state = sd_programming_state;
791 /* Bzzzzzzztt .... Operation complete. */
792 sd->state = sd_transfer_state;
800 case 13: /* CMD13: SEND_STATUS */
802 case sd_data_transfer_mode:
813 case 15: /* CMD15: GO_INACTIVE_STATE */
817 case sd_data_transfer_mode:
821 sd->state = sd_inactive_state;
829 /* Block read commands (Classs 2) */
830 case 16: /* CMD16: SET_BLOCKLEN */
832 case sd_transfer_state:
833 if (req.arg > (1 << HWBLOCK_SHIFT))
834 sd->card_status |= BLOCK_LEN_ERROR;
836 sd->blk_len = req.arg;
845 case 17: /* CMD17: READ_SINGLE_BLOCK */
847 case sd_transfer_state:
848 sd->state = sd_sendingdata_state;
849 sd->data_start = req.arg;
852 if (sd->data_start + sd->blk_len > sd->size)
853 sd->card_status |= ADDRESS_ERROR;
861 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
863 case sd_transfer_state:
864 sd->state = sd_sendingdata_state;
865 sd->data_start = req.arg;
868 if (sd->data_start + sd->blk_len > sd->size)
869 sd->card_status |= ADDRESS_ERROR;
877 /* Block write commands (Class 4) */
878 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
880 goto unimplemented_cmd;
882 case sd_transfer_state:
883 /* Writing in SPI mode not implemented. */
886 sd->state = sd_receivingdata_state;
887 sd->data_start = req.arg;
891 if (sd->data_start + sd->blk_len > sd->size)
892 sd->card_status |= ADDRESS_ERROR;
893 if (sd_wp_addr(sd, sd->data_start))
894 sd->card_status |= WP_VIOLATION;
895 if (sd->csd[14] & 0x30)
896 sd->card_status |= WP_VIOLATION;
904 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
906 goto unimplemented_cmd;
908 case sd_transfer_state:
909 /* Writing in SPI mode not implemented. */
912 sd->state = sd_receivingdata_state;
913 sd->data_start = req.arg;
917 if (sd->data_start + sd->blk_len > sd->size)
918 sd->card_status |= ADDRESS_ERROR;
919 if (sd_wp_addr(sd, sd->data_start))
920 sd->card_status |= WP_VIOLATION;
921 if (sd->csd[14] & 0x30)
922 sd->card_status |= WP_VIOLATION;
930 case 26: /* CMD26: PROGRAM_CID */
934 case sd_transfer_state:
935 sd->state = sd_receivingdata_state;
945 case 27: /* CMD27: PROGRAM_CSD */
947 goto unimplemented_cmd;
949 case sd_transfer_state:
950 sd->state = sd_receivingdata_state;
960 /* Write protection (Class 6) */
961 case 28: /* CMD28: SET_WRITE_PROT */
963 case sd_transfer_state:
964 if (req.arg >= sd->size) {
965 sd->card_status = ADDRESS_ERROR;
969 sd->state = sd_programming_state;
970 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
971 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
972 /* Bzzzzzzztt .... Operation complete. */
973 sd->state = sd_transfer_state;
981 case 29: /* CMD29: CLR_WRITE_PROT */
983 case sd_transfer_state:
984 if (req.arg >= sd->size) {
985 sd->card_status = ADDRESS_ERROR;
989 sd->state = sd_programming_state;
990 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
991 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
992 /* Bzzzzzzztt .... Operation complete. */
993 sd->state = sd_transfer_state;
1001 case 30: /* CMD30: SEND_WRITE_PROT */
1002 switch (sd->state) {
1003 case sd_transfer_state:
1004 sd->state = sd_sendingdata_state;
1005 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1006 sd->data_start = req.arg;
1007 sd->data_offset = 0;
1015 /* Erase commands (Class 5) */
1016 case 32: /* CMD32: ERASE_WR_BLK_START */
1017 switch (sd->state) {
1018 case sd_transfer_state:
1019 sd->erase_start = req.arg;
1027 case 33: /* CMD33: ERASE_WR_BLK_END */
1028 switch (sd->state) {
1029 case sd_transfer_state:
1030 sd->erase_end = req.arg;
1038 case 38: /* CMD38: ERASE */
1039 switch (sd->state) {
1040 case sd_transfer_state:
1041 if (sd->csd[14] & 0x30) {
1042 sd->card_status |= WP_VIOLATION;
1046 sd->state = sd_programming_state;
1048 /* Bzzzzzzztt .... Operation complete. */
1049 sd->state = sd_transfer_state;
1057 /* Lock card commands (Class 7) */
1058 case 42: /* CMD42: LOCK_UNLOCK */
1060 goto unimplemented_cmd;
1061 switch (sd->state) {
1062 case sd_transfer_state:
1063 sd->state = sd_receivingdata_state;
1065 sd->data_offset = 0;
1073 /* Application specific commands (Class 8) */
1074 case 55: /* CMD55: APP_CMD */
1078 sd->card_status |= APP_CMD;
1081 case 56: /* CMD56: GEN_CMD */
1082 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1084 switch (sd->state) {
1085 case sd_transfer_state:
1086 sd->data_offset = 0;
1088 sd->state = sd_sendingdata_state;
1090 sd->state = sd_receivingdata_state;
1100 sd->card_status |= ILLEGAL_COMMAND;
1102 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1106 /* Commands that are recognised but not yet implemented in SPI mode. */
1107 sd->card_status |= ILLEGAL_COMMAND;
1108 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1112 sd->card_status |= ILLEGAL_COMMAND;
1113 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1117 static sd_rsp_type_t sd_app_command(SDState *sd,
1118 struct sd_request_s req) {
1121 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1122 rca = req.arg >> 16;
1124 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1126 case 6: /* ACMD6: SET_BUS_WIDTH */
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->sd_status[0] &= 0x3f;
1130 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1138 case 13: /* ACMD13: SD_STATUS */
1139 switch (sd->state) {
1140 case sd_transfer_state:
1142 sd->data_offset = 0;
1150 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1151 switch (sd->state) {
1152 case sd_transfer_state:
1153 *(uint32_t *) sd->data = sd->blk_written;
1156 sd->data_offset = 0;
1164 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1165 switch (sd->state) {
1166 case sd_transfer_state:
1174 case 41: /* ACMD41: SD_APP_OP_COND */
1177 sd->state = sd_transfer_state;
1180 switch (sd->state) {
1182 /* We accept any voltage. 10000 V is nothing. */
1184 sd->state = sd_ready_state;
1193 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1194 switch (sd->state) {
1195 case sd_transfer_state:
1196 /* Bringing in the 50KOhm pull-up resistor... Done. */
1204 case 51: /* ACMD51: SEND_SCR */
1205 switch (sd->state) {
1206 case sd_transfer_state:
1207 sd->state = sd_sendingdata_state;
1209 sd->data_offset = 0;
1218 /* Fall back to standard commands. */
1219 sd->card_status &= ~APP_CMD;
1220 return sd_normal_command(sd, req);
1223 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1227 int sd_do_command(SDState *sd, struct sd_request_s *req,
1228 uint8_t *response) {
1229 uint32_t last_status = sd->card_status;
1230 sd_rsp_type_t rtype;
1233 if (!bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1237 if (sd_req_crc_validate(req)) {
1238 sd->card_status &= ~COM_CRC_ERROR;
1242 sd->card_status &= ~CARD_STATUS_B;
1245 if (last_status & CARD_IS_LOCKED)
1246 if (((last_status & APP_CMD) &&
1248 (!(last_status & APP_CMD) &&
1249 (sd_cmd_class[req->cmd] == 0 ||
1250 sd_cmd_class[req->cmd] == 7 ||
1251 req->cmd == 16 || req->cmd == 55))) {
1252 sd->card_status |= ILLEGAL_COMMAND;
1253 fprintf(stderr, "SD: Card is locked\n");
1257 if (last_status & APP_CMD) {
1258 rtype = sd_app_command(sd, *req);
1259 sd->card_status &= ~APP_CMD;
1261 rtype = sd_normal_command(sd, *req);
1263 sd->current_cmd = req->cmd;
1268 sd_response_r1_make(sd, response, last_status);
1273 memcpy(response, sd->cid, sizeof(sd->cid));
1278 memcpy(response, sd->csd, sizeof(sd->csd));
1283 sd_response_r3_make(sd, response);
1288 sd_response_r6_make(sd, response);
1293 sd_response_r7_make(sd, response);
1303 if (sd->card_status & ILLEGAL_COMMAND)
1309 DPRINTF("Response:");
1310 for (i = 0; i < rsplen; i++)
1311 printf(" %02x", response[i]);
1312 printf(" state %d\n", sd->state);
1314 DPRINTF("No response %d\n", sd->state);
1321 /* No real need for 64 bit addresses here */
1322 static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1324 uint32_t end = addr + len;
1326 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1327 fprintf(stderr, "sd_blk_read: read error on host side\n");
1331 if (end > (addr & ~511) + 512) {
1332 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1334 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1335 fprintf(stderr, "sd_blk_read: read error on host side\n");
1338 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1340 memcpy(sd->data, sd->buf + (addr & 511), len);
1343 static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1345 uint32_t end = addr + len;
1347 if ((addr & 511) || len < 512)
1348 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1349 fprintf(stderr, "sd_blk_write: read error on host side\n");
1353 if (end > (addr & ~511) + 512) {
1354 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1355 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1356 fprintf(stderr, "sd_blk_write: write error on host side\n");
1360 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1361 fprintf(stderr, "sd_blk_write: read error on host side\n");
1364 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1365 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1366 fprintf(stderr, "sd_blk_write: write error on host side\n");
1368 memcpy(sd->buf + (addr & 511), sd->data, len);
1369 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1370 fprintf(stderr, "sd_blk_write: write error on host side\n");
1374 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1375 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1376 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1377 #define APP_WRITE_BLOCK(a, len)
1379 void sd_write_data(SDState *sd, uint8_t value)
1383 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1386 if (sd->state != sd_receivingdata_state) {
1387 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1391 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1394 switch (sd->current_cmd) {
1395 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1396 sd->data[sd->data_offset ++] = value;
1397 if (sd->data_offset >= sd->blk_len) {
1398 /* TODO: Check CRC before committing */
1399 sd->state = sd_programming_state;
1400 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1402 sd->csd[14] |= 0x40;
1403 /* Bzzzzzzztt .... Operation complete. */
1404 sd->state = sd_transfer_state;
1408 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1409 sd->data[sd->data_offset ++] = value;
1410 if (sd->data_offset >= sd->blk_len) {
1411 /* TODO: Check CRC before committing */
1412 sd->state = sd_programming_state;
1413 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1415 sd->data_start += sd->blk_len;
1416 sd->data_offset = 0;
1417 if (sd->data_start + sd->blk_len > sd->size) {
1418 sd->card_status |= ADDRESS_ERROR;
1421 if (sd_wp_addr(sd, sd->data_start)) {
1422 sd->card_status |= WP_VIOLATION;
1425 sd->csd[14] |= 0x40;
1427 /* Bzzzzzzztt .... Operation complete. */
1428 sd->state = sd_receivingdata_state;
1432 case 26: /* CMD26: PROGRAM_CID */
1433 sd->data[sd->data_offset ++] = value;
1434 if (sd->data_offset >= sizeof(sd->cid)) {
1435 /* TODO: Check CRC before committing */
1436 sd->state = sd_programming_state;
1437 for (i = 0; i < sizeof(sd->cid); i ++)
1438 if ((sd->cid[i] | 0x00) != sd->data[i])
1439 sd->card_status |= CID_CSD_OVERWRITE;
1441 if (!(sd->card_status & CID_CSD_OVERWRITE))
1442 for (i = 0; i < sizeof(sd->cid); i ++) {
1444 sd->cid[i] &= sd->data[i];
1446 /* Bzzzzzzztt .... Operation complete. */
1447 sd->state = sd_transfer_state;
1451 case 27: /* CMD27: PROGRAM_CSD */
1452 sd->data[sd->data_offset ++] = value;
1453 if (sd->data_offset >= sizeof(sd->csd)) {
1454 /* TODO: Check CRC before committing */
1455 sd->state = sd_programming_state;
1456 for (i = 0; i < sizeof(sd->csd); i ++)
1457 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1458 (sd->data[i] | sd_csd_rw_mask[i]))
1459 sd->card_status |= CID_CSD_OVERWRITE;
1461 /* Copy flag (OTP) & Permanent write protect */
1462 if (sd->csd[14] & ~sd->data[14] & 0x60)
1463 sd->card_status |= CID_CSD_OVERWRITE;
1465 if (!(sd->card_status & CID_CSD_OVERWRITE))
1466 for (i = 0; i < sizeof(sd->csd); i ++) {
1467 sd->csd[i] |= sd_csd_rw_mask[i];
1468 sd->csd[i] &= sd->data[i];
1470 /* Bzzzzzzztt .... Operation complete. */
1471 sd->state = sd_transfer_state;
1475 case 42: /* CMD42: LOCK_UNLOCK */
1476 sd->data[sd->data_offset ++] = value;
1477 if (sd->data_offset >= sd->blk_len) {
1478 /* TODO: Check CRC before committing */
1479 sd->state = sd_programming_state;
1480 sd_lock_command(sd);
1481 /* Bzzzzzzztt .... Operation complete. */
1482 sd->state = sd_transfer_state;
1486 case 56: /* CMD56: GEN_CMD */
1487 sd->data[sd->data_offset ++] = value;
1488 if (sd->data_offset >= sd->blk_len) {
1489 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1490 sd->state = sd_transfer_state;
1495 fprintf(stderr, "sd_write_data: unknown command\n");
1500 uint8_t sd_read_data(SDState *sd)
1502 /* TODO: Append CRCs */
1505 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1508 if (sd->state != sd_sendingdata_state) {
1509 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1513 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1516 switch (sd->current_cmd) {
1517 case 6: /* CMD6: SWITCH_FUNCTION */
1518 ret = sd->data[sd->data_offset ++];
1520 if (sd->data_offset >= 64)
1521 sd->state = sd_transfer_state;
1524 case 9: /* CMD9: SEND_CSD */
1525 case 10: /* CMD10: SEND_CID */
1526 ret = sd->data[sd->data_offset ++];
1528 if (sd->data_offset >= 16)
1529 sd->state = sd_transfer_state;
1532 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1533 if (sd->data_offset == 0)
1534 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1535 ret = sd->data[sd->data_offset ++];
1537 if (sd->data_offset >= sd->blk_len) {
1538 sd->data_start += sd->blk_len;
1539 sd->data_offset = 0;
1540 if (sd->data_start + sd->blk_len > sd->size) {
1541 sd->card_status |= ADDRESS_ERROR;
1547 case 13: /* ACMD13: SD_STATUS */
1548 ret = sd->sd_status[sd->data_offset ++];
1550 if (sd->data_offset >= sizeof(sd->sd_status))
1551 sd->state = sd_transfer_state;
1554 case 17: /* CMD17: READ_SINGLE_BLOCK */
1555 if (sd->data_offset == 0)
1556 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1557 ret = sd->data[sd->data_offset ++];
1559 if (sd->data_offset >= sd->blk_len)
1560 sd->state = sd_transfer_state;
1563 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1564 if (sd->data_offset == 0)
1565 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1566 ret = sd->data[sd->data_offset ++];
1568 if (sd->data_offset >= sd->blk_len) {
1569 sd->data_start += sd->blk_len;
1570 sd->data_offset = 0;
1571 if (sd->data_start + sd->blk_len > sd->size) {
1572 sd->card_status |= ADDRESS_ERROR;
1578 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1579 ret = sd->data[sd->data_offset ++];
1581 if (sd->data_offset >= 4)
1582 sd->state = sd_transfer_state;
1585 case 30: /* CMD30: SEND_WRITE_PROT */
1586 ret = sd->data[sd->data_offset ++];
1588 if (sd->data_offset >= 4)
1589 sd->state = sd_transfer_state;
1592 case 51: /* ACMD51: SEND_SCR */
1593 ret = sd->scr[sd->data_offset ++];
1595 if (sd->data_offset >= sizeof(sd->scr))
1596 sd->state = sd_transfer_state;
1599 case 56: /* CMD56: GEN_CMD */
1600 if (sd->data_offset == 0)
1601 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1602 ret = sd->data[sd->data_offset ++];
1604 if (sd->data_offset >= sd->blk_len)
1605 sd->state = sd_transfer_state;
1609 fprintf(stderr, "sd_read_data: unknown command\n");
1616 int sd_data_ready(SDState *sd)
1618 return sd->state == sd_sendingdata_state;
1621 void sd_enable(SDState *sd, int enable)
1623 sd->enable = enable;
projects / qemu / blob