2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint32_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 static void sd_set_rca(SDState *sd)
290 #define CARD_STATUS_A 0x02004100
291 #define CARD_STATUS_B 0x00c01e00
292 #define CARD_STATUS_C 0xfd39a028
294 static void sd_set_cardstatus(SDState *sd)
296 sd->card_status = 0x00000100;
299 static void sd_set_sdstatus(SDState *sd)
301 memset(sd->sd_status, 0, 64);
304 static int sd_req_crc_validate(SDRequest *req)
307 buffer[0] = 0x40 | req->cmd;
308 buffer[1] = (req->arg >> 24) & 0xff;
309 buffer[2] = (req->arg >> 16) & 0xff;
310 buffer[3] = (req->arg >> 8) & 0xff;
311 buffer[4] = (req->arg >> 0) & 0xff;
313 return sd_crc7(buffer, 5) != req->crc; /* TODO */
316 static void sd_response_r1_make(SDState *sd,
317 uint8_t *response, uint32_t last_status)
319 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
322 status = (sd->card_status & ~mask) | (last_status & mask);
323 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
325 response[0] = (status >> 24) & 0xff;
326 response[1] = (status >> 16) & 0xff;
327 response[2] = (status >> 8) & 0xff;
328 response[3] = (status >> 0) & 0xff;
331 static void sd_response_r3_make(SDState *sd, uint8_t *response)
333 response[0] = (sd->ocr >> 24) & 0xff;
334 response[1] = (sd->ocr >> 16) & 0xff;
335 response[2] = (sd->ocr >> 8) & 0xff;
336 response[3] = (sd->ocr >> 0) & 0xff;
339 static void sd_response_r6_make(SDState *sd, uint8_t *response)
345 status = ((sd->card_status >> 8) & 0xc000) |
346 ((sd->card_status >> 6) & 0x2000) |
347 (sd->card_status & 0x1fff);
349 response[0] = (arg >> 8) & 0xff;
350 response[1] = arg & 0xff;
351 response[2] = (status >> 8) & 0xff;
352 response[3] = status & 0xff;
355 static void sd_response_r7_make(SDState *sd, uint8_t *response)
357 response[0] = (sd->vhs >> 24) & 0xff;
358 response[1] = (sd->vhs >> 16) & 0xff;
359 response[2] = (sd->vhs >> 8) & 0xff;
360 response[3] = (sd->vhs >> 0) & 0xff;
363 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
369 bdrv_get_geometry(bdrv, §);
375 if (sect > 0x40000000)
376 size = 0x40000000; /* 1 gig */
380 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
382 sd->state = sd_idle_state;
387 sd_set_csd(sd, size);
388 sd_set_cardstatus(sd);
394 qemu_free(sd->wp_groups);
395 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
396 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
397 memset(sd->function_group, 0, sizeof(int) * 6);
405 static void sd_cardchange(void *opaque)
407 SDState *sd = opaque;
408 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
409 if (bdrv_is_inserted(sd->bdrv)) {
410 sd_reset(sd, sd->bdrv);
411 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
415 /* We do not model the chip select pin, so allow the board to select
416 whether card should be in SSI or MMC/SD mode. It is also up to the
417 board to ensure that ssi transfers only occur when the chip select
419 SDState *sd_init(BlockDriverState *bs, int is_spi)
423 sd = (SDState *) qemu_mallocz(sizeof(SDState));
424 sd->buf = qemu_memalign(512, 512);
429 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
434 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
436 sd->readonly_cb = readonly;
437 sd->inserted_cb = insert;
438 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
439 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
442 static void sd_erase(SDState *sd)
445 if (!sd->erase_start || !sd->erase_end) {
446 sd->card_status |= ERASE_SEQ_ERROR;
450 start = sd->erase_start >>
451 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
452 end = sd->erase_end >>
453 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
458 for (i = start; i <= end; i ++)
459 if (sd->wp_groups[i])
460 sd->card_status |= WP_ERASE_SKIP;
463 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
468 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
470 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
471 if (addr < sd->size && sd->wp_groups[wpnum])
477 static void sd_function_switch(SDState *sd, uint32_t arg)
479 int i, mode, new_func, crc;
480 mode = !!(arg & 0x80000000);
482 sd->data[0] = 0x00; /* Maximum current consumption */
484 sd->data[2] = 0x80; /* Supported group 6 functions */
486 sd->data[4] = 0x80; /* Supported group 5 functions */
488 sd->data[6] = 0x80; /* Supported group 4 functions */
490 sd->data[8] = 0x80; /* Supported group 3 functions */
492 sd->data[10] = 0x80; /* Supported group 2 functions */
494 sd->data[12] = 0x80; /* Supported group 1 functions */
496 for (i = 0; i < 6; i ++) {
497 new_func = (arg >> (i * 4)) & 0x0f;
498 if (mode && new_func != 0x0f)
499 sd->function_group[i] = new_func;
500 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
502 memset(&sd->data[17], 0, 47);
503 crc = sd_crc16(sd->data, 64);
504 sd->data[65] = crc >> 8;
505 sd->data[66] = crc & 0xff;
508 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
510 return sd->wp_groups[addr >>
511 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
514 static void sd_lock_command(SDState *sd)
516 int erase, lock, clr_pwd, set_pwd, pwd_len;
517 erase = !!(sd->data[0] & 0x08);
518 lock = sd->data[0] & 0x04;
519 clr_pwd = sd->data[0] & 0x02;
520 set_pwd = sd->data[0] & 0x01;
523 pwd_len = sd->data[1];
528 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
529 set_pwd || clr_pwd || lock || sd->wp_switch ||
530 (sd->csd[14] & 0x20)) {
531 sd->card_status |= LOCK_UNLOCK_FAILED;
534 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
535 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
536 sd->csd[14] &= ~0x10;
537 sd->card_status &= ~CARD_IS_LOCKED;
539 /* Erasing the entire card here! */
540 fprintf(stderr, "SD: Card force-erased by CMD42\n");
544 if (sd->blk_len < 2 + pwd_len ||
545 pwd_len <= sd->pwd_len ||
546 pwd_len > sd->pwd_len + 16) {
547 sd->card_status |= LOCK_UNLOCK_FAILED;
551 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
552 sd->card_status |= LOCK_UNLOCK_FAILED;
556 pwd_len -= sd->pwd_len;
557 if ((pwd_len && !set_pwd) ||
558 (clr_pwd && (set_pwd || lock)) ||
559 (lock && !sd->pwd_len && !set_pwd) ||
560 (!set_pwd && !clr_pwd &&
561 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
562 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
563 sd->card_status |= LOCK_UNLOCK_FAILED;
568 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
569 sd->pwd_len = pwd_len;
577 sd->card_status |= CARD_IS_LOCKED;
579 sd->card_status &= ~CARD_IS_LOCKED;
582 static sd_rsp_type_t sd_normal_command(SDState *sd,
585 uint32_t rca = 0x0000;
587 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
590 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
592 /* Basic commands (Class 0 and Class 1) */
593 case 0: /* CMD0: GO_IDLE_STATE */
595 case sd_inactive_state:
596 return sd->spi ? sd_r1 : sd_r0;
599 sd->state = sd_idle_state;
600 sd_reset(sd, sd->bdrv);
601 return sd->spi ? sd_r1 : sd_r0;
605 case 1: /* CMD1: SEND_OP_CMD */
609 sd->state = sd_transfer_state;
612 case 2: /* CMD2: ALL_SEND_CID */
617 sd->state = sd_identification_state;
625 case 3: /* CMD3: SEND_RELATIVE_ADDR */
629 case sd_identification_state:
630 case sd_standby_state:
631 sd->state = sd_standby_state;
640 case 4: /* CMD4: SEND_DSR */
644 case sd_standby_state:
652 case 6: /* CMD6: SWITCH_FUNCTION */
656 case sd_data_transfer_mode:
657 sd_function_switch(sd, req.arg);
658 sd->state = sd_sendingdata_state;
668 case 7: /* CMD7: SELECT/DESELECT_CARD */
672 case sd_standby_state:
676 sd->state = sd_transfer_state;
679 case sd_transfer_state:
680 case sd_sendingdata_state:
684 sd->state = sd_standby_state;
687 case sd_disconnect_state:
691 sd->state = sd_programming_state;
694 case sd_programming_state:
698 sd->state = sd_disconnect_state;
706 case 8: /* CMD8: SEND_IF_COND */
707 /* Physical Layer Specification Version 2.00 command */
712 /* No response if not exactly one VHS bit is set. */
713 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
714 return sd->spi ? sd_r7 : sd_r0;
725 case 9: /* CMD9: SEND_CSD */
727 case sd_standby_state:
733 case sd_transfer_state:
736 sd->state = sd_sendingdata_state;
737 memcpy(sd->data, sd->csd, 16);
738 sd->data_start = req.arg;
747 case 10: /* CMD10: SEND_CID */
749 case sd_standby_state:
755 case sd_transfer_state:
758 sd->state = sd_sendingdata_state;
759 memcpy(sd->data, sd->cid, 16);
760 sd->data_start = req.arg;
769 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
773 case sd_transfer_state:
774 sd->state = sd_sendingdata_state;
775 sd->data_start = req.arg;
778 if (sd->data_start + sd->blk_len > sd->size)
779 sd->card_status |= ADDRESS_ERROR;
787 case 12: /* CMD12: STOP_TRANSMISSION */
789 case sd_sendingdata_state:
790 sd->state = sd_transfer_state;
793 case sd_receivingdata_state:
794 sd->state = sd_programming_state;
795 /* Bzzzzzzztt .... Operation complete. */
796 sd->state = sd_transfer_state;
804 case 13: /* CMD13: SEND_STATUS */
806 case sd_data_transfer_mode:
817 case 15: /* CMD15: GO_INACTIVE_STATE */
821 case sd_data_transfer_mode:
825 sd->state = sd_inactive_state;
833 /* Block read commands (Classs 2) */
834 case 16: /* CMD16: SET_BLOCKLEN */
836 case sd_transfer_state:
837 if (req.arg > (1 << HWBLOCK_SHIFT))
838 sd->card_status |= BLOCK_LEN_ERROR;
840 sd->blk_len = req.arg;
849 case 17: /* CMD17: READ_SINGLE_BLOCK */
851 case sd_transfer_state:
852 sd->state = sd_sendingdata_state;
853 sd->data_start = req.arg;
856 if (sd->data_start + sd->blk_len > sd->size)
857 sd->card_status |= ADDRESS_ERROR;
865 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
867 case sd_transfer_state:
868 sd->state = sd_sendingdata_state;
869 sd->data_start = req.arg;
872 if (sd->data_start + sd->blk_len > sd->size)
873 sd->card_status |= ADDRESS_ERROR;
881 /* Block write commands (Class 4) */
882 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
884 goto unimplemented_cmd;
886 case sd_transfer_state:
887 /* Writing in SPI mode not implemented. */
890 sd->state = sd_receivingdata_state;
891 sd->data_start = req.arg;
895 if (sd->data_start + sd->blk_len > sd->size)
896 sd->card_status |= ADDRESS_ERROR;
897 if (sd_wp_addr(sd, sd->data_start))
898 sd->card_status |= WP_VIOLATION;
899 if (sd->csd[14] & 0x30)
900 sd->card_status |= WP_VIOLATION;
908 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
910 goto unimplemented_cmd;
912 case sd_transfer_state:
913 /* Writing in SPI mode not implemented. */
916 sd->state = sd_receivingdata_state;
917 sd->data_start = req.arg;
921 if (sd->data_start + sd->blk_len > sd->size)
922 sd->card_status |= ADDRESS_ERROR;
923 if (sd_wp_addr(sd, sd->data_start))
924 sd->card_status |= WP_VIOLATION;
925 if (sd->csd[14] & 0x30)
926 sd->card_status |= WP_VIOLATION;
934 case 26: /* CMD26: PROGRAM_CID */
938 case sd_transfer_state:
939 sd->state = sd_receivingdata_state;
949 case 27: /* CMD27: PROGRAM_CSD */
951 goto unimplemented_cmd;
953 case sd_transfer_state:
954 sd->state = sd_receivingdata_state;
964 /* Write protection (Class 6) */
965 case 28: /* CMD28: SET_WRITE_PROT */
967 case sd_transfer_state:
968 if (req.arg >= sd->size) {
969 sd->card_status = ADDRESS_ERROR;
973 sd->state = sd_programming_state;
974 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
975 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
976 /* Bzzzzzzztt .... Operation complete. */
977 sd->state = sd_transfer_state;
985 case 29: /* CMD29: CLR_WRITE_PROT */
987 case sd_transfer_state:
988 if (req.arg >= sd->size) {
989 sd->card_status = ADDRESS_ERROR;
993 sd->state = sd_programming_state;
994 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
995 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
996 /* Bzzzzzzztt .... Operation complete. */
997 sd->state = sd_transfer_state;
1005 case 30: /* CMD30: SEND_WRITE_PROT */
1006 switch (sd->state) {
1007 case sd_transfer_state:
1008 sd->state = sd_sendingdata_state;
1009 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1010 sd->data_start = req.arg;
1011 sd->data_offset = 0;
1019 /* Erase commands (Class 5) */
1020 case 32: /* CMD32: ERASE_WR_BLK_START */
1021 switch (sd->state) {
1022 case sd_transfer_state:
1023 sd->erase_start = req.arg;
1031 case 33: /* CMD33: ERASE_WR_BLK_END */
1032 switch (sd->state) {
1033 case sd_transfer_state:
1034 sd->erase_end = req.arg;
1042 case 38: /* CMD38: ERASE */
1043 switch (sd->state) {
1044 case sd_transfer_state:
1045 if (sd->csd[14] & 0x30) {
1046 sd->card_status |= WP_VIOLATION;
1050 sd->state = sd_programming_state;
1052 /* Bzzzzzzztt .... Operation complete. */
1053 sd->state = sd_transfer_state;
1061 /* Lock card commands (Class 7) */
1062 case 42: /* CMD42: LOCK_UNLOCK */
1064 goto unimplemented_cmd;
1065 switch (sd->state) {
1066 case sd_transfer_state:
1067 sd->state = sd_receivingdata_state;
1069 sd->data_offset = 0;
1077 /* Application specific commands (Class 8) */
1078 case 55: /* CMD55: APP_CMD */
1082 sd->card_status |= APP_CMD;
1085 case 56: /* CMD56: GEN_CMD */
1086 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1088 switch (sd->state) {
1089 case sd_transfer_state:
1090 sd->data_offset = 0;
1092 sd->state = sd_sendingdata_state;
1094 sd->state = sd_receivingdata_state;
1104 sd->card_status |= ILLEGAL_COMMAND;
1106 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1110 /* Commands that are recognised but not yet implemented in SPI mode. */
1111 sd->card_status |= ILLEGAL_COMMAND;
1112 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1116 sd->card_status |= ILLEGAL_COMMAND;
1117 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1121 static sd_rsp_type_t sd_app_command(SDState *sd,
1125 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1126 rca = req.arg >> 16;
1128 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1130 case 6: /* ACMD6: SET_BUS_WIDTH */
1131 switch (sd->state) {
1132 case sd_transfer_state:
1133 sd->sd_status[0] &= 0x3f;
1134 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1142 case 13: /* ACMD13: SD_STATUS */
1143 switch (sd->state) {
1144 case sd_transfer_state:
1146 sd->data_offset = 0;
1154 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1155 switch (sd->state) {
1156 case sd_transfer_state:
1157 *(uint32_t *) sd->data = sd->blk_written;
1160 sd->data_offset = 0;
1168 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1169 switch (sd->state) {
1170 case sd_transfer_state:
1178 case 41: /* ACMD41: SD_APP_OP_COND */
1181 sd->state = sd_transfer_state;
1184 switch (sd->state) {
1186 /* We accept any voltage. 10000 V is nothing. */
1188 sd->state = sd_ready_state;
1197 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1198 switch (sd->state) {
1199 case sd_transfer_state:
1200 /* Bringing in the 50KOhm pull-up resistor... Done. */
1208 case 51: /* ACMD51: SEND_SCR */
1209 switch (sd->state) {
1210 case sd_transfer_state:
1211 sd->state = sd_sendingdata_state;
1213 sd->data_offset = 0;
1222 /* Fall back to standard commands. */
1223 sd->card_status &= ~APP_CMD;
1224 return sd_normal_command(sd, req);
1227 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1231 int sd_do_command(SDState *sd, SDRequest *req,
1232 uint8_t *response) {
1233 uint32_t last_status = sd->card_status;
1234 sd_rsp_type_t rtype;
1237 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1241 if (sd_req_crc_validate(req)) {
1242 sd->card_status &= ~COM_CRC_ERROR;
1246 sd->card_status &= ~CARD_STATUS_B;
1249 if (last_status & CARD_IS_LOCKED)
1250 if (((last_status & APP_CMD) &&
1252 (!(last_status & APP_CMD) &&
1253 (sd_cmd_class[req->cmd] == 0 ||
1254 sd_cmd_class[req->cmd] == 7 ||
1255 req->cmd == 16 || req->cmd == 55))) {
1256 sd->card_status |= ILLEGAL_COMMAND;
1257 fprintf(stderr, "SD: Card is locked\n");
1261 if (last_status & APP_CMD) {
1262 rtype = sd_app_command(sd, *req);
1263 sd->card_status &= ~APP_CMD;
1265 rtype = sd_normal_command(sd, *req);
1267 sd->current_cmd = req->cmd;
1272 sd_response_r1_make(sd, response, last_status);
1277 memcpy(response, sd->cid, sizeof(sd->cid));
1282 memcpy(response, sd->csd, sizeof(sd->csd));
1287 sd_response_r3_make(sd, response);
1292 sd_response_r6_make(sd, response);
1297 sd_response_r7_make(sd, response);
1307 if (sd->card_status & ILLEGAL_COMMAND)
1313 DPRINTF("Response:");
1314 for (i = 0; i < rsplen; i++)
1315 printf(" %02x", response[i]);
1316 printf(" state %d\n", sd->state);
1318 DPRINTF("No response %d\n", sd->state);
1325 /* No real need for 64 bit addresses here */
1326 static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1328 uint32_t end = addr + len;
1330 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1331 fprintf(stderr, "sd_blk_read: read error on host side\n");
1335 if (end > (addr & ~511) + 512) {
1336 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1338 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1339 fprintf(stderr, "sd_blk_read: read error on host side\n");
1342 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1344 memcpy(sd->data, sd->buf + (addr & 511), len);
1347 static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1349 uint32_t end = addr + len;
1351 if ((addr & 511) || len < 512)
1352 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1353 fprintf(stderr, "sd_blk_write: read error on host side\n");
1357 if (end > (addr & ~511) + 512) {
1358 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1359 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1360 fprintf(stderr, "sd_blk_write: write error on host side\n");
1364 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1365 fprintf(stderr, "sd_blk_write: read error on host side\n");
1368 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1369 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1370 fprintf(stderr, "sd_blk_write: write error on host side\n");
1372 memcpy(sd->buf + (addr & 511), sd->data, len);
1373 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1374 fprintf(stderr, "sd_blk_write: write error on host side\n");
1378 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1379 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1380 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1381 #define APP_WRITE_BLOCK(a, len)
1383 void sd_write_data(SDState *sd, uint8_t value)
1387 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1390 if (sd->state != sd_receivingdata_state) {
1391 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1395 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1398 switch (sd->current_cmd) {
1399 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1400 sd->data[sd->data_offset ++] = value;
1401 if (sd->data_offset >= sd->blk_len) {
1402 /* TODO: Check CRC before committing */
1403 sd->state = sd_programming_state;
1404 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1406 sd->csd[14] |= 0x40;
1407 /* Bzzzzzzztt .... Operation complete. */
1408 sd->state = sd_transfer_state;
1412 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1413 sd->data[sd->data_offset ++] = value;
1414 if (sd->data_offset >= sd->blk_len) {
1415 /* TODO: Check CRC before committing */
1416 sd->state = sd_programming_state;
1417 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1419 sd->data_start += sd->blk_len;
1420 sd->data_offset = 0;
1421 if (sd->data_start + sd->blk_len > sd->size) {
1422 sd->card_status |= ADDRESS_ERROR;
1425 if (sd_wp_addr(sd, sd->data_start)) {
1426 sd->card_status |= WP_VIOLATION;
1429 sd->csd[14] |= 0x40;
1431 /* Bzzzzzzztt .... Operation complete. */
1432 sd->state = sd_receivingdata_state;
1436 case 26: /* CMD26: PROGRAM_CID */
1437 sd->data[sd->data_offset ++] = value;
1438 if (sd->data_offset >= sizeof(sd->cid)) {
1439 /* TODO: Check CRC before committing */
1440 sd->state = sd_programming_state;
1441 for (i = 0; i < sizeof(sd->cid); i ++)
1442 if ((sd->cid[i] | 0x00) != sd->data[i])
1443 sd->card_status |= CID_CSD_OVERWRITE;
1445 if (!(sd->card_status & CID_CSD_OVERWRITE))
1446 for (i = 0; i < sizeof(sd->cid); i ++) {
1448 sd->cid[i] &= sd->data[i];
1450 /* Bzzzzzzztt .... Operation complete. */
1451 sd->state = sd_transfer_state;
1455 case 27: /* CMD27: PROGRAM_CSD */
1456 sd->data[sd->data_offset ++] = value;
1457 if (sd->data_offset >= sizeof(sd->csd)) {
1458 /* TODO: Check CRC before committing */
1459 sd->state = sd_programming_state;
1460 for (i = 0; i < sizeof(sd->csd); i ++)
1461 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1462 (sd->data[i] | sd_csd_rw_mask[i]))
1463 sd->card_status |= CID_CSD_OVERWRITE;
1465 /* Copy flag (OTP) & Permanent write protect */
1466 if (sd->csd[14] & ~sd->data[14] & 0x60)
1467 sd->card_status |= CID_CSD_OVERWRITE;
1469 if (!(sd->card_status & CID_CSD_OVERWRITE))
1470 for (i = 0; i < sizeof(sd->csd); i ++) {
1471 sd->csd[i] |= sd_csd_rw_mask[i];
1472 sd->csd[i] &= sd->data[i];
1474 /* Bzzzzzzztt .... Operation complete. */
1475 sd->state = sd_transfer_state;
1479 case 42: /* CMD42: LOCK_UNLOCK */
1480 sd->data[sd->data_offset ++] = value;
1481 if (sd->data_offset >= sd->blk_len) {
1482 /* TODO: Check CRC before committing */
1483 sd->state = sd_programming_state;
1484 sd_lock_command(sd);
1485 /* Bzzzzzzztt .... Operation complete. */
1486 sd->state = sd_transfer_state;
1490 case 56: /* CMD56: GEN_CMD */
1491 sd->data[sd->data_offset ++] = value;
1492 if (sd->data_offset >= sd->blk_len) {
1493 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1494 sd->state = sd_transfer_state;
1499 fprintf(stderr, "sd_write_data: unknown command\n");
1504 uint8_t sd_read_data(SDState *sd)
1506 /* TODO: Append CRCs */
1509 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1512 if (sd->state != sd_sendingdata_state) {
1513 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1517 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1520 switch (sd->current_cmd) {
1521 case 6: /* CMD6: SWITCH_FUNCTION */
1522 ret = sd->data[sd->data_offset ++];
1524 if (sd->data_offset >= 64)
1525 sd->state = sd_transfer_state;
1528 case 9: /* CMD9: SEND_CSD */
1529 case 10: /* CMD10: SEND_CID */
1530 ret = sd->data[sd->data_offset ++];
1532 if (sd->data_offset >= 16)
1533 sd->state = sd_transfer_state;
1536 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1537 if (sd->data_offset == 0)
1538 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1539 ret = sd->data[sd->data_offset ++];
1541 if (sd->data_offset >= sd->blk_len) {
1542 sd->data_start += sd->blk_len;
1543 sd->data_offset = 0;
1544 if (sd->data_start + sd->blk_len > sd->size) {
1545 sd->card_status |= ADDRESS_ERROR;
1551 case 13: /* ACMD13: SD_STATUS */
1552 ret = sd->sd_status[sd->data_offset ++];
1554 if (sd->data_offset >= sizeof(sd->sd_status))
1555 sd->state = sd_transfer_state;
1558 case 17: /* CMD17: READ_SINGLE_BLOCK */
1559 if (sd->data_offset == 0)
1560 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1561 ret = sd->data[sd->data_offset ++];
1563 if (sd->data_offset >= sd->blk_len)
1564 sd->state = sd_transfer_state;
1567 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1568 if (sd->data_offset == 0)
1569 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1570 ret = sd->data[sd->data_offset ++];
1572 if (sd->data_offset >= sd->blk_len) {
1573 sd->data_start += sd->blk_len;
1574 sd->data_offset = 0;
1575 if (sd->data_start + sd->blk_len > sd->size) {
1576 sd->card_status |= ADDRESS_ERROR;
1582 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1583 ret = sd->data[sd->data_offset ++];
1585 if (sd->data_offset >= 4)
1586 sd->state = sd_transfer_state;
1589 case 30: /* CMD30: SEND_WRITE_PROT */
1590 ret = sd->data[sd->data_offset ++];
1592 if (sd->data_offset >= 4)
1593 sd->state = sd_transfer_state;
1596 case 51: /* ACMD51: SEND_SCR */
1597 ret = sd->scr[sd->data_offset ++];
1599 if (sd->data_offset >= sizeof(sd->scr))
1600 sd->state = sd_transfer_state;
1603 case 56: /* CMD56: GEN_CMD */
1604 if (sd->data_offset == 0)
1605 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1606 ret = sd->data[sd->data_offset ++];
1608 if (sd->data_offset >= sd->blk_len)
1609 sd->state = sd_transfer_state;
1613 fprintf(stderr, "sd_read_data: unknown command\n");
1620 int sd_data_ready(SDState *sd)
1622 return sd->state == sd_sendingdata_state;
1625 void sd_enable(SDState *sd, int enable)
1627 sd->enable = enable;
projects / qemu / blob