2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #define DPRINTF(fmt, args...) \
38 do { printf("SD: " fmt , ##args); } while (0)
40 #define DPRINTF(fmt, args...) do {} while(0)
44 sd_r0 = 0, /* no response */
45 sd_r1, /* normal response command */
46 sd_r2_i, /* CID register */
47 sd_r2_s, /* CSD register */
48 sd_r3, /* OCR register */
49 sd_r6 = 6, /* Published RCA response */
56 sd_card_identification_mode,
57 sd_data_transfer_mode,
60 sd_inactive_state = -1,
63 sd_identification_state,
67 sd_receivingdata_state,
77 uint8_t sd_status[64];
86 int function_group[6];
93 void (*readonly_cb)(void *, int);
94 void (*inserted_cb)(void *, int);
96 BlockDriverState *bdrv;
99 static void sd_set_status(SDState *sd)
102 case sd_inactive_state:
103 sd->mode = sd_inactive;
108 case sd_identification_state:
109 sd->mode = sd_card_identification_mode;
112 case sd_standby_state:
113 case sd_transfer_state:
114 case sd_sendingdata_state:
115 case sd_receivingdata_state:
116 case sd_programming_state:
117 case sd_disconnect_state:
118 sd->mode = sd_data_transfer_mode;
122 sd->card_status &= ~CURRENT_STATE;
123 sd->card_status |= sd->state << 9;
126 const sd_cmd_type_t sd_cmd_type[64] = {
127 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
128 sd_none, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
129 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
130 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
131 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
132 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
133 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
134 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
137 const sd_cmd_type_t sd_acmd_type[64] = {
138 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
144 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
148 static const int sd_cmd_class[64] = {
149 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
150 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
151 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
152 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
155 static uint8_t sd_crc7(void *message, size_t width)
158 uint8_t shift_reg = 0x00;
159 uint8_t *msg = (uint8_t *) message;
161 for (i = 0; i < width; i ++, msg ++)
162 for (bit = 7; bit >= 0; bit --) {
164 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 static uint16_t sd_crc16(void *message, size_t width)
174 uint16_t shift_reg = 0x0000;
175 uint16_t *msg = (uint16_t *) message;
178 for (i = 0; i < width; i ++, msg ++)
179 for (bit = 15; bit >= 0; bit --) {
181 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 static void sd_set_ocr(SDState *sd)
190 sd->ocr = 0x80fffff0;
193 static void sd_set_scr(SDState *sd)
195 sd->scr[0] = 0x00; /* SCR Structure */
196 sd->scr[1] = 0x2f; /* SD Security Support */
212 static void sd_set_cid(SDState *sd)
214 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
215 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
217 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
222 sd->cid[8] = PRV; /* Fake product revision (PRV) */
223 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
227 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
228 ((MDT_YR - 2000) / 10);
229 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
230 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
233 #define HWBLOCK_SHIFT 9 /* 512 bytes */
234 #define SECTOR_SHIFT 5 /* 16 kilobytes */
235 #define WPGROUP_SHIFT 7 /* 2 megs */
236 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
237 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
238 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
239 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
241 static const uint8_t sd_csd_rw_mask[16] = {
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
243 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
246 static void sd_set_csd(SDState *sd, uint32_t size)
248 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
249 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
250 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
252 sd->csd[0] = 0x00; /* CSD structure */
253 sd->csd[1] = 0x26; /* Data read access-time-1 */
254 sd->csd[2] = 0x00; /* Data read access-time-2 */
255 sd->csd[3] = 0x5a; /* Max. data transfer rate */
256 sd->csd[4] = 0x5f; /* Card Command Classes */
257 sd->csd[5] = 0x50 | /* Max. read data block length */
259 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
260 ((csize >> 10) & 0x03);
261 sd->csd[7] = 0x00 | /* Device size */
262 ((csize >> 2) & 0xff);
263 sd->csd[8] = 0x3f | /* Max. read current */
264 ((csize << 6) & 0xc0);
265 sd->csd[9] = 0xfc | /* Max. write current */
266 ((CMULT_SHIFT - 2) >> 1);
267 sd->csd[10] = 0x40 | /* Erase sector size */
268 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
269 sd->csd[11] = 0x00 | /* Write protect group size */
270 ((sectsize << 7) & 0x80) | wpsize;
271 sd->csd[12] = 0x90 | /* Write speed factor */
272 (HWBLOCK_SHIFT >> 2);
273 sd->csd[13] = 0x20 | /* Max. write data block length */
274 ((HWBLOCK_SHIFT << 6) & 0xc0);
275 sd->csd[14] = 0x00; /* File format group */
276 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
279 static void sd_set_rca(SDState *sd)
284 #define CARD_STATUS_A 0x02004100
285 #define CARD_STATUS_B 0x00c01e00
286 #define CARD_STATUS_C 0xfd39a028
288 static void sd_set_cardstatus(SDState *sd)
290 sd->card_status = 0x00000100;
293 static void sd_set_sdstatus(SDState *sd)
295 memset(sd->sd_status, 0, 64);
298 static int sd_req_crc_validate(struct sd_request_s *req)
301 buffer[0] = 0x40 | req->cmd;
302 buffer[1] = (req->arg >> 24) & 0xff;
303 buffer[2] = (req->arg >> 16) & 0xff;
304 buffer[3] = (req->arg >> 8) & 0xff;
305 buffer[4] = (req->arg >> 0) & 0xff;
307 return sd_crc7(buffer, 5) != req->crc; /* TODO */
310 void sd_response_r1_make(SDState *sd,
311 uint8_t *response, uint32_t last_status)
313 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
316 status = (sd->card_status & ~mask) | (last_status & mask);
317 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
319 response[0] = (status >> 24) & 0xff;
320 response[1] = (status >> 16) & 0xff;
321 response[2] = (status >> 8) & 0xff;
322 response[3] = (status >> 0) & 0xff;
325 void sd_response_r3_make(SDState *sd, uint8_t *response)
327 response[0] = (sd->ocr >> 24) & 0xff;
328 response[1] = (sd->ocr >> 16) & 0xff;
329 response[2] = (sd->ocr >> 8) & 0xff;
330 response[3] = (sd->ocr >> 0) & 0xff;
333 void sd_response_r6_make(SDState *sd, uint8_t *response)
339 status = ((sd->card_status >> 8) & 0xc000) |
340 ((sd->card_status >> 6) & 0x2000) |
341 (sd->card_status & 0x1fff);
343 response[0] = (arg >> 8) & 0xff;
344 response[1] = arg & 0xff;
345 response[2] = (status >> 8) & 0xff;
346 response[3] = status & 0xff;
349 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
354 bdrv_get_geometry(bdrv, §);
357 if (sect > 0x40000000)
358 size = 0x40000000; /* 1 gig */
362 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
364 sd->state = sd_idle_state;
369 sd_set_csd(sd, size);
370 sd_set_cardstatus(sd);
375 sd->wp_switch = bdrv_is_read_only(bdrv);
376 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
377 memset(sd->wp_groups, 0, sizeof(int) * sect);
378 memset(sd->function_group, 0, sizeof(int) * 6);
386 static void sd_cardchange(void *opaque)
388 SDState *sd = opaque;
390 sd->inserted_cb(sd->opaque, bdrv_is_inserted(sd->bdrv));
391 if (bdrv_is_inserted(sd->bdrv)) {
392 sd_reset(sd, sd->bdrv);
394 sd->readonly_cb(sd->opaque, sd->wp_switch);
398 SDState *sd_init(BlockDriverState *bs)
402 sd = (SDState *) qemu_mallocz(sizeof(SDState));
407 void sd_set_cb(SDState *sd, void *opaque,
408 void (*readonly_cb)(void *, int),
409 void (*inserted_cb)(void *, int))
412 sd->readonly_cb = readonly_cb;
413 sd->inserted_cb = inserted_cb;
415 sd->readonly_cb(sd->opaque, bdrv_is_read_only(sd->bdrv));
417 sd->inserted_cb(sd->opaque, bdrv_is_inserted(sd->bdrv));
418 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
421 static void sd_erase(SDState *sd)
424 if (!sd->erase_start || !sd->erase_end) {
425 sd->card_status |= ERASE_SEQ_ERROR;
429 start = sd->erase_start >>
430 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
431 end = sd->erase_end >>
432 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
437 for (i = start; i <= end; i ++)
438 if (sd->wp_groups[i])
439 sd->card_status |= WP_ERASE_SKIP;
442 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
447 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
449 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
450 if (addr < sd->size && sd->wp_groups[wpnum])
456 static void sd_function_switch(SDState *sd, uint32_t arg)
458 int i, mode, new_func, crc;
459 mode = !!(arg & 0x80000000);
461 sd->data[0] = 0x00; /* Maximum current consumption */
463 sd->data[2] = 0x80; /* Supported group 6 functions */
465 sd->data[4] = 0x80; /* Supported group 5 functions */
467 sd->data[6] = 0x80; /* Supported group 4 functions */
469 sd->data[8] = 0x80; /* Supported group 3 functions */
471 sd->data[10] = 0x80; /* Supported group 2 functions */
473 sd->data[12] = 0x80; /* Supported group 1 functions */
475 for (i = 0; i < 6; i ++) {
476 new_func = (arg >> (i * 4)) & 0x0f;
477 if (mode && new_func != 0x0f)
478 sd->function_group[i] = new_func;
479 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
481 memset(&sd->data[17], 0, 47);
482 crc = sd_crc16(sd->data, 64);
483 sd->data[65] = crc >> 8;
484 sd->data[66] = crc & 0xff;
487 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
489 return sd->wp_groups[addr >>
490 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
493 static void sd_lock_command(SDState *sd)
495 int erase, lock, clr_pwd, set_pwd, pwd_len;
496 erase = !!(sd->data[0] & 0x08);
497 lock = sd->data[0] & 0x04;
498 clr_pwd = sd->data[0] & 0x02;
499 set_pwd = sd->data[0] & 0x01;
502 pwd_len = sd->data[1];
507 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
508 set_pwd || clr_pwd || lock || sd->wp_switch ||
509 (sd->csd[14] & 0x20)) {
510 sd->card_status |= LOCK_UNLOCK_FAILED;
513 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
514 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
515 sd->csd[14] &= ~0x10;
516 sd->card_status &= ~CARD_IS_LOCKED;
518 /* Erasing the entire card here! */
519 printf("SD: Card force-erased by CMD42\n");
523 if (sd->blk_len < 2 + pwd_len ||
524 pwd_len <= sd->pwd_len ||
525 pwd_len > sd->pwd_len + 16) {
526 sd->card_status |= LOCK_UNLOCK_FAILED;
530 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
531 sd->card_status |= LOCK_UNLOCK_FAILED;
535 pwd_len -= sd->pwd_len;
536 if ((pwd_len && !set_pwd) ||
537 (clr_pwd && (set_pwd || lock)) ||
538 (lock && !sd->pwd_len && !set_pwd) ||
539 (!set_pwd && !clr_pwd &&
540 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
541 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
542 sd->card_status |= LOCK_UNLOCK_FAILED;
547 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
548 sd->pwd_len = pwd_len;
556 sd->card_status |= CARD_IS_LOCKED;
558 sd->card_status &= ~CARD_IS_LOCKED;
561 static sd_rsp_type_t sd_normal_command(SDState *sd,
562 struct sd_request_s req)
564 uint32_t rca = 0x0000;
566 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
569 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
571 /* Basic commands (Class 0 and Class 1) */
572 case 0: /* CMD0: GO_IDLE_STATE */
574 case sd_inactive_state:
578 sd->state = sd_idle_state;
579 sd_reset(sd, sd->bdrv);
584 case 2: /* CMD2: ALL_SEND_CID */
587 sd->state = sd_identification_state;
595 case 3: /* CMD3: SEND_RELATIVE_ADDR */
597 case sd_identification_state:
598 case sd_standby_state:
599 sd->state = sd_standby_state;
608 case 4: /* CMD4: SEND_DSR */
610 case sd_standby_state:
618 case 6: /* CMD6: SWITCH_FUNCTION */
620 case sd_data_transfer_mode:
621 sd_function_switch(sd, req.arg);
622 sd->state = sd_sendingdata_state;
632 case 7: /* CMD7: SELECT/DESELECT_CARD */
634 case sd_standby_state:
638 sd->state = sd_transfer_state;
641 case sd_transfer_state:
642 case sd_sendingdata_state:
646 sd->state = sd_standby_state;
649 case sd_disconnect_state:
653 sd->state = sd_programming_state;
656 case sd_programming_state:
660 sd->state = sd_disconnect_state;
668 case 9: /* CMD9: SEND_CSD */
670 case sd_standby_state:
681 case 10: /* CMD10: SEND_CID */
683 case sd_standby_state:
694 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
696 case sd_transfer_state:
697 sd->state = sd_sendingdata_state;
698 sd->data_start = req.arg;
701 if (sd->data_start + sd->blk_len > sd->size)
702 sd->card_status |= ADDRESS_ERROR;
710 case 12: /* CMD12: STOP_TRANSMISSION */
712 case sd_sendingdata_state:
713 sd->state = sd_transfer_state;
716 case sd_receivingdata_state:
717 sd->state = sd_programming_state;
718 /* Bzzzzzzztt .... Operation complete. */
719 sd->state = sd_transfer_state;
727 case 13: /* CMD13: SEND_STATUS */
729 case sd_data_transfer_mode:
740 case 15: /* CMD15: GO_INACTIVE_STATE */
742 case sd_data_transfer_mode:
746 sd->state = sd_inactive_state;
754 /* Block read commands (Classs 2) */
755 case 16: /* CMD16: SET_BLOCKLEN */
757 case sd_transfer_state:
758 if (req.arg > (1 << HWBLOCK_SHIFT))
759 sd->card_status |= BLOCK_LEN_ERROR;
761 sd->blk_len = req.arg;
770 case 17: /* CMD17: READ_SINGLE_BLOCK */
772 case sd_transfer_state:
773 sd->state = sd_sendingdata_state;
774 sd->data_start = req.arg;
777 if (sd->data_start + sd->blk_len > sd->size)
778 sd->card_status |= ADDRESS_ERROR;
786 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
788 case sd_transfer_state:
789 sd->state = sd_sendingdata_state;
790 sd->data_start = req.arg;
793 if (sd->data_start + sd->blk_len > sd->size)
794 sd->card_status |= ADDRESS_ERROR;
802 /* Block write commands (Class 4) */
803 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
805 case sd_transfer_state:
806 sd->state = sd_receivingdata_state;
807 sd->data_start = req.arg;
811 if (sd->data_start + sd->blk_len > sd->size)
812 sd->card_status |= ADDRESS_ERROR;
813 if (sd_wp_addr(sd, sd->data_start))
814 sd->card_status |= WP_VIOLATION;
815 if (sd->csd[14] & 0x30)
816 sd->card_status |= WP_VIOLATION;
824 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
826 case sd_transfer_state:
827 sd->state = sd_receivingdata_state;
828 sd->data_start = req.arg;
832 if (sd->data_start + sd->blk_len > sd->size)
833 sd->card_status |= ADDRESS_ERROR;
834 if (sd_wp_addr(sd, sd->data_start))
835 sd->card_status |= WP_VIOLATION;
836 if (sd->csd[14] & 0x30)
837 sd->card_status |= WP_VIOLATION;
845 case 26: /* CMD26: PROGRAM_CID */
847 case sd_transfer_state:
848 sd->state = sd_receivingdata_state;
858 case 27: /* CMD27: PROGRAM_CSD */
860 case sd_transfer_state:
861 sd->state = sd_receivingdata_state;
871 /* Write protection (Class 6) */
872 case 28: /* CMD28: SET_WRITE_PROT */
874 case sd_transfer_state:
875 if (req.arg >= sd->size) {
876 sd->card_status = ADDRESS_ERROR;
880 sd->state = sd_programming_state;
881 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
882 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
883 /* Bzzzzzzztt .... Operation complete. */
884 sd->state = sd_transfer_state;
892 case 29: /* CMD29: CLR_WRITE_PROT */
894 case sd_transfer_state:
895 if (req.arg >= sd->size) {
896 sd->card_status = ADDRESS_ERROR;
900 sd->state = sd_programming_state;
901 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
902 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
903 /* Bzzzzzzztt .... Operation complete. */
904 sd->state = sd_transfer_state;
912 case 30: /* CMD30: SEND_WRITE_PROT */
914 case sd_transfer_state:
915 sd->state = sd_sendingdata_state;
916 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
917 sd->data_start = req.arg;
926 /* Erase commands (Class 5) */
927 case 32: /* CMD32: ERASE_WR_BLK_START */
929 case sd_transfer_state:
930 sd->erase_start = req.arg;
938 case 33: /* CMD33: ERASE_WR_BLK_END */
940 case sd_transfer_state:
941 sd->erase_end = req.arg;
949 case 38: /* CMD38: ERASE */
951 case sd_transfer_state:
952 if (sd->csd[14] & 0x30) {
953 sd->card_status |= WP_VIOLATION;
957 sd->state = sd_programming_state;
959 /* Bzzzzzzztt .... Operation complete. */
960 sd->state = sd_transfer_state;
968 /* Lock card commands (Class 7) */
969 case 42: /* CMD42: LOCK_UNLOCK */
971 case sd_transfer_state:
972 sd->state = sd_receivingdata_state;
982 /* Application specific commands (Class 8) */
983 case 55: /* CMD55: APP_CMD */
987 sd->card_status |= APP_CMD;
990 case 56: /* CMD56: GEN_CMD */
991 printf("SD: GEN_CMD 0x%08x\n", req.arg);
994 case sd_transfer_state:
997 sd->state = sd_sendingdata_state;
999 sd->state = sd_receivingdata_state;
1008 sd->card_status |= ILLEGAL_COMMAND;
1010 printf("SD: Unknown CMD%i\n", req.cmd);
1014 sd->card_status |= ILLEGAL_COMMAND;
1015 printf("SD: CMD%i in a wrong state\n", req.cmd);
1019 static sd_rsp_type_t sd_app_command(SDState *sd,
1020 struct sd_request_s req) {
1023 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1024 rca = req.arg >> 16;
1026 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1028 case 6: /* ACMD6: SET_BUS_WIDTH */
1029 switch (sd->state) {
1030 case sd_transfer_state:
1031 sd->sd_status[0] &= 0x3f;
1032 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1040 case 13: /* ACMD13: SD_STATUS */
1041 switch (sd->state) {
1042 case sd_transfer_state:
1044 sd->data_offset = 0;
1052 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1053 switch (sd->state) {
1054 case sd_transfer_state:
1055 *(uint32_t *) sd->data = sd->blk_written;
1058 sd->data_offset = 0;
1066 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1067 switch (sd->state) {
1068 case sd_transfer_state:
1076 case 41: /* ACMD41: SD_APP_OP_COND */
1077 switch (sd->state) {
1079 /* We accept any voltage. 10000 V is nothing. */
1081 sd->state = sd_ready_state;
1090 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1091 switch (sd->state) {
1092 case sd_transfer_state:
1093 /* Bringing in the 50KOhm pull-up resistor... Done. */
1101 case 51: /* ACMD51: SEND_SCR */
1102 switch (sd->state) {
1103 case sd_transfer_state:
1104 sd->state = sd_sendingdata_state;
1106 sd->data_offset = 0;
1115 /* Fall back to standard commands. */
1116 sd->card_status &= ~APP_CMD;
1117 return sd_normal_command(sd, req);
1120 printf("SD: ACMD%i in a wrong state\n", req.cmd);
1124 int sd_do_command(SDState *sd, struct sd_request_s *req,
1125 uint8_t *response) {
1126 uint32_t last_status = sd->card_status;
1127 sd_rsp_type_t rtype;
1130 if (!bdrv_is_inserted(sd->bdrv)) {
1134 if (sd_req_crc_validate(req)) {
1135 sd->card_status &= ~COM_CRC_ERROR;
1139 sd->card_status &= ~CARD_STATUS_B;
1142 if (last_status & CARD_IS_LOCKED)
1143 if (((last_status & APP_CMD) &&
1145 (!(last_status & APP_CMD) &&
1146 (sd_cmd_class[req->cmd] == 0 ||
1147 sd_cmd_class[req->cmd] == 7 ||
1148 req->cmd == 16 || req->cmd == 55))) {
1149 sd->card_status |= ILLEGAL_COMMAND;
1150 printf("SD: Card is locked\n");
1154 if (last_status & APP_CMD) {
1155 rtype = sd_app_command(sd, *req);
1156 sd->card_status &= ~APP_CMD;
1158 rtype = sd_normal_command(sd, *req);
1160 sd->current_cmd = req->cmd;
1165 sd_response_r1_make(sd, response, last_status);
1170 memcpy(response, sd->cid, sizeof(sd->cid));
1176 memcpy(response, sd->csd, sizeof(sd->csd));
1182 sd_response_r3_make(sd, response);
1187 sd_response_r6_make(sd, response);
1197 if (sd->card_status & ILLEGAL_COMMAND)
1203 DPRINTF("Response:");
1204 for (i = 0; i < rsplen; i++)
1205 printf(" %02x", response[i]);
1206 printf(" state %d\n", sd->state);
1208 DPRINTF("No response %d\n", sd->state);
1215 /* No real need for 64 bit addresses here */
1216 static void sd_blk_read(BlockDriverState *bdrv,
1217 void *data, uint32_t addr, uint32_t len)
1220 uint32_t end = addr + len;
1222 if (!bdrv || bdrv_read(bdrv, addr >> 9, buf, 1) == -1) {
1223 printf("sd_blk_read: read error on host side\n");
1227 if (end > (addr & ~511) + 512) {
1228 memcpy(data, buf + (addr & 511), 512 - (addr & 511));
1230 if (bdrv_read(bdrv, end >> 9, buf, 1) == -1) {
1231 printf("sd_blk_read: read error on host side\n");
1234 memcpy(data + 512 - (addr & 511), buf, end & 511);
1236 memcpy(data, buf + (addr & 511), len);
1239 static void sd_blk_write(BlockDriverState *bdrv,
1240 void *data, uint32_t addr, uint32_t len)
1243 uint32_t end = addr + len;
1245 if ((addr & 511) || len < 512)
1246 if (!bdrv || bdrv_read(bdrv, addr >> 9, buf, 1) == -1) {
1247 printf("sd_blk_write: read error on host side\n");
1251 if (end > (addr & ~511) + 512) {
1252 memcpy(buf + (addr & 511), data, 512 - (addr & 511));
1253 if (bdrv_write(bdrv, addr >> 9, buf, 1) == -1) {
1254 printf("sd_blk_write: write error on host side\n");
1258 if (bdrv_read(bdrv, end >> 9, buf, 1) == -1) {
1259 printf("sd_blk_write: read error on host side\n");
1262 memcpy(buf, data + 512 - (addr & 511), end & 511);
1263 if (bdrv_write(bdrv, end >> 9, buf, 1) == -1)
1264 printf("sd_blk_write: write error on host side\n");
1266 memcpy(buf + (addr & 511), data, len);
1267 if (!bdrv || bdrv_write(bdrv, addr >> 9, buf, 1) == -1)
1268 printf("sd_blk_write: write error on host side\n");
1272 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd->bdrv, sd->data, a, len)
1273 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd->bdrv, sd->data, a, len)
1274 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1275 #define APP_WRITE_BLOCK(a, len)
1277 void sd_write_data(SDState *sd, uint8_t value)
1281 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1284 if (sd->state != sd_receivingdata_state) {
1285 printf("sd_write_data: not in Receiving-Data state\n");
1289 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1292 switch (sd->current_cmd) {
1293 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1294 sd->data[sd->data_offset ++] = value;
1295 if (sd->data_offset >= sd->blk_len) {
1296 /* TODO: Check CRC before committing */
1297 sd->state = sd_programming_state;
1298 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1300 sd->csd[14] |= 0x40;
1301 /* Bzzzzzzztt .... Operation complete. */
1302 sd->state = sd_transfer_state;
1306 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1307 sd->data[sd->data_offset ++] = value;
1308 if (sd->data_offset >= sd->blk_len) {
1309 /* TODO: Check CRC before committing */
1310 sd->state = sd_programming_state;
1311 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1313 sd->data_start += sd->blk_len;
1314 sd->data_offset = 0;
1315 if (sd->data_start + sd->blk_len > sd->size) {
1316 sd->card_status |= ADDRESS_ERROR;
1319 if (sd_wp_addr(sd, sd->data_start)) {
1320 sd->card_status |= WP_VIOLATION;
1323 sd->csd[14] |= 0x40;
1325 /* Bzzzzzzztt .... Operation complete. */
1326 sd->state = sd_receivingdata_state;
1330 case 26: /* CMD26: PROGRAM_CID */
1331 sd->data[sd->data_offset ++] = value;
1332 if (sd->data_offset >= sizeof(sd->cid)) {
1333 /* TODO: Check CRC before committing */
1334 sd->state = sd_programming_state;
1335 for (i = 0; i < sizeof(sd->cid); i ++)
1336 if ((sd->cid[i] | 0x00) != sd->data[i])
1337 sd->card_status |= CID_CSD_OVERWRITE;
1339 if (!(sd->card_status & CID_CSD_OVERWRITE))
1340 for (i = 0; i < sizeof(sd->cid); i ++) {
1342 sd->cid[i] &= sd->data[i];
1344 /* Bzzzzzzztt .... Operation complete. */
1345 sd->state = sd_transfer_state;
1349 case 27: /* CMD27: PROGRAM_CSD */
1350 sd->data[sd->data_offset ++] = value;
1351 if (sd->data_offset >= sizeof(sd->csd)) {
1352 /* TODO: Check CRC before committing */
1353 sd->state = sd_programming_state;
1354 for (i = 0; i < sizeof(sd->csd); i ++)
1355 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1356 (sd->data[i] | sd_csd_rw_mask[i]))
1357 sd->card_status |= CID_CSD_OVERWRITE;
1359 /* Copy flag (OTP) & Permanent write protect */
1360 if (sd->csd[14] & ~sd->data[14] & 0x60)
1361 sd->card_status |= CID_CSD_OVERWRITE;
1363 if (!(sd->card_status & CID_CSD_OVERWRITE))
1364 for (i = 0; i < sizeof(sd->csd); i ++) {
1365 sd->csd[i] |= sd_csd_rw_mask[i];
1366 sd->csd[i] &= sd->data[i];
1368 /* Bzzzzzzztt .... Operation complete. */
1369 sd->state = sd_transfer_state;
1373 case 42: /* CMD42: LOCK_UNLOCK */
1374 sd->data[sd->data_offset ++] = value;
1375 if (sd->data_offset >= sd->blk_len) {
1376 /* TODO: Check CRC before committing */
1377 sd->state = sd_programming_state;
1378 sd_lock_command(sd);
1379 /* Bzzzzzzztt .... Operation complete. */
1380 sd->state = sd_transfer_state;
1384 case 56: /* CMD56: GEN_CMD */
1385 sd->data[sd->data_offset ++] = value;
1386 if (sd->data_offset >= sd->blk_len) {
1387 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1388 sd->state = sd_transfer_state;
1393 printf("sd_write_data: unknown command\n");
1398 uint8_t sd_read_data(SDState *sd)
1400 /* TODO: Append CRCs */
1403 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1406 if (sd->state != sd_sendingdata_state) {
1407 printf("sd_read_data: not in Sending-Data state\n");
1411 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1414 switch (sd->current_cmd) {
1415 case 6: /* CMD6: SWITCH_FUNCTION */
1416 ret = sd->data[sd->data_offset ++];
1418 if (sd->data_offset >= 64)
1419 sd->state = sd_transfer_state;
1422 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1423 if (sd->data_offset == 0)
1424 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1425 ret = sd->data[sd->data_offset ++];
1427 if (sd->data_offset >= sd->blk_len) {
1428 sd->data_start += sd->blk_len;
1429 sd->data_offset = 0;
1430 if (sd->data_start + sd->blk_len > sd->size) {
1431 sd->card_status |= ADDRESS_ERROR;
1437 case 13: /* ACMD13: SD_STATUS */
1438 ret = sd->sd_status[sd->data_offset ++];
1440 if (sd->data_offset >= sizeof(sd->sd_status))
1441 sd->state = sd_transfer_state;
1444 case 17: /* CMD17: READ_SINGLE_BLOCK */
1445 if (sd->data_offset == 0)
1446 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1447 ret = sd->data[sd->data_offset ++];
1449 if (sd->data_offset >= sd->blk_len)
1450 sd->state = sd_transfer_state;
1453 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1454 if (sd->data_offset == 0)
1455 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1456 ret = sd->data[sd->data_offset ++];
1458 if (sd->data_offset >= sd->blk_len) {
1459 sd->data_start += sd->blk_len;
1460 sd->data_offset = 0;
1461 if (sd->data_start + sd->blk_len > sd->size) {
1462 sd->card_status |= ADDRESS_ERROR;
1468 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1469 ret = sd->data[sd->data_offset ++];
1471 if (sd->data_offset >= 4)
1472 sd->state = sd_transfer_state;
1475 case 30: /* CMD30: SEND_WRITE_PROT */
1476 ret = sd->data[sd->data_offset ++];
1478 if (sd->data_offset >= 4)
1479 sd->state = sd_transfer_state;
1482 case 51: /* ACMD51: SEND_SCR */
1483 ret = sd->scr[sd->data_offset ++];
1485 if (sd->data_offset >= sizeof(sd->scr))
1486 sd->state = sd_transfer_state;
1489 case 56: /* CMD56: GEN_CMD */
1490 if (sd->data_offset == 0)
1491 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1492 ret = sd->data[sd->data_offset ++];
1494 if (sd->data_offset >= sd->blk_len)
1495 sd->state = sd_transfer_state;
1499 printf("sd_read_data: unknown command\n");
1506 int sd_data_ready(SDState *sd)
1508 return sd->state == sd_sendingdata_state;
projects / qemu / blob