2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "block_int.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
53 sd_r7, /* Operating voltage */
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
64 sd_inactive_state = -1,
67 sd_identification_state,
71 sd_receivingdata_state,
81 uint8_t sd_status[64];
91 int function_group[6];
100 qemu_irq inserted_cb;
101 BlockDriverState *bdrv;
107 static void sd_set_status(SDState *sd)
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
134 static const sd_cmd_type_t sd_cmd_type[64] = {
135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
145 static const sd_cmd_type_t sd_acmd_type[64] = {
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
156 static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
163 static uint8_t sd_crc7(void *message, size_t width)
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
179 static uint16_t sd_crc16(void *message, size_t width)
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
196 static void sd_set_ocr(SDState *sd)
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd->ocr = 0x80ffff00;
202 static void sd_set_scr(SDState *sd)
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
221 static void sd_set_cid(SDState *sd)
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248 static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
253 static void sd_set_csd(SDState *sd, uint64_t size)
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
308 static void sd_set_rca(SDState *sd)
313 #define CARD_STATUS_A 0x02004100
314 #define CARD_STATUS_B 0x00c01e00
315 #define CARD_STATUS_C 0xfd39a028
317 static void sd_set_cardstatus(SDState *sd)
319 sd->card_status = 0x00000100;
322 static void sd_set_sdstatus(SDState *sd)
324 memset(sd->sd_status, 0, 64);
327 static int sd_req_crc_validate(SDRequest *req)
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
339 static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
378 static void sd_response_r7_make(SDState *sd, uint8_t *response)
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
386 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
392 bdrv_get_geometry(bdrv, §);
398 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
400 sd->state = sd_idle_state;
405 sd_set_csd(sd, size);
406 sd_set_cardstatus(sd);
412 g_free(sd->wp_groups);
413 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
414 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
415 memset(sd->function_group, 0, sizeof(int) * 6);
423 static void sd_cardchange(void *opaque)
425 SDState *sd = opaque;
427 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
428 if (bdrv_is_inserted(sd->bdrv)) {
429 sd_reset(sd, sd->bdrv);
430 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
434 static const BlockDevOps sd_block_ops = {
435 .change_media_cb = sd_cardchange,
438 /* We do not model the chip select pin, so allow the board to select
439 whether card should be in SSI or MMC/SD mode. It is also up to the
440 board to ensure that ssi transfers only occur when the chip select
442 SDState *sd_init(BlockDriverState *bs, int is_spi)
446 sd = (SDState *) g_malloc0(sizeof(SDState));
447 sd->buf = qemu_blockalign(bs, 512);
452 bdrv_attach_dev_nofail(sd->bdrv, sd);
453 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
458 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
460 sd->readonly_cb = readonly;
461 sd->inserted_cb = insert;
462 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
463 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
466 static void sd_erase(SDState *sd)
469 if (!sd->erase_start || !sd->erase_end) {
470 sd->card_status |= ERASE_SEQ_ERROR;
474 start = sd->erase_start >>
475 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
476 end = sd->erase_end >>
477 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
482 for (i = start; i <= end; i ++)
483 if (sd->wp_groups[i])
484 sd->card_status |= WP_ERASE_SKIP;
487 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
492 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
494 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
495 if (addr < sd->size && sd->wp_groups[wpnum])
501 static void sd_function_switch(SDState *sd, uint32_t arg)
503 int i, mode, new_func, crc;
504 mode = !!(arg & 0x80000000);
506 sd->data[0] = 0x00; /* Maximum current consumption */
508 sd->data[2] = 0x80; /* Supported group 6 functions */
510 sd->data[4] = 0x80; /* Supported group 5 functions */
512 sd->data[6] = 0x80; /* Supported group 4 functions */
514 sd->data[8] = 0x80; /* Supported group 3 functions */
516 sd->data[10] = 0x80; /* Supported group 2 functions */
518 sd->data[12] = 0x80; /* Supported group 1 functions */
520 for (i = 0; i < 6; i ++) {
521 new_func = (arg >> (i * 4)) & 0x0f;
522 if (mode && new_func != 0x0f)
523 sd->function_group[i] = new_func;
524 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
526 memset(&sd->data[17], 0, 47);
527 crc = sd_crc16(sd->data, 64);
528 sd->data[65] = crc >> 8;
529 sd->data[66] = crc & 0xff;
532 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
534 return sd->wp_groups[addr >>
535 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
538 static void sd_lock_command(SDState *sd)
540 int erase, lock, clr_pwd, set_pwd, pwd_len;
541 erase = !!(sd->data[0] & 0x08);
542 lock = sd->data[0] & 0x04;
543 clr_pwd = sd->data[0] & 0x02;
544 set_pwd = sd->data[0] & 0x01;
547 pwd_len = sd->data[1];
552 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
553 set_pwd || clr_pwd || lock || sd->wp_switch ||
554 (sd->csd[14] & 0x20)) {
555 sd->card_status |= LOCK_UNLOCK_FAILED;
558 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
559 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
560 sd->csd[14] &= ~0x10;
561 sd->card_status &= ~CARD_IS_LOCKED;
563 /* Erasing the entire card here! */
564 fprintf(stderr, "SD: Card force-erased by CMD42\n");
568 if (sd->blk_len < 2 + pwd_len ||
569 pwd_len <= sd->pwd_len ||
570 pwd_len > sd->pwd_len + 16) {
571 sd->card_status |= LOCK_UNLOCK_FAILED;
575 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
576 sd->card_status |= LOCK_UNLOCK_FAILED;
580 pwd_len -= sd->pwd_len;
581 if ((pwd_len && !set_pwd) ||
582 (clr_pwd && (set_pwd || lock)) ||
583 (lock && !sd->pwd_len && !set_pwd) ||
584 (!set_pwd && !clr_pwd &&
585 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
586 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
587 sd->card_status |= LOCK_UNLOCK_FAILED;
592 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
593 sd->pwd_len = pwd_len;
601 sd->card_status |= CARD_IS_LOCKED;
603 sd->card_status &= ~CARD_IS_LOCKED;
606 static sd_rsp_type_t sd_normal_command(SDState *sd,
609 uint32_t rca = 0x0000;
610 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
612 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
615 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
617 /* Basic commands (Class 0 and Class 1) */
618 case 0: /* CMD0: GO_IDLE_STATE */
620 case sd_inactive_state:
621 return sd->spi ? sd_r1 : sd_r0;
624 sd->state = sd_idle_state;
625 sd_reset(sd, sd->bdrv);
626 return sd->spi ? sd_r1 : sd_r0;
630 case 1: /* CMD1: SEND_OP_CMD */
634 sd->state = sd_transfer_state;
637 case 2: /* CMD2: ALL_SEND_CID */
642 sd->state = sd_identification_state;
650 case 3: /* CMD3: SEND_RELATIVE_ADDR */
654 case sd_identification_state:
655 case sd_standby_state:
656 sd->state = sd_standby_state;
665 case 4: /* CMD4: SEND_DSR */
669 case sd_standby_state:
677 case 5: /* CMD5: reserved for SDIO cards */
678 sd->card_status |= ILLEGAL_COMMAND;
681 case 6: /* CMD6: SWITCH_FUNCTION */
685 case sd_data_transfer_mode:
686 sd_function_switch(sd, req.arg);
687 sd->state = sd_sendingdata_state;
697 case 7: /* CMD7: SELECT/DESELECT_CARD */
701 case sd_standby_state:
705 sd->state = sd_transfer_state;
708 case sd_transfer_state:
709 case sd_sendingdata_state:
713 sd->state = sd_standby_state;
716 case sd_disconnect_state:
720 sd->state = sd_programming_state;
723 case sd_programming_state:
727 sd->state = sd_disconnect_state;
735 case 8: /* CMD8: SEND_IF_COND */
736 /* Physical Layer Specification Version 2.00 command */
741 /* No response if not exactly one VHS bit is set. */
742 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
743 return sd->spi ? sd_r7 : sd_r0;
754 case 9: /* CMD9: SEND_CSD */
756 case sd_standby_state:
762 case sd_transfer_state:
765 sd->state = sd_sendingdata_state;
766 memcpy(sd->data, sd->csd, 16);
767 sd->data_start = addr;
776 case 10: /* CMD10: SEND_CID */
778 case sd_standby_state:
784 case sd_transfer_state:
787 sd->state = sd_sendingdata_state;
788 memcpy(sd->data, sd->cid, 16);
789 sd->data_start = addr;
798 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
802 case sd_transfer_state:
803 sd->state = sd_sendingdata_state;
804 sd->data_start = req.arg;
807 if (sd->data_start + sd->blk_len > sd->size)
808 sd->card_status |= ADDRESS_ERROR;
816 case 12: /* CMD12: STOP_TRANSMISSION */
818 case sd_sendingdata_state:
819 sd->state = sd_transfer_state;
822 case sd_receivingdata_state:
823 sd->state = sd_programming_state;
824 /* Bzzzzzzztt .... Operation complete. */
825 sd->state = sd_transfer_state;
833 case 13: /* CMD13: SEND_STATUS */
835 case sd_data_transfer_mode:
846 case 15: /* CMD15: GO_INACTIVE_STATE */
850 case sd_data_transfer_mode:
854 sd->state = sd_inactive_state;
862 /* Block read commands (Classs 2) */
863 case 16: /* CMD16: SET_BLOCKLEN */
865 case sd_transfer_state:
866 if (req.arg > (1 << HWBLOCK_SHIFT))
867 sd->card_status |= BLOCK_LEN_ERROR;
869 sd->blk_len = req.arg;
878 case 17: /* CMD17: READ_SINGLE_BLOCK */
880 case sd_transfer_state:
881 sd->state = sd_sendingdata_state;
882 sd->data_start = addr;
885 if (sd->data_start + sd->blk_len > sd->size)
886 sd->card_status |= ADDRESS_ERROR;
894 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
896 case sd_transfer_state:
897 sd->state = sd_sendingdata_state;
898 sd->data_start = addr;
901 if (sd->data_start + sd->blk_len > sd->size)
902 sd->card_status |= ADDRESS_ERROR;
910 /* Block write commands (Class 4) */
911 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
913 goto unimplemented_cmd;
915 case sd_transfer_state:
916 /* Writing in SPI mode not implemented. */
919 sd->state = sd_receivingdata_state;
920 sd->data_start = addr;
924 if (sd->data_start + sd->blk_len > sd->size)
925 sd->card_status |= ADDRESS_ERROR;
926 if (sd_wp_addr(sd, sd->data_start))
927 sd->card_status |= WP_VIOLATION;
928 if (sd->csd[14] & 0x30)
929 sd->card_status |= WP_VIOLATION;
937 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
939 goto unimplemented_cmd;
941 case sd_transfer_state:
942 /* Writing in SPI mode not implemented. */
945 sd->state = sd_receivingdata_state;
946 sd->data_start = addr;
950 if (sd->data_start + sd->blk_len > sd->size)
951 sd->card_status |= ADDRESS_ERROR;
952 if (sd_wp_addr(sd, sd->data_start))
953 sd->card_status |= WP_VIOLATION;
954 if (sd->csd[14] & 0x30)
955 sd->card_status |= WP_VIOLATION;
963 case 26: /* CMD26: PROGRAM_CID */
967 case sd_transfer_state:
968 sd->state = sd_receivingdata_state;
978 case 27: /* CMD27: PROGRAM_CSD */
980 goto unimplemented_cmd;
982 case sd_transfer_state:
983 sd->state = sd_receivingdata_state;
993 /* Write protection (Class 6) */
994 case 28: /* CMD28: SET_WRITE_PROT */
996 case sd_transfer_state:
997 if (addr >= sd->size) {
998 sd->card_status = ADDRESS_ERROR;
1002 sd->state = sd_programming_state;
1003 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1004 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1005 /* Bzzzzzzztt .... Operation complete. */
1006 sd->state = sd_transfer_state;
1014 case 29: /* CMD29: CLR_WRITE_PROT */
1015 switch (sd->state) {
1016 case sd_transfer_state:
1017 if (addr >= sd->size) {
1018 sd->card_status = ADDRESS_ERROR;
1022 sd->state = sd_programming_state;
1023 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1024 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1025 /* Bzzzzzzztt .... Operation complete. */
1026 sd->state = sd_transfer_state;
1034 case 30: /* CMD30: SEND_WRITE_PROT */
1035 switch (sd->state) {
1036 case sd_transfer_state:
1037 sd->state = sd_sendingdata_state;
1038 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1039 sd->data_start = addr;
1040 sd->data_offset = 0;
1048 /* Erase commands (Class 5) */
1049 case 32: /* CMD32: ERASE_WR_BLK_START */
1050 switch (sd->state) {
1051 case sd_transfer_state:
1052 sd->erase_start = req.arg;
1060 case 33: /* CMD33: ERASE_WR_BLK_END */
1061 switch (sd->state) {
1062 case sd_transfer_state:
1063 sd->erase_end = req.arg;
1071 case 38: /* CMD38: ERASE */
1072 switch (sd->state) {
1073 case sd_transfer_state:
1074 if (sd->csd[14] & 0x30) {
1075 sd->card_status |= WP_VIOLATION;
1079 sd->state = sd_programming_state;
1081 /* Bzzzzzzztt .... Operation complete. */
1082 sd->state = sd_transfer_state;
1090 /* Lock card commands (Class 7) */
1091 case 42: /* CMD42: LOCK_UNLOCK */
1093 goto unimplemented_cmd;
1094 switch (sd->state) {
1095 case sd_transfer_state:
1096 sd->state = sd_receivingdata_state;
1098 sd->data_offset = 0;
1108 /* CMD52, CMD53: reserved for SDIO cards
1109 * (see the SDIO Simplified Specification V2.0)
1110 * Handle as illegal command but do not complain
1111 * on stderr, as some OSes may use these in their
1112 * probing for presence of an SDIO card.
1114 sd->card_status |= ILLEGAL_COMMAND;
1117 /* Application specific commands (Class 8) */
1118 case 55: /* CMD55: APP_CMD */
1122 sd->card_status |= APP_CMD;
1125 case 56: /* CMD56: GEN_CMD */
1126 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1128 switch (sd->state) {
1129 case sd_transfer_state:
1130 sd->data_offset = 0;
1132 sd->state = sd_sendingdata_state;
1134 sd->state = sd_receivingdata_state;
1144 sd->card_status |= ILLEGAL_COMMAND;
1146 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1150 /* Commands that are recognised but not yet implemented in SPI mode. */
1151 sd->card_status |= ILLEGAL_COMMAND;
1152 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1156 sd->card_status |= ILLEGAL_COMMAND;
1157 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1161 static sd_rsp_type_t sd_app_command(SDState *sd,
1164 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1166 case 6: /* ACMD6: SET_BUS_WIDTH */
1167 switch (sd->state) {
1168 case sd_transfer_state:
1169 sd->sd_status[0] &= 0x3f;
1170 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1178 case 13: /* ACMD13: SD_STATUS */
1179 switch (sd->state) {
1180 case sd_transfer_state:
1181 sd->state = sd_sendingdata_state;
1183 sd->data_offset = 0;
1191 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1192 switch (sd->state) {
1193 case sd_transfer_state:
1194 *(uint32_t *) sd->data = sd->blk_written;
1196 sd->state = sd_sendingdata_state;
1198 sd->data_offset = 0;
1206 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1207 switch (sd->state) {
1208 case sd_transfer_state:
1216 case 41: /* ACMD41: SD_APP_OP_COND */
1219 sd->state = sd_transfer_state;
1222 switch (sd->state) {
1224 /* We accept any voltage. 10000 V is nothing. */
1226 sd->state = sd_ready_state;
1235 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1236 switch (sd->state) {
1237 case sd_transfer_state:
1238 /* Bringing in the 50KOhm pull-up resistor... Done. */
1246 case 51: /* ACMD51: SEND_SCR */
1247 switch (sd->state) {
1248 case sd_transfer_state:
1249 sd->state = sd_sendingdata_state;
1251 sd->data_offset = 0;
1260 /* Fall back to standard commands. */
1261 sd->card_status &= ~APP_CMD;
1262 return sd_normal_command(sd, req);
1265 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1269 int sd_do_command(SDState *sd, SDRequest *req,
1270 uint8_t *response) {
1271 uint32_t last_status = sd->card_status;
1272 sd_rsp_type_t rtype;
1275 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1279 if (sd_req_crc_validate(req)) {
1280 sd->card_status &= ~COM_CRC_ERROR;
1284 sd->card_status &= ~CARD_STATUS_B;
1287 if (last_status & CARD_IS_LOCKED)
1288 if (((last_status & APP_CMD) &&
1290 (!(last_status & APP_CMD) &&
1291 (sd_cmd_class[req->cmd] == 0 ||
1292 sd_cmd_class[req->cmd] == 7 ||
1293 req->cmd == 16 || req->cmd == 55))) {
1294 sd->card_status |= ILLEGAL_COMMAND;
1295 fprintf(stderr, "SD: Card is locked\n");
1299 if (last_status & APP_CMD) {
1300 rtype = sd_app_command(sd, *req);
1301 sd->card_status &= ~APP_CMD;
1303 rtype = sd_normal_command(sd, *req);
1305 sd->current_cmd = req->cmd;
1310 sd_response_r1_make(sd, response, last_status);
1315 memcpy(response, sd->cid, sizeof(sd->cid));
1320 memcpy(response, sd->csd, sizeof(sd->csd));
1325 sd_response_r3_make(sd, response);
1330 sd_response_r6_make(sd, response);
1335 sd_response_r7_make(sd, response);
1345 if (sd->card_status & ILLEGAL_COMMAND)
1351 DPRINTF("Response:");
1352 for (i = 0; i < rsplen; i++)
1353 printf(" %02x", response[i]);
1354 printf(" state %d\n", sd->state);
1356 DPRINTF("No response %d\n", sd->state);
1363 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1365 uint64_t end = addr + len;
1367 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1368 (unsigned long long) addr, len);
1369 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1370 fprintf(stderr, "sd_blk_read: read error on host side\n");
1374 if (end > (addr & ~511) + 512) {
1375 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1377 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1378 fprintf(stderr, "sd_blk_read: read error on host side\n");
1381 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1383 memcpy(sd->data, sd->buf + (addr & 511), len);
1386 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1388 uint64_t end = addr + len;
1390 if ((addr & 511) || len < 512)
1391 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1392 fprintf(stderr, "sd_blk_write: read error on host side\n");
1396 if (end > (addr & ~511) + 512) {
1397 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1398 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1399 fprintf(stderr, "sd_blk_write: write error on host side\n");
1403 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1404 fprintf(stderr, "sd_blk_write: read error on host side\n");
1407 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1408 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1409 fprintf(stderr, "sd_blk_write: write error on host side\n");
1411 memcpy(sd->buf + (addr & 511), sd->data, len);
1412 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1413 fprintf(stderr, "sd_blk_write: write error on host side\n");
1417 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1418 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1419 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1420 #define APP_WRITE_BLOCK(a, len)
1422 void sd_write_data(SDState *sd, uint8_t value)
1426 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1429 if (sd->state != sd_receivingdata_state) {
1430 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1434 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1437 switch (sd->current_cmd) {
1438 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1439 sd->data[sd->data_offset ++] = value;
1440 if (sd->data_offset >= sd->blk_len) {
1441 /* TODO: Check CRC before committing */
1442 sd->state = sd_programming_state;
1443 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1445 sd->csd[14] |= 0x40;
1446 /* Bzzzzzzztt .... Operation complete. */
1447 sd->state = sd_transfer_state;
1451 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1452 if (sd->data_offset == 0) {
1453 /* Start of the block - lets check the address is valid */
1454 if (sd->data_start + sd->blk_len > sd->size) {
1455 sd->card_status |= ADDRESS_ERROR;
1458 if (sd_wp_addr(sd, sd->data_start)) {
1459 sd->card_status |= WP_VIOLATION;
1463 sd->data[sd->data_offset++] = value;
1464 if (sd->data_offset >= sd->blk_len) {
1465 /* TODO: Check CRC before committing */
1466 sd->state = sd_programming_state;
1467 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1469 sd->data_start += sd->blk_len;
1470 sd->data_offset = 0;
1471 sd->csd[14] |= 0x40;
1473 /* Bzzzzzzztt .... Operation complete. */
1474 sd->state = sd_receivingdata_state;
1478 case 26: /* CMD26: PROGRAM_CID */
1479 sd->data[sd->data_offset ++] = value;
1480 if (sd->data_offset >= sizeof(sd->cid)) {
1481 /* TODO: Check CRC before committing */
1482 sd->state = sd_programming_state;
1483 for (i = 0; i < sizeof(sd->cid); i ++)
1484 if ((sd->cid[i] | 0x00) != sd->data[i])
1485 sd->card_status |= CID_CSD_OVERWRITE;
1487 if (!(sd->card_status & CID_CSD_OVERWRITE))
1488 for (i = 0; i < sizeof(sd->cid); i ++) {
1490 sd->cid[i] &= sd->data[i];
1492 /* Bzzzzzzztt .... Operation complete. */
1493 sd->state = sd_transfer_state;
1497 case 27: /* CMD27: PROGRAM_CSD */
1498 sd->data[sd->data_offset ++] = value;
1499 if (sd->data_offset >= sizeof(sd->csd)) {
1500 /* TODO: Check CRC before committing */
1501 sd->state = sd_programming_state;
1502 for (i = 0; i < sizeof(sd->csd); i ++)
1503 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1504 (sd->data[i] | sd_csd_rw_mask[i]))
1505 sd->card_status |= CID_CSD_OVERWRITE;
1507 /* Copy flag (OTP) & Permanent write protect */
1508 if (sd->csd[14] & ~sd->data[14] & 0x60)
1509 sd->card_status |= CID_CSD_OVERWRITE;
1511 if (!(sd->card_status & CID_CSD_OVERWRITE))
1512 for (i = 0; i < sizeof(sd->csd); i ++) {
1513 sd->csd[i] |= sd_csd_rw_mask[i];
1514 sd->csd[i] &= sd->data[i];
1516 /* Bzzzzzzztt .... Operation complete. */
1517 sd->state = sd_transfer_state;
1521 case 42: /* CMD42: LOCK_UNLOCK */
1522 sd->data[sd->data_offset ++] = value;
1523 if (sd->data_offset >= sd->blk_len) {
1524 /* TODO: Check CRC before committing */
1525 sd->state = sd_programming_state;
1526 sd_lock_command(sd);
1527 /* Bzzzzzzztt .... Operation complete. */
1528 sd->state = sd_transfer_state;
1532 case 56: /* CMD56: GEN_CMD */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sd->blk_len) {
1535 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1536 sd->state = sd_transfer_state;
1541 fprintf(stderr, "sd_write_data: unknown command\n");
1546 uint8_t sd_read_data(SDState *sd)
1548 /* TODO: Append CRCs */
1552 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1555 if (sd->state != sd_sendingdata_state) {
1556 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1560 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1563 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1565 switch (sd->current_cmd) {
1566 case 6: /* CMD6: SWITCH_FUNCTION */
1567 ret = sd->data[sd->data_offset ++];
1569 if (sd->data_offset >= 64)
1570 sd->state = sd_transfer_state;
1573 case 9: /* CMD9: SEND_CSD */
1574 case 10: /* CMD10: SEND_CID */
1575 ret = sd->data[sd->data_offset ++];
1577 if (sd->data_offset >= 16)
1578 sd->state = sd_transfer_state;
1581 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1582 if (sd->data_offset == 0)
1583 BLK_READ_BLOCK(sd->data_start, io_len);
1584 ret = sd->data[sd->data_offset ++];
1586 if (sd->data_offset >= io_len) {
1587 sd->data_start += io_len;
1588 sd->data_offset = 0;
1589 if (sd->data_start + io_len > sd->size) {
1590 sd->card_status |= ADDRESS_ERROR;
1596 case 13: /* ACMD13: SD_STATUS */
1597 ret = sd->sd_status[sd->data_offset ++];
1599 if (sd->data_offset >= sizeof(sd->sd_status))
1600 sd->state = sd_transfer_state;
1603 case 17: /* CMD17: READ_SINGLE_BLOCK */
1604 if (sd->data_offset == 0)
1605 BLK_READ_BLOCK(sd->data_start, io_len);
1606 ret = sd->data[sd->data_offset ++];
1608 if (sd->data_offset >= io_len)
1609 sd->state = sd_transfer_state;
1612 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1613 if (sd->data_offset == 0)
1614 BLK_READ_BLOCK(sd->data_start, io_len);
1615 ret = sd->data[sd->data_offset ++];
1617 if (sd->data_offset >= io_len) {
1618 sd->data_start += io_len;
1619 sd->data_offset = 0;
1620 if (sd->data_start + io_len > sd->size) {
1621 sd->card_status |= ADDRESS_ERROR;
1627 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1628 ret = sd->data[sd->data_offset ++];
1630 if (sd->data_offset >= 4)
1631 sd->state = sd_transfer_state;
1634 case 30: /* CMD30: SEND_WRITE_PROT */
1635 ret = sd->data[sd->data_offset ++];
1637 if (sd->data_offset >= 4)
1638 sd->state = sd_transfer_state;
1641 case 51: /* ACMD51: SEND_SCR */
1642 ret = sd->scr[sd->data_offset ++];
1644 if (sd->data_offset >= sizeof(sd->scr))
1645 sd->state = sd_transfer_state;
1648 case 56: /* CMD56: GEN_CMD */
1649 if (sd->data_offset == 0)
1650 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1651 ret = sd->data[sd->data_offset ++];
1653 if (sd->data_offset >= sd->blk_len)
1654 sd->state = sd_transfer_state;
1658 fprintf(stderr, "sd_read_data: unknown command\n");
1665 int sd_data_ready(SDState *sd)
1667 return sd->state == sd_sendingdata_state;
1670 void sd_enable(SDState *sd, int enable)
1672 sd->enable = enable;
projects / qemu.git / blob