2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { fprintf(stderr, "SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff80;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
246 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
247 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
249 static const uint8_t sd_csd_rw_mask[16] = {
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
254 static void sd_set_csd(SDState *sd, uint32_t size)
256 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
257 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
258 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
287 static void sd_set_rca(SDState *sd)
292 #define CARD_STATUS_A 0x02004100
293 #define CARD_STATUS_B 0x00c01e00
294 #define CARD_STATUS_C 0xfd39a028
296 static void sd_set_cardstatus(SDState *sd)
298 sd->card_status = 0x00000100;
301 static void sd_set_sdstatus(SDState *sd)
303 memset(sd->sd_status, 0, 64);
306 static int sd_req_crc_validate(struct sd_request_s *req)
309 buffer[0] = 0x40 | req->cmd;
310 buffer[1] = (req->arg >> 24) & 0xff;
311 buffer[2] = (req->arg >> 16) & 0xff;
312 buffer[3] = (req->arg >> 8) & 0xff;
313 buffer[4] = (req->arg >> 0) & 0xff;
315 return sd_crc7(buffer, 5) != req->crc; /* TODO */
318 static void sd_response_r1_make(SDState *sd,
319 uint8_t *response, uint32_t last_status)
321 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
324 status = (sd->card_status & ~mask) | (last_status & mask);
325 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
327 response[0] = (status >> 24) & 0xff;
328 response[1] = (status >> 16) & 0xff;
329 response[2] = (status >> 8) & 0xff;
330 response[3] = (status >> 0) & 0xff;
333 static void sd_response_r3_make(SDState *sd, uint8_t *response)
335 response[0] = (sd->ocr >> 24) & 0xff;
336 response[1] = (sd->ocr >> 16) & 0xff;
337 response[2] = (sd->ocr >> 8) & 0xff;
338 response[3] = (sd->ocr >> 0) & 0xff;
341 static void sd_response_r6_make(SDState *sd, uint8_t *response)
347 status = ((sd->card_status >> 8) & 0xc000) |
348 ((sd->card_status >> 6) & 0x2000) |
349 (sd->card_status & 0x1fff);
351 response[0] = (arg >> 8) & 0xff;
352 response[1] = arg & 0xff;
353 response[2] = (status >> 8) & 0xff;
354 response[3] = status & 0xff;
357 static void sd_response_r7_make(SDState *sd, uint8_t *response)
359 response[0] = (sd->vhs >> 24) & 0xff;
360 response[1] = (sd->vhs >> 16) & 0xff;
361 response[2] = (sd->vhs >> 8) & 0xff;
362 response[3] = (sd->vhs >> 0) & 0xff;
365 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
370 bdrv_get_geometry(bdrv, §);
373 if (sect > 0x40000000)
374 size = 0x40000000; /* 1 gig */
378 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
380 sd->state = sd_idle_state;
385 sd_set_csd(sd, size);
386 sd_set_cardstatus(sd);
392 qemu_free(sd->wp_groups);
393 sd->wp_switch = bdrv_is_read_only(bdrv);
394 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
395 memset(sd->function_group, 0, sizeof(int) * 6);
403 static void sd_cardchange(void *opaque)
405 SDState *sd = opaque;
406 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
407 if (bdrv_is_inserted(sd->bdrv)) {
408 sd_reset(sd, sd->bdrv);
409 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
413 /* We do not model the chip select pin, so allow the board to select
414 whether card should be in SSI or MMC/SD mode. It is also up to the
415 board to ensure that ssi transfers only occur when the chip select
417 SDState *sd_init(BlockDriverState *bs, int is_spi)
421 sd = (SDState *) qemu_mallocz(sizeof(SDState));
422 sd->buf = qemu_memalign(512, 512);
425 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
429 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
431 sd->readonly_cb = readonly;
432 sd->inserted_cb = insert;
433 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
434 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
437 static void sd_erase(SDState *sd)
440 if (!sd->erase_start || !sd->erase_end) {
441 sd->card_status |= ERASE_SEQ_ERROR;
445 start = sd->erase_start >>
446 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
447 end = sd->erase_end >>
448 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
453 for (i = start; i <= end; i ++)
454 if (sd->wp_groups[i])
455 sd->card_status |= WP_ERASE_SKIP;
458 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
463 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
465 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
466 if (addr < sd->size && sd->wp_groups[wpnum])
472 static void sd_function_switch(SDState *sd, uint32_t arg)
474 int i, mode, new_func, crc;
475 mode = !!(arg & 0x80000000);
477 sd->data[0] = 0x00; /* Maximum current consumption */
479 sd->data[2] = 0x80; /* Supported group 6 functions */
481 sd->data[4] = 0x80; /* Supported group 5 functions */
483 sd->data[6] = 0x80; /* Supported group 4 functions */
485 sd->data[8] = 0x80; /* Supported group 3 functions */
487 sd->data[10] = 0x80; /* Supported group 2 functions */
489 sd->data[12] = 0x80; /* Supported group 1 functions */
491 for (i = 0; i < 6; i ++) {
492 new_func = (arg >> (i * 4)) & 0x0f;
493 if (mode && new_func != 0x0f)
494 sd->function_group[i] = new_func;
495 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
497 memset(&sd->data[17], 0, 47);
498 crc = sd_crc16(sd->data, 64);
499 sd->data[65] = crc >> 8;
500 sd->data[66] = crc & 0xff;
503 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
505 return sd->wp_groups[addr >>
506 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
509 static void sd_lock_command(SDState *sd)
511 int erase, lock, clr_pwd, set_pwd, pwd_len;
512 erase = !!(sd->data[0] & 0x08);
513 lock = sd->data[0] & 0x04;
514 clr_pwd = sd->data[0] & 0x02;
515 set_pwd = sd->data[0] & 0x01;
518 pwd_len = sd->data[1];
523 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
524 set_pwd || clr_pwd || lock || sd->wp_switch ||
525 (sd->csd[14] & 0x20)) {
526 sd->card_status |= LOCK_UNLOCK_FAILED;
529 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
530 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
531 sd->csd[14] &= ~0x10;
532 sd->card_status &= ~CARD_IS_LOCKED;
534 /* Erasing the entire card here! */
535 fprintf(stderr, "SD: Card force-erased by CMD42\n");
539 if (sd->blk_len < 2 + pwd_len ||
540 pwd_len <= sd->pwd_len ||
541 pwd_len > sd->pwd_len + 16) {
542 sd->card_status |= LOCK_UNLOCK_FAILED;
546 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
547 sd->card_status |= LOCK_UNLOCK_FAILED;
551 pwd_len -= sd->pwd_len;
552 if ((pwd_len && !set_pwd) ||
553 (clr_pwd && (set_pwd || lock)) ||
554 (lock && !sd->pwd_len && !set_pwd) ||
555 (!set_pwd && !clr_pwd &&
556 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
557 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
558 sd->card_status |= LOCK_UNLOCK_FAILED;
563 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
564 sd->pwd_len = pwd_len;
572 sd->card_status |= CARD_IS_LOCKED;
574 sd->card_status &= ~CARD_IS_LOCKED;
577 static sd_rsp_type_t sd_normal_command(SDState *sd,
578 struct sd_request_s req)
580 uint32_t rca = 0x0000;
582 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
585 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
587 /* Basic commands (Class 0 and Class 1) */
588 case 0: /* CMD0: GO_IDLE_STATE */
590 case sd_inactive_state:
591 return sd->spi ? sd_r1 : sd_r0;
594 sd->state = sd_idle_state;
595 sd_reset(sd, sd->bdrv);
596 return sd->spi ? sd_r1 : sd_r0;
600 case 1: /* CMD1: SEND_OP_CMD */
604 sd->state = sd_transfer_state;
607 case 2: /* CMD2: ALL_SEND_CID */
612 sd->state = sd_identification_state;
620 case 3: /* CMD3: SEND_RELATIVE_ADDR */
624 case sd_identification_state:
625 case sd_standby_state:
626 sd->state = sd_standby_state;
635 case 4: /* CMD4: SEND_DSR */
639 case sd_standby_state:
647 case 6: /* CMD6: SWITCH_FUNCTION */
651 case sd_data_transfer_mode:
652 sd_function_switch(sd, req.arg);
653 sd->state = sd_sendingdata_state;
663 case 7: /* CMD7: SELECT/DESELECT_CARD */
667 case sd_standby_state:
671 sd->state = sd_transfer_state;
674 case sd_transfer_state:
675 case sd_sendingdata_state:
679 sd->state = sd_standby_state;
682 case sd_disconnect_state:
686 sd->state = sd_programming_state;
689 case sd_programming_state:
693 sd->state = sd_disconnect_state;
701 case 8: /* CMD8: SEND_IF_COND */
702 /* Physical Layer Specification Version 2.00 command */
707 /* No response if not exactly one VHS bit is set. */
708 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
709 return sd->spi ? sd_r7 : sd_r0;
720 case 9: /* CMD9: SEND_CSD */
722 case sd_standby_state:
728 case sd_transfer_state:
731 sd->state = sd_sendingdata_state;
732 memcpy(sd->data, sd->csd, 16);
733 sd->data_start = req.arg;
742 case 10: /* CMD10: SEND_CID */
744 case sd_standby_state:
750 case sd_transfer_state:
753 sd->state = sd_sendingdata_state;
754 memcpy(sd->data, sd->cid, 16);
755 sd->data_start = req.arg;
764 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
768 case sd_transfer_state:
769 sd->state = sd_sendingdata_state;
770 sd->data_start = req.arg;
773 if (sd->data_start + sd->blk_len > sd->size)
774 sd->card_status |= ADDRESS_ERROR;
782 case 12: /* CMD12: STOP_TRANSMISSION */
784 case sd_sendingdata_state:
785 sd->state = sd_transfer_state;
788 case sd_receivingdata_state:
789 sd->state = sd_programming_state;
790 /* Bzzzzzzztt .... Operation complete. */
791 sd->state = sd_transfer_state;
799 case 13: /* CMD13: SEND_STATUS */
801 case sd_data_transfer_mode:
812 case 15: /* CMD15: GO_INACTIVE_STATE */
816 case sd_data_transfer_mode:
820 sd->state = sd_inactive_state;
828 /* Block read commands (Classs 2) */
829 case 16: /* CMD16: SET_BLOCKLEN */
831 case sd_transfer_state:
832 if (req.arg > (1 << HWBLOCK_SHIFT))
833 sd->card_status |= BLOCK_LEN_ERROR;
835 sd->blk_len = req.arg;
844 case 17: /* CMD17: READ_SINGLE_BLOCK */
846 case sd_transfer_state:
847 sd->state = sd_sendingdata_state;
848 sd->data_start = req.arg;
851 if (sd->data_start + sd->blk_len > sd->size)
852 sd->card_status |= ADDRESS_ERROR;
860 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
862 case sd_transfer_state:
863 sd->state = sd_sendingdata_state;
864 sd->data_start = req.arg;
867 if (sd->data_start + sd->blk_len > sd->size)
868 sd->card_status |= ADDRESS_ERROR;
876 /* Block write commands (Class 4) */
877 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
879 goto unimplemented_cmd;
881 case sd_transfer_state:
882 /* Writing in SPI mode not implemented. */
885 sd->state = sd_receivingdata_state;
886 sd->data_start = req.arg;
890 if (sd->data_start + sd->blk_len > sd->size)
891 sd->card_status |= ADDRESS_ERROR;
892 if (sd_wp_addr(sd, sd->data_start))
893 sd->card_status |= WP_VIOLATION;
894 if (sd->csd[14] & 0x30)
895 sd->card_status |= WP_VIOLATION;
903 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
905 goto unimplemented_cmd;
907 case sd_transfer_state:
908 /* Writing in SPI mode not implemented. */
911 sd->state = sd_receivingdata_state;
912 sd->data_start = req.arg;
916 if (sd->data_start + sd->blk_len > sd->size)
917 sd->card_status |= ADDRESS_ERROR;
918 if (sd_wp_addr(sd, sd->data_start))
919 sd->card_status |= WP_VIOLATION;
920 if (sd->csd[14] & 0x30)
921 sd->card_status |= WP_VIOLATION;
929 case 26: /* CMD26: PROGRAM_CID */
933 case sd_transfer_state:
934 sd->state = sd_receivingdata_state;
944 case 27: /* CMD27: PROGRAM_CSD */
946 goto unimplemented_cmd;
948 case sd_transfer_state:
949 sd->state = sd_receivingdata_state;
959 /* Write protection (Class 6) */
960 case 28: /* CMD28: SET_WRITE_PROT */
962 case sd_transfer_state:
963 if (req.arg >= sd->size) {
964 sd->card_status = ADDRESS_ERROR;
968 sd->state = sd_programming_state;
969 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
970 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
971 /* Bzzzzzzztt .... Operation complete. */
972 sd->state = sd_transfer_state;
980 case 29: /* CMD29: CLR_WRITE_PROT */
982 case sd_transfer_state:
983 if (req.arg >= sd->size) {
984 sd->card_status = ADDRESS_ERROR;
988 sd->state = sd_programming_state;
989 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
990 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
991 /* Bzzzzzzztt .... Operation complete. */
992 sd->state = sd_transfer_state;
1000 case 30: /* CMD30: SEND_WRITE_PROT */
1001 switch (sd->state) {
1002 case sd_transfer_state:
1003 sd->state = sd_sendingdata_state;
1004 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1005 sd->data_start = req.arg;
1006 sd->data_offset = 0;
1014 /* Erase commands (Class 5) */
1015 case 32: /* CMD32: ERASE_WR_BLK_START */
1016 switch (sd->state) {
1017 case sd_transfer_state:
1018 sd->erase_start = req.arg;
1026 case 33: /* CMD33: ERASE_WR_BLK_END */
1027 switch (sd->state) {
1028 case sd_transfer_state:
1029 sd->erase_end = req.arg;
1037 case 38: /* CMD38: ERASE */
1038 switch (sd->state) {
1039 case sd_transfer_state:
1040 if (sd->csd[14] & 0x30) {
1041 sd->card_status |= WP_VIOLATION;
1045 sd->state = sd_programming_state;
1047 /* Bzzzzzzztt .... Operation complete. */
1048 sd->state = sd_transfer_state;
1056 /* Lock card commands (Class 7) */
1057 case 42: /* CMD42: LOCK_UNLOCK */
1059 goto unimplemented_cmd;
1060 switch (sd->state) {
1061 case sd_transfer_state:
1062 sd->state = sd_receivingdata_state;
1064 sd->data_offset = 0;
1072 /* Application specific commands (Class 8) */
1073 case 55: /* CMD55: APP_CMD */
1077 sd->card_status |= APP_CMD;
1080 case 56: /* CMD56: GEN_CMD */
1081 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1083 switch (sd->state) {
1084 case sd_transfer_state:
1085 sd->data_offset = 0;
1087 sd->state = sd_sendingdata_state;
1089 sd->state = sd_receivingdata_state;
1099 sd->card_status |= ILLEGAL_COMMAND;
1101 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1105 /* Commands that are recognised but not yet implemented in SPI mode. */
1106 sd->card_status |= ILLEGAL_COMMAND;
1107 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1111 sd->card_status |= ILLEGAL_COMMAND;
1112 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1116 static sd_rsp_type_t sd_app_command(SDState *sd,
1117 struct sd_request_s req) {
1120 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1121 rca = req.arg >> 16;
1123 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1125 case 6: /* ACMD6: SET_BUS_WIDTH */
1126 switch (sd->state) {
1127 case sd_transfer_state:
1128 sd->sd_status[0] &= 0x3f;
1129 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1137 case 13: /* ACMD13: SD_STATUS */
1138 switch (sd->state) {
1139 case sd_transfer_state:
1141 sd->data_offset = 0;
1149 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1150 switch (sd->state) {
1151 case sd_transfer_state:
1152 *(uint32_t *) sd->data = sd->blk_written;
1155 sd->data_offset = 0;
1163 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1164 switch (sd->state) {
1165 case sd_transfer_state:
1173 case 41: /* ACMD41: SD_APP_OP_COND */
1176 sd->state = sd_transfer_state;
1179 switch (sd->state) {
1181 /* We accept any voltage. 10000 V is nothing. */
1183 sd->state = sd_ready_state;
1192 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1193 switch (sd->state) {
1194 case sd_transfer_state:
1195 /* Bringing in the 50KOhm pull-up resistor... Done. */
1203 case 51: /* ACMD51: SEND_SCR */
1204 switch (sd->state) {
1205 case sd_transfer_state:
1206 sd->state = sd_sendingdata_state;
1208 sd->data_offset = 0;
1217 /* Fall back to standard commands. */
1218 sd->card_status &= ~APP_CMD;
1219 return sd_normal_command(sd, req);
1222 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1226 int sd_do_command(SDState *sd, struct sd_request_s *req,
1227 uint8_t *response) {
1228 uint32_t last_status = sd->card_status;
1229 sd_rsp_type_t rtype;
1232 if (!bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1236 if (sd_req_crc_validate(req)) {
1237 sd->card_status &= ~COM_CRC_ERROR;
1241 sd->card_status &= ~CARD_STATUS_B;
1244 if (last_status & CARD_IS_LOCKED)
1245 if (((last_status & APP_CMD) &&
1247 (!(last_status & APP_CMD) &&
1248 (sd_cmd_class[req->cmd] == 0 ||
1249 sd_cmd_class[req->cmd] == 7 ||
1250 req->cmd == 16 || req->cmd == 55))) {
1251 sd->card_status |= ILLEGAL_COMMAND;
1252 fprintf(stderr, "SD: Card is locked\n");
1256 if (last_status & APP_CMD) {
1257 rtype = sd_app_command(sd, *req);
1258 sd->card_status &= ~APP_CMD;
1260 rtype = sd_normal_command(sd, *req);
1262 sd->current_cmd = req->cmd;
1267 sd_response_r1_make(sd, response, last_status);
1272 memcpy(response, sd->cid, sizeof(sd->cid));
1277 memcpy(response, sd->csd, sizeof(sd->csd));
1282 sd_response_r3_make(sd, response);
1287 sd_response_r6_make(sd, response);
1292 sd_response_r7_make(sd, response);
1302 if (sd->card_status & ILLEGAL_COMMAND)
1308 DPRINTF("Response:");
1309 for (i = 0; i < rsplen; i++)
1310 printf(" %02x", response[i]);
1311 printf(" state %d\n", sd->state);
1313 DPRINTF("No response %d\n", sd->state);
1320 /* No real need for 64 bit addresses here */
1321 static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1323 uint32_t end = addr + len;
1325 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1326 fprintf(stderr, "sd_blk_read: read error on host side\n");
1330 if (end > (addr & ~511) + 512) {
1331 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1333 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1334 fprintf(stderr, "sd_blk_read: read error on host side\n");
1337 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1339 memcpy(sd->data, sd->buf + (addr & 511), len);
1342 static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1344 uint32_t end = addr + len;
1346 if ((addr & 511) || len < 512)
1347 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1348 fprintf(stderr, "sd_blk_write: read error on host side\n");
1352 if (end > (addr & ~511) + 512) {
1353 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1354 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1355 fprintf(stderr, "sd_blk_write: write error on host side\n");
1359 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1360 fprintf(stderr, "sd_blk_write: read error on host side\n");
1363 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1364 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1365 fprintf(stderr, "sd_blk_write: write error on host side\n");
1367 memcpy(sd->buf + (addr & 511), sd->data, len);
1368 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1369 fprintf(stderr, "sd_blk_write: write error on host side\n");
1373 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1374 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1375 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1376 #define APP_WRITE_BLOCK(a, len)
1378 void sd_write_data(SDState *sd, uint8_t value)
1382 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1385 if (sd->state != sd_receivingdata_state) {
1386 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1390 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1393 switch (sd->current_cmd) {
1394 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1395 sd->data[sd->data_offset ++] = value;
1396 if (sd->data_offset >= sd->blk_len) {
1397 /* TODO: Check CRC before committing */
1398 sd->state = sd_programming_state;
1399 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1401 sd->csd[14] |= 0x40;
1402 /* Bzzzzzzztt .... Operation complete. */
1403 sd->state = sd_transfer_state;
1407 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1408 sd->data[sd->data_offset ++] = value;
1409 if (sd->data_offset >= sd->blk_len) {
1410 /* TODO: Check CRC before committing */
1411 sd->state = sd_programming_state;
1412 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1414 sd->data_start += sd->blk_len;
1415 sd->data_offset = 0;
1416 if (sd->data_start + sd->blk_len > sd->size) {
1417 sd->card_status |= ADDRESS_ERROR;
1420 if (sd_wp_addr(sd, sd->data_start)) {
1421 sd->card_status |= WP_VIOLATION;
1424 sd->csd[14] |= 0x40;
1426 /* Bzzzzzzztt .... Operation complete. */
1427 sd->state = sd_receivingdata_state;
1431 case 26: /* CMD26: PROGRAM_CID */
1432 sd->data[sd->data_offset ++] = value;
1433 if (sd->data_offset >= sizeof(sd->cid)) {
1434 /* TODO: Check CRC before committing */
1435 sd->state = sd_programming_state;
1436 for (i = 0; i < sizeof(sd->cid); i ++)
1437 if ((sd->cid[i] | 0x00) != sd->data[i])
1438 sd->card_status |= CID_CSD_OVERWRITE;
1440 if (!(sd->card_status & CID_CSD_OVERWRITE))
1441 for (i = 0; i < sizeof(sd->cid); i ++) {
1443 sd->cid[i] &= sd->data[i];
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd->state = sd_transfer_state;
1450 case 27: /* CMD27: PROGRAM_CSD */
1451 sd->data[sd->data_offset ++] = value;
1452 if (sd->data_offset >= sizeof(sd->csd)) {
1453 /* TODO: Check CRC before committing */
1454 sd->state = sd_programming_state;
1455 for (i = 0; i < sizeof(sd->csd); i ++)
1456 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1457 (sd->data[i] | sd_csd_rw_mask[i]))
1458 sd->card_status |= CID_CSD_OVERWRITE;
1460 /* Copy flag (OTP) & Permanent write protect */
1461 if (sd->csd[14] & ~sd->data[14] & 0x60)
1462 sd->card_status |= CID_CSD_OVERWRITE;
1464 if (!(sd->card_status & CID_CSD_OVERWRITE))
1465 for (i = 0; i < sizeof(sd->csd); i ++) {
1466 sd->csd[i] |= sd_csd_rw_mask[i];
1467 sd->csd[i] &= sd->data[i];
1469 /* Bzzzzzzztt .... Operation complete. */
1470 sd->state = sd_transfer_state;
1474 case 42: /* CMD42: LOCK_UNLOCK */
1475 sd->data[sd->data_offset ++] = value;
1476 if (sd->data_offset >= sd->blk_len) {
1477 /* TODO: Check CRC before committing */
1478 sd->state = sd_programming_state;
1479 sd_lock_command(sd);
1480 /* Bzzzzzzztt .... Operation complete. */
1481 sd->state = sd_transfer_state;
1485 case 56: /* CMD56: GEN_CMD */
1486 sd->data[sd->data_offset ++] = value;
1487 if (sd->data_offset >= sd->blk_len) {
1488 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1489 sd->state = sd_transfer_state;
1494 fprintf(stderr, "sd_write_data: unknown command\n");
1499 uint8_t sd_read_data(SDState *sd)
1501 /* TODO: Append CRCs */
1504 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1507 if (sd->state != sd_sendingdata_state) {
1508 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1512 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1515 switch (sd->current_cmd) {
1516 case 6: /* CMD6: SWITCH_FUNCTION */
1517 ret = sd->data[sd->data_offset ++];
1519 if (sd->data_offset >= 64)
1520 sd->state = sd_transfer_state;
1523 case 9: /* CMD9: SEND_CSD */
1524 case 10: /* CMD10: SEND_CID */
1525 ret = sd->data[sd->data_offset ++];
1527 if (sd->data_offset >= 16)
1528 sd->state = sd_transfer_state;
1531 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1532 if (sd->data_offset == 0)
1533 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1534 ret = sd->data[sd->data_offset ++];
1536 if (sd->data_offset >= sd->blk_len) {
1537 sd->data_start += sd->blk_len;
1538 sd->data_offset = 0;
1539 if (sd->data_start + sd->blk_len > sd->size) {
1540 sd->card_status |= ADDRESS_ERROR;
1546 case 13: /* ACMD13: SD_STATUS */
1547 ret = sd->sd_status[sd->data_offset ++];
1549 if (sd->data_offset >= sizeof(sd->sd_status))
1550 sd->state = sd_transfer_state;
1553 case 17: /* CMD17: READ_SINGLE_BLOCK */
1554 if (sd->data_offset == 0)
1555 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1556 ret = sd->data[sd->data_offset ++];
1558 if (sd->data_offset >= sd->blk_len)
1559 sd->state = sd_transfer_state;
1562 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1563 if (sd->data_offset == 0)
1564 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1565 ret = sd->data[sd->data_offset ++];
1567 if (sd->data_offset >= sd->blk_len) {
1568 sd->data_start += sd->blk_len;
1569 sd->data_offset = 0;
1570 if (sd->data_start + sd->blk_len > sd->size) {
1571 sd->card_status |= ADDRESS_ERROR;
1577 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1578 ret = sd->data[sd->data_offset ++];
1580 if (sd->data_offset >= 4)
1581 sd->state = sd_transfer_state;
1584 case 30: /* CMD30: SEND_WRITE_PROT */
1585 ret = sd->data[sd->data_offset ++];
1587 if (sd->data_offset >= 4)
1588 sd->state = sd_transfer_state;
1591 case 51: /* ACMD51: SEND_SCR */
1592 ret = sd->scr[sd->data_offset ++];
1594 if (sd->data_offset >= sizeof(sd->scr))
1595 sd->state = sd_transfer_state;
1598 case 56: /* CMD56: GEN_CMD */
1599 if (sd->data_offset == 0)
1600 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1601 ret = sd->data[sd->data_offset ++];
1603 if (sd->data_offset >= sd->blk_len)
1604 sd->state = sd_transfer_state;
1608 fprintf(stderr, "sd_read_data: unknown command\n");
1615 int sd_data_ready(SDState *sd)
1617 return sd->state == sd_sendingdata_state;
1620 void sd_enable(SDState *sd, int enable)
1622 sd->enable = enable;
projects / qemu / blob