2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR v1.0, SD spec v1.0/1.01 */
204 sd->scr[1] = 0x25; /* erase=0, SD security v1.01, 1bit/4bit bus width */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint32_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 static void sd_set_rca(SDState *sd)
290 #define CARD_STATUS_A 0x02004100
291 #define CARD_STATUS_B 0x00c01e00
292 #define CARD_STATUS_C 0xfd39a028
294 static void sd_set_cardstatus(SDState *sd)
296 sd->card_status = 0x00000100;
299 static void sd_set_sdstatus(SDState *sd)
301 memset(sd->sd_status, 0, 64);
304 static int sd_req_crc_validate(SDRequest *req)
307 buffer[0] = 0x40 | req->cmd;
308 buffer[1] = (req->arg >> 24) & 0xff;
309 buffer[2] = (req->arg >> 16) & 0xff;
310 buffer[3] = (req->arg >> 8) & 0xff;
311 buffer[4] = (req->arg >> 0) & 0xff;
313 return sd_crc7(buffer, 5) != req->crc; /* TODO */
316 static void sd_response_r1_make(SDState *sd,
317 uint8_t *response, uint32_t last_status)
319 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
322 status = (sd->card_status & ~mask) | (last_status & mask);
323 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
325 response[0] = (status >> 24) & 0xff;
326 response[1] = (status >> 16) & 0xff;
327 response[2] = (status >> 8) & 0xff;
328 response[3] = (status >> 0) & 0xff;
331 static void sd_response_r3_make(SDState *sd, uint8_t *response)
333 response[0] = (sd->ocr >> 24) & 0xff;
334 response[1] = (sd->ocr >> 16) & 0xff;
335 response[2] = (sd->ocr >> 8) & 0xff;
336 response[3] = (sd->ocr >> 0) & 0xff;
339 static void sd_response_r6_make(SDState *sd, uint8_t *response)
345 status = ((sd->card_status >> 8) & 0xc000) |
346 ((sd->card_status >> 6) & 0x2000) |
347 (sd->card_status & 0x1fff);
349 response[0] = (arg >> 8) & 0xff;
350 response[1] = arg & 0xff;
351 response[2] = (status >> 8) & 0xff;
352 response[3] = status & 0xff;
355 static void sd_response_r7_make(SDState *sd, uint8_t *response)
357 response[0] = (sd->vhs >> 24) & 0xff;
358 response[1] = (sd->vhs >> 16) & 0xff;
359 response[2] = (sd->vhs >> 8) & 0xff;
360 response[3] = (sd->vhs >> 0) & 0xff;
363 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
369 bdrv_get_geometry(bdrv, §);
375 if (sect > 0x40000000)
376 size = 0x40000000; /* 1 gig */
380 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
382 sd->state = sd_idle_state;
387 sd_set_csd(sd, size);
388 sd_set_cardstatus(sd);
394 qemu_free(sd->wp_groups);
395 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
396 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
397 memset(sd->function_group, 0, sizeof(int) * 6);
405 static void sd_cardchange(void *opaque)
407 SDState *sd = opaque;
408 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
409 if (bdrv_is_inserted(sd->bdrv)) {
410 sd_reset(sd, sd->bdrv);
411 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
415 static void sd_save_state(QEMUFile *f, void *opaque)
417 struct SDState *s = (struct SDState *)opaque;
419 uint32_t wpgc = (s->size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
422 filename = qemu_mallocz(1024);
423 bdrv_get_backing_filename(s->bdrv, filename, 1024);
424 qemu_put_buffer(f, (uint8_t *)filename, 1024);
427 qemu_put_sbe32(f, s->mode);
428 qemu_put_sbe32(f, s->state);
429 qemu_put_be32(f, s->ocr);
430 qemu_put_buffer(f, s->scr, sizeof(s->scr));
431 qemu_put_buffer(f, s->cid, sizeof(s->cid));
432 qemu_put_buffer(f, s->csd, sizeof(s->csd));
433 qemu_put_be16(f, s->rca);
434 qemu_put_be32(f, s->card_status);
435 qemu_put_buffer(f, s->sd_status, sizeof(s->sd_status));
436 qemu_put_be32(f, s->vhs);
437 for (i = 0; i < wpgc; i++)
438 qemu_put_sbe32(f, s->wp_groups[i]);
439 qemu_put_sbe32(f, s->blk_len);
440 qemu_put_be32(f, s->erase_start);
441 qemu_put_be32(f, s->erase_end);
442 qemu_put_buffer(f, s->pwd, sizeof(s->pwd));
443 qemu_put_sbe32(f, s->pwd_len);
444 for (i = 0; i < 6; i++)
445 qemu_put_sbe32(f, s->function_group[i]);
446 qemu_put_sbe32(f, s->current_cmd);
447 qemu_put_sbe32(f, s->blk_written);
448 qemu_put_be32(f, s->data_start);
449 qemu_put_be32(f, s->data_offset);
450 qemu_put_buffer(f, s->data, sizeof(s->data));
451 qemu_put_buffer(f, s->buf, 512);
452 qemu_put_sbe32(f, s->enable);
455 static int sd_load_state(QEMUFile *f, void *opaque, int version_id)
457 struct SDState *s = (struct SDState *)opaque;
459 uint32_t wpgc = (s->size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
460 char *filename1, *filename2;
466 filename1 = qemu_mallocz(1024);
467 filename2 = qemu_mallocz(1024);
468 bdrv_get_backing_filename(s->bdrv, filename1, 1024);
469 qemu_get_buffer(f, (uint8_t *)filename2, 1024);
470 if (!strcmp(filename1, filename2)) {
471 s->mode = qemu_get_sbe32(f);
472 s->state = qemu_get_sbe32(f);
473 s->ocr = qemu_get_be32(f);
474 qemu_get_buffer(f, s->scr, sizeof(s->scr));
475 qemu_get_buffer(f, s->cid, sizeof(s->cid));
476 qemu_get_buffer(f, s->csd, sizeof(s->csd));
477 s->rca = qemu_get_be16(f);
478 s->card_status = qemu_get_be32(f);
479 qemu_get_buffer(f, s->sd_status, sizeof(s->sd_status));
480 s->vhs = qemu_get_be32(f);
481 for (i = 0; i < wpgc; i++)
482 s->wp_groups[i] = qemu_get_sbe32(f);
483 s->blk_len = qemu_get_sbe32(f);
484 s->erase_start = qemu_get_be32(f);
485 s->erase_end = qemu_get_be32(f);
486 qemu_get_buffer(f, s->pwd, sizeof(s->pwd));
487 s->pwd_len = qemu_get_sbe32(f);
488 for (i = 0; i < 6; i++)
489 s->function_group[i] = qemu_get_sbe32(f);
490 s->current_cmd = qemu_get_sbe32(f);
491 s->blk_written = qemu_get_sbe32(f);
492 s->data_start = qemu_get_be32(f);
493 s->data_offset = qemu_get_be32(f);
494 qemu_get_buffer(f, s->data, sizeof(s->data));
495 qemu_get_buffer(f, s->buf, 512);
496 s->enable = qemu_get_sbe32(f);
504 /* We do not model the chip select pin, so allow the board to select
505 whether card should be in SSI or MMC/SD mode. It is also up to the
506 board to ensure that ssi transfers only occur when the chip select
508 SDState *sd_init(BlockDriverState *bs, int is_spi)
511 static int instance_number = 1;
513 sd = (SDState *) qemu_mallocz(sizeof(SDState));
514 sd->buf = qemu_memalign(512, 512);
519 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
521 register_savevm("sd", instance_number++, 0,
522 sd_save_state, sd_load_state, sd);
526 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
528 sd->readonly_cb = readonly;
529 sd->inserted_cb = insert;
530 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
531 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
534 static void sd_erase(SDState *sd)
537 if (!sd->erase_start || !sd->erase_end) {
538 sd->card_status |= ERASE_SEQ_ERROR;
542 start = sd->erase_start >>
543 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
544 end = sd->erase_end >>
545 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
550 for (i = start; i <= end; i ++)
551 if (sd->wp_groups[i])
552 sd->card_status |= WP_ERASE_SKIP;
555 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
560 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
562 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
563 if (addr < sd->size && sd->wp_groups[wpnum])
569 static void sd_function_switch(SDState *sd, uint32_t arg)
571 int i, mode, new_func, crc;
572 mode = !!(arg & 0x80000000);
574 sd->data[0] = 0x00; /* Maximum current consumption */
576 sd->data[2] = 0x80; /* Supported group 6 functions */
578 sd->data[4] = 0x80; /* Supported group 5 functions */
580 sd->data[6] = 0x80; /* Supported group 4 functions */
582 sd->data[8] = 0x80; /* Supported group 3 functions */
584 sd->data[10] = 0x80; /* Supported group 2 functions */
586 sd->data[12] = 0x80; /* Supported group 1 functions */
588 for (i = 0; i < 6; i ++) {
589 new_func = (arg >> (i * 4)) & 0x0f;
590 if (mode && new_func != 0x0f)
591 sd->function_group[i] = new_func;
592 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
594 memset(&sd->data[17], 0, 47);
595 crc = sd_crc16(sd->data, 64);
596 sd->data[65] = crc >> 8;
597 sd->data[66] = crc & 0xff;
600 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
602 return sd->wp_groups[addr >>
603 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
606 static void sd_lock_command(SDState *sd)
608 int erase, lock, clr_pwd, set_pwd, pwd_len;
609 erase = !!(sd->data[0] & 0x08);
610 lock = sd->data[0] & 0x04;
611 clr_pwd = sd->data[0] & 0x02;
612 set_pwd = sd->data[0] & 0x01;
615 pwd_len = sd->data[1];
620 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
621 set_pwd || clr_pwd || lock || sd->wp_switch ||
622 (sd->csd[14] & 0x20)) {
623 sd->card_status |= LOCK_UNLOCK_FAILED;
626 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
627 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
628 sd->csd[14] &= ~0x10;
629 sd->card_status &= ~CARD_IS_LOCKED;
631 /* Erasing the entire card here! */
632 fprintf(stderr, "SD: Card force-erased by CMD42\n");
636 if (sd->blk_len < 2 + pwd_len ||
637 pwd_len <= sd->pwd_len ||
638 pwd_len > sd->pwd_len + 16) {
639 sd->card_status |= LOCK_UNLOCK_FAILED;
643 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
644 sd->card_status |= LOCK_UNLOCK_FAILED;
648 pwd_len -= sd->pwd_len;
649 if ((pwd_len && !set_pwd) ||
650 (clr_pwd && (set_pwd || lock)) ||
651 (lock && !sd->pwd_len && !set_pwd) ||
652 (!set_pwd && !clr_pwd &&
653 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
654 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
655 sd->card_status |= LOCK_UNLOCK_FAILED;
660 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
661 sd->pwd_len = pwd_len;
669 sd->card_status |= CARD_IS_LOCKED;
671 sd->card_status &= ~CARD_IS_LOCKED;
674 static sd_rsp_type_t sd_normal_command(SDState *sd,
677 uint32_t rca = 0x0000;
679 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
682 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
684 /* Basic commands (Class 0 and Class 1) */
685 case 0: /* CMD0: GO_IDLE_STATE */
687 case sd_inactive_state:
688 return sd->spi ? sd_r1 : sd_r0;
691 sd->state = sd_idle_state;
692 sd_reset(sd, sd->bdrv);
693 return sd->spi ? sd_r1 : sd_r0;
697 case 1: /* CMD1: SEND_OP_CMD */
701 sd->state = sd_transfer_state;
704 case 2: /* CMD2: ALL_SEND_CID */
709 sd->state = sd_identification_state;
717 case 3: /* CMD3: SEND_RELATIVE_ADDR */
721 case sd_identification_state:
722 case sd_standby_state:
723 sd->state = sd_standby_state;
732 case 4: /* CMD4: SEND_DSR */
736 case sd_standby_state:
744 case 6: /* CMD6: SWITCH_FUNCTION */
748 case sd_data_transfer_mode:
749 sd_function_switch(sd, req.arg);
750 sd->state = sd_sendingdata_state;
760 case 7: /* CMD7: SELECT/DESELECT_CARD */
764 case sd_standby_state:
768 sd->state = sd_transfer_state;
771 case sd_transfer_state:
772 case sd_sendingdata_state:
776 sd->state = sd_standby_state;
779 case sd_disconnect_state:
783 sd->state = sd_programming_state;
786 case sd_programming_state:
790 sd->state = sd_disconnect_state;
798 case 8: /* CMD8: SEND_IF_COND */
799 /* Physical Layer Specification Version 2.00 command */
804 /* No response if not exactly one VHS bit is set. */
805 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
806 return sd->spi ? sd_r7 : sd_r0;
817 case 9: /* CMD9: SEND_CSD */
819 case sd_standby_state:
825 case sd_transfer_state:
828 sd->state = sd_sendingdata_state;
829 memcpy(sd->data, sd->csd, 16);
830 sd->data_start = req.arg;
839 case 10: /* CMD10: SEND_CID */
841 case sd_standby_state:
847 case sd_transfer_state:
850 sd->state = sd_sendingdata_state;
851 memcpy(sd->data, sd->cid, 16);
852 sd->data_start = req.arg;
861 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
865 case sd_transfer_state:
866 sd->state = sd_sendingdata_state;
867 sd->data_start = req.arg;
870 if (sd->data_start + sd->blk_len > sd->size)
871 sd->card_status |= ADDRESS_ERROR;
879 case 12: /* CMD12: STOP_TRANSMISSION */
881 case sd_sendingdata_state:
882 sd->state = sd_transfer_state;
885 case sd_receivingdata_state:
886 sd->state = sd_programming_state;
887 /* Bzzzzzzztt .... Operation complete. */
888 sd->state = sd_transfer_state;
896 case 13: /* CMD13: SEND_STATUS */
898 case sd_data_transfer_mode:
909 case 15: /* CMD15: GO_INACTIVE_STATE */
913 case sd_data_transfer_mode:
917 sd->state = sd_inactive_state;
925 /* Block read commands (Classs 2) */
926 case 16: /* CMD16: SET_BLOCKLEN */
928 case sd_transfer_state:
929 if (req.arg > (1 << HWBLOCK_SHIFT))
930 sd->card_status |= BLOCK_LEN_ERROR;
932 sd->blk_len = req.arg;
941 case 17: /* CMD17: READ_SINGLE_BLOCK */
943 case sd_transfer_state:
944 sd->state = sd_sendingdata_state;
945 sd->data_start = req.arg;
948 if (sd->data_start + sd->blk_len > sd->size)
949 sd->card_status |= ADDRESS_ERROR;
957 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
959 case sd_transfer_state:
960 sd->state = sd_sendingdata_state;
961 sd->data_start = req.arg;
964 if (sd->data_start + sd->blk_len > sd->size)
965 sd->card_status |= ADDRESS_ERROR;
973 /* Block write commands (Class 4) */
974 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
976 goto unimplemented_cmd;
978 case sd_transfer_state:
979 /* Writing in SPI mode not implemented. */
982 sd->state = sd_receivingdata_state;
983 sd->data_start = req.arg;
987 if (sd->data_start + sd->blk_len > sd->size)
988 sd->card_status |= ADDRESS_ERROR;
989 if (sd_wp_addr(sd, sd->data_start))
990 sd->card_status |= WP_VIOLATION;
991 if (sd->csd[14] & 0x30)
992 sd->card_status |= WP_VIOLATION;
1000 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1002 goto unimplemented_cmd;
1003 switch (sd->state) {
1004 case sd_transfer_state:
1005 /* Writing in SPI mode not implemented. */
1008 sd->state = sd_receivingdata_state;
1009 sd->data_start = req.arg;
1010 sd->data_offset = 0;
1011 sd->blk_written = 0;
1013 if (sd->data_start + sd->blk_len > sd->size)
1014 sd->card_status |= ADDRESS_ERROR;
1015 if (sd_wp_addr(sd, sd->data_start))
1016 sd->card_status |= WP_VIOLATION;
1017 if (sd->csd[14] & 0x30)
1018 sd->card_status |= WP_VIOLATION;
1026 case 26: /* CMD26: PROGRAM_CID */
1029 switch (sd->state) {
1030 case sd_transfer_state:
1031 sd->state = sd_receivingdata_state;
1033 sd->data_offset = 0;
1041 case 27: /* CMD27: PROGRAM_CSD */
1043 goto unimplemented_cmd;
1044 switch (sd->state) {
1045 case sd_transfer_state:
1046 sd->state = sd_receivingdata_state;
1048 sd->data_offset = 0;
1056 /* Write protection (Class 6) */
1057 case 28: /* CMD28: SET_WRITE_PROT */
1058 switch (sd->state) {
1059 case sd_transfer_state:
1060 if (req.arg >= sd->size) {
1061 sd->card_status = ADDRESS_ERROR;
1065 sd->state = sd_programming_state;
1066 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
1067 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1068 /* Bzzzzzzztt .... Operation complete. */
1069 sd->state = sd_transfer_state;
1077 case 29: /* CMD29: CLR_WRITE_PROT */
1078 switch (sd->state) {
1079 case sd_transfer_state:
1080 if (req.arg >= sd->size) {
1081 sd->card_status = ADDRESS_ERROR;
1085 sd->state = sd_programming_state;
1086 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
1087 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1088 /* Bzzzzzzztt .... Operation complete. */
1089 sd->state = sd_transfer_state;
1097 case 30: /* CMD30: SEND_WRITE_PROT */
1098 switch (sd->state) {
1099 case sd_transfer_state:
1100 sd->state = sd_sendingdata_state;
1101 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1102 sd->data_start = req.arg;
1103 sd->data_offset = 0;
1111 /* Erase commands (Class 5) */
1112 case 32: /* CMD32: ERASE_WR_BLK_START */
1113 switch (sd->state) {
1114 case sd_transfer_state:
1115 sd->erase_start = req.arg;
1123 case 33: /* CMD33: ERASE_WR_BLK_END */
1124 switch (sd->state) {
1125 case sd_transfer_state:
1126 sd->erase_end = req.arg;
1134 case 38: /* CMD38: ERASE */
1135 switch (sd->state) {
1136 case sd_transfer_state:
1137 if (sd->csd[14] & 0x30) {
1138 sd->card_status |= WP_VIOLATION;
1142 sd->state = sd_programming_state;
1144 /* Bzzzzzzztt .... Operation complete. */
1145 sd->state = sd_transfer_state;
1153 /* Lock card commands (Class 7) */
1154 case 42: /* CMD42: LOCK_UNLOCK */
1156 goto unimplemented_cmd;
1157 switch (sd->state) {
1158 case sd_transfer_state:
1159 sd->state = sd_receivingdata_state;
1161 sd->data_offset = 0;
1169 /* Application specific commands (Class 8) */
1170 case 55: /* CMD55: APP_CMD */
1174 sd->card_status |= APP_CMD;
1177 case 56: /* CMD56: GEN_CMD */
1178 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1180 switch (sd->state) {
1181 case sd_transfer_state:
1182 sd->data_offset = 0;
1184 sd->state = sd_sendingdata_state;
1186 sd->state = sd_receivingdata_state;
1196 sd->card_status |= ILLEGAL_COMMAND;
1198 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1202 /* Commands that are recognised but not yet implemented in SPI mode. */
1203 sd->card_status |= ILLEGAL_COMMAND;
1204 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1208 sd->card_status |= ILLEGAL_COMMAND;
1209 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1213 static sd_rsp_type_t sd_app_command(SDState *sd,
1217 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1218 rca = req.arg >> 16;
1220 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1222 case 6: /* ACMD6: SET_BUS_WIDTH */
1223 switch (sd->state) {
1224 case sd_transfer_state:
1225 sd->sd_status[0] &= 0x3f;
1226 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1234 case 13: /* ACMD13: SD_STATUS */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1238 sd->data_offset = 0;
1246 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1247 switch (sd->state) {
1248 case sd_transfer_state:
1249 *(uint32_t *) sd->data = sd->blk_written;
1252 sd->data_offset = 0;
1260 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1261 switch (sd->state) {
1262 case sd_transfer_state:
1270 case 41: /* ACMD41: SD_APP_OP_COND */
1273 sd->state = sd_transfer_state;
1276 switch (sd->state) {
1278 /* We accept any voltage. 10000 V is nothing. */
1280 sd->state = sd_ready_state;
1289 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1290 switch (sd->state) {
1291 case sd_transfer_state:
1292 /* Bringing in the 50KOhm pull-up resistor... Done. */
1300 case 51: /* ACMD51: SEND_SCR */
1301 switch (sd->state) {
1302 case sd_transfer_state:
1303 sd->state = sd_sendingdata_state;
1305 sd->data_offset = 0;
1314 /* Fall back to standard commands. */
1315 sd->card_status &= ~APP_CMD;
1316 return sd_normal_command(sd, req);
1319 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1323 int sd_do_command(SDState *sd, SDRequest *req,
1324 uint8_t *response) {
1325 uint32_t last_status = sd->card_status;
1326 sd_rsp_type_t rtype;
1329 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1333 if (sd_req_crc_validate(req)) {
1334 sd->card_status &= ~COM_CRC_ERROR;
1338 sd->card_status &= ~CARD_STATUS_B;
1341 if (last_status & CARD_IS_LOCKED)
1342 if (((last_status & APP_CMD) &&
1344 (!(last_status & APP_CMD) &&
1345 (sd_cmd_class[req->cmd] == 0 ||
1346 sd_cmd_class[req->cmd] == 7 ||
1347 req->cmd == 16 || req->cmd == 55))) {
1348 sd->card_status |= ILLEGAL_COMMAND;
1349 fprintf(stderr, "SD: Card is locked\n");
1353 if (last_status & APP_CMD) {
1354 rtype = sd_app_command(sd, *req);
1355 sd->card_status &= ~APP_CMD;
1357 rtype = sd_normal_command(sd, *req);
1359 sd->current_cmd = req->cmd;
1364 sd_response_r1_make(sd, response, last_status);
1369 memcpy(response, sd->cid, sizeof(sd->cid));
1374 memcpy(response, sd->csd, sizeof(sd->csd));
1379 sd_response_r3_make(sd, response);
1384 sd_response_r6_make(sd, response);
1389 sd_response_r7_make(sd, response);
1399 if (sd->card_status & ILLEGAL_COMMAND)
1405 DPRINTF("Response:");
1406 for (i = 0; i < rsplen; i++)
1407 fprintf(stderr, " %02x", response[i]);
1408 fprintf(stderr, " state %d\n", sd->state);
1410 DPRINTF("No response %d\n", sd->state);
1417 /* No real need for 64 bit addresses here */
1418 static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1420 uint32_t end = addr + len;
1422 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1423 fprintf(stderr, "sd_blk_read: read error on host side\n");
1427 if (end > (addr & ~511) + 512) {
1428 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1430 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1431 fprintf(stderr, "sd_blk_read: read error on host side\n");
1434 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1436 memcpy(sd->data, sd->buf + (addr & 511), len);
1439 static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1441 uint32_t end = addr + len;
1443 if ((addr & 511) || len < 512)
1444 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1445 fprintf(stderr, "sd_blk_write: read error on host side\n");
1449 if (end > (addr & ~511) + 512) {
1450 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1451 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1452 fprintf(stderr, "sd_blk_write: write error on host side\n");
1456 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1457 fprintf(stderr, "sd_blk_write: read error on host side\n");
1460 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1461 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1462 fprintf(stderr, "sd_blk_write: write error on host side\n");
1464 memcpy(sd->buf + (addr & 511), sd->data, len);
1465 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1466 fprintf(stderr, "sd_blk_write: write error on host side\n");
1470 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1471 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1472 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1473 #define APP_WRITE_BLOCK(a, len)
1475 void sd_write_data(SDState *sd, uint8_t value)
1479 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1482 if (sd->state != sd_receivingdata_state) {
1483 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1487 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1490 switch (sd->current_cmd) {
1491 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1492 sd->data[sd->data_offset ++] = value;
1493 if (sd->data_offset >= sd->blk_len) {
1494 /* TODO: Check CRC before committing */
1495 sd->state = sd_programming_state;
1496 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1498 sd->csd[14] |= 0x40;
1499 /* Bzzzzzzztt .... Operation complete. */
1500 sd->state = sd_transfer_state;
1504 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1505 sd->data[sd->data_offset ++] = value;
1506 if (sd->data_offset >= sd->blk_len) {
1507 /* TODO: Check CRC before committing */
1508 sd->state = sd_programming_state;
1509 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1511 sd->data_start += sd->blk_len;
1512 sd->data_offset = 0;
1513 if (sd->data_start + sd->blk_len > sd->size) {
1514 sd->card_status |= ADDRESS_ERROR;
1517 if (sd_wp_addr(sd, sd->data_start)) {
1518 sd->card_status |= WP_VIOLATION;
1521 sd->csd[14] |= 0x40;
1523 /* Bzzzzzzztt .... Operation complete. */
1524 sd->state = sd_receivingdata_state;
1528 case 26: /* CMD26: PROGRAM_CID */
1529 sd->data[sd->data_offset ++] = value;
1530 if (sd->data_offset >= sizeof(sd->cid)) {
1531 /* TODO: Check CRC before committing */
1532 sd->state = sd_programming_state;
1533 for (i = 0; i < sizeof(sd->cid); i ++)
1534 if ((sd->cid[i] | 0x00) != sd->data[i])
1535 sd->card_status |= CID_CSD_OVERWRITE;
1537 if (!(sd->card_status & CID_CSD_OVERWRITE))
1538 for (i = 0; i < sizeof(sd->cid); i ++) {
1540 sd->cid[i] &= sd->data[i];
1542 /* Bzzzzzzztt .... Operation complete. */
1543 sd->state = sd_transfer_state;
1547 case 27: /* CMD27: PROGRAM_CSD */
1548 sd->data[sd->data_offset ++] = value;
1549 if (sd->data_offset >= sizeof(sd->csd)) {
1550 /* TODO: Check CRC before committing */
1551 sd->state = sd_programming_state;
1552 for (i = 0; i < sizeof(sd->csd); i ++)
1553 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1554 (sd->data[i] | sd_csd_rw_mask[i]))
1555 sd->card_status |= CID_CSD_OVERWRITE;
1557 /* Copy flag (OTP) & Permanent write protect */
1558 if (sd->csd[14] & ~sd->data[14] & 0x60)
1559 sd->card_status |= CID_CSD_OVERWRITE;
1561 if (!(sd->card_status & CID_CSD_OVERWRITE))
1562 for (i = 0; i < sizeof(sd->csd); i ++) {
1563 sd->csd[i] |= sd_csd_rw_mask[i];
1564 sd->csd[i] &= sd->data[i];
1566 /* Bzzzzzzztt .... Operation complete. */
1567 sd->state = sd_transfer_state;
1571 case 42: /* CMD42: LOCK_UNLOCK */
1572 sd->data[sd->data_offset ++] = value;
1573 if (sd->data_offset >= sd->blk_len) {
1574 /* TODO: Check CRC before committing */
1575 sd->state = sd_programming_state;
1576 sd_lock_command(sd);
1577 /* Bzzzzzzztt .... Operation complete. */
1578 sd->state = sd_transfer_state;
1582 case 56: /* CMD56: GEN_CMD */
1583 sd->data[sd->data_offset ++] = value;
1584 if (sd->data_offset >= sd->blk_len) {
1585 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1586 sd->state = sd_transfer_state;
1591 fprintf(stderr, "sd_write_data: unknown command\n");
1596 uint8_t sd_read_data(SDState *sd)
1598 /* TODO: Append CRCs */
1601 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1604 if (sd->state != sd_sendingdata_state) {
1605 fprintf(stderr, "sd_read_data: not in Sending-Data state (state=%d)\n", sd->state);
1609 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1612 switch (sd->current_cmd) {
1613 case 6: /* CMD6: SWITCH_FUNCTION */
1614 ret = sd->data[sd->data_offset ++];
1616 if (sd->data_offset >= 64)
1617 sd->state = sd_transfer_state;
1620 case 9: /* CMD9: SEND_CSD */
1621 case 10: /* CMD10: SEND_CID */
1622 ret = sd->data[sd->data_offset ++];
1624 if (sd->data_offset >= 16)
1625 sd->state = sd_transfer_state;
1628 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1629 if (sd->data_offset == 0)
1630 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1631 ret = sd->data[sd->data_offset ++];
1633 if (sd->data_offset >= sd->blk_len) {
1634 sd->data_start += sd->blk_len;
1635 sd->data_offset = 0;
1636 if (sd->data_start + sd->blk_len > sd->size) {
1637 sd->card_status |= ADDRESS_ERROR;
1643 case 13: /* ACMD13: SD_STATUS */
1644 ret = sd->sd_status[sd->data_offset ++];
1646 if (sd->data_offset >= sizeof(sd->sd_status))
1647 sd->state = sd_transfer_state;
1650 case 17: /* CMD17: READ_SINGLE_BLOCK */
1651 if (sd->data_offset == 0)
1652 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1653 ret = sd->data[sd->data_offset ++];
1655 if (sd->data_offset >= sd->blk_len)
1656 sd->state = sd_transfer_state;
1659 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1660 if (sd->data_offset == 0)
1661 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1662 ret = sd->data[sd->data_offset ++];
1664 if (sd->data_offset >= sd->blk_len) {
1665 sd->data_start += sd->blk_len;
1666 sd->data_offset = 0;
1667 if (sd->data_start + sd->blk_len > sd->size) {
1668 sd->card_status |= ADDRESS_ERROR;
1674 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1675 ret = sd->data[sd->data_offset ++];
1677 if (sd->data_offset >= 4)
1678 sd->state = sd_transfer_state;
1681 case 30: /* CMD30: SEND_WRITE_PROT */
1682 ret = sd->data[sd->data_offset ++];
1684 if (sd->data_offset >= 4)
1685 sd->state = sd_transfer_state;
1688 case 51: /* ACMD51: SEND_SCR */
1689 ret = sd->scr[sd->data_offset ++];
1691 if (sd->data_offset >= sizeof(sd->scr))
1692 sd->state = sd_transfer_state;
1695 case 56: /* CMD56: GEN_CMD */
1696 if (sd->data_offset == 0)
1697 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1698 ret = sd->data[sd->data_offset ++];
1700 if (sd->data_offset >= sd->blk_len)
1701 sd->state = sd_transfer_state;
1705 fprintf(stderr, "sd_read_data: unknown command\n");
1712 int sd_data_ready(SDState *sd)
1714 return sd->state == sd_sendingdata_state;
1717 void sd_enable(SDState *sd, int enable)
1719 sd->enable = enable;