2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
64 sd_inactive_state = -1,
67 sd_identification_state,
71 sd_receivingdata_state,
81 uint8_t sd_status[64];
91 int function_group[6];
95 /* True if we will handle the next command as an ACMD. Note that this does
96 * *not* track the APP_CMD status bit!
101 uint32_t data_offset;
103 qemu_irq readonly_cb;
104 qemu_irq inserted_cb;
105 BlockDriverState *bdrv;
111 static void sd_set_mode(SDState *sd)
114 case sd_inactive_state:
115 sd->mode = sd_inactive;
120 case sd_identification_state:
121 sd->mode = sd_card_identification_mode;
124 case sd_standby_state:
125 case sd_transfer_state:
126 case sd_sendingdata_state:
127 case sd_receivingdata_state:
128 case sd_programming_state:
129 case sd_disconnect_state:
130 sd->mode = sd_data_transfer_mode;
135 static const sd_cmd_type_t sd_cmd_type[64] = {
136 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
137 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
138 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
139 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
140 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
141 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
142 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
143 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
146 static const sd_cmd_type_t sd_acmd_type[64] = {
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
154 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
157 static const int sd_cmd_class[64] = {
158 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
159 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
160 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
161 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
164 static uint8_t sd_crc7(void *message, size_t width)
167 uint8_t shift_reg = 0x00;
168 uint8_t *msg = (uint8_t *) message;
170 for (i = 0; i < width; i ++, msg ++)
171 for (bit = 7; bit >= 0; bit --) {
173 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
180 static uint16_t sd_crc16(void *message, size_t width)
183 uint16_t shift_reg = 0x0000;
184 uint16_t *msg = (uint16_t *) message;
187 for (i = 0; i < width; i ++, msg ++)
188 for (bit = 15; bit >= 0; bit --) {
190 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
197 static void sd_set_ocr(SDState *sd)
199 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
200 sd->ocr = 0x80ffff00;
203 static void sd_set_scr(SDState *sd)
205 sd->scr[0] = 0x00; /* SCR Structure */
206 sd->scr[1] = 0x2f; /* SD Security Support */
222 static void sd_set_cid(SDState *sd)
224 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
225 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
227 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
232 sd->cid[8] = PRV; /* Fake product revision (PRV) */
233 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
237 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
238 ((MDT_YR - 2000) / 10);
239 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
240 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
243 #define HWBLOCK_SHIFT 9 /* 512 bytes */
244 #define SECTOR_SHIFT 5 /* 16 kilobytes */
245 #define WPGROUP_SHIFT 7 /* 2 megs */
246 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
247 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
249 static const uint8_t sd_csd_rw_mask[16] = {
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
254 static void sd_set_csd(SDState *sd, uint64_t size)
256 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
257 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
258 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
260 if (size <= 0x40000000) { /* Standard Capacity SD */
261 sd->csd[0] = 0x00; /* CSD structure */
262 sd->csd[1] = 0x26; /* Data read access-time-1 */
263 sd->csd[2] = 0x00; /* Data read access-time-2 */
264 sd->csd[3] = 0x5a; /* Max. data transfer rate */
265 sd->csd[4] = 0x5f; /* Card Command Classes */
266 sd->csd[5] = 0x50 | /* Max. read data block length */
268 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
269 ((csize >> 10) & 0x03);
270 sd->csd[7] = 0x00 | /* Device size */
271 ((csize >> 2) & 0xff);
272 sd->csd[8] = 0x3f | /* Max. read current */
273 ((csize << 6) & 0xc0);
274 sd->csd[9] = 0xfc | /* Max. write current */
275 ((CMULT_SHIFT - 2) >> 1);
276 sd->csd[10] = 0x40 | /* Erase sector size */
277 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
278 sd->csd[11] = 0x00 | /* Write protect group size */
279 ((sectsize << 7) & 0x80) | wpsize;
280 sd->csd[12] = 0x90 | /* Write speed factor */
281 (HWBLOCK_SHIFT >> 2);
282 sd->csd[13] = 0x20 | /* Max. write data block length */
283 ((HWBLOCK_SHIFT << 6) & 0xc0);
284 sd->csd[14] = 0x00; /* File format group */
285 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
296 sd->csd[7] = (size >> 16) & 0xff;
297 sd->csd[8] = (size >> 8) & 0xff;
298 sd->csd[9] = (size & 0xff);
305 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
309 static void sd_set_rca(SDState *sd)
314 /* Card status bits, split by clear condition:
315 * A : According to the card current state
316 * B : Always related to the previous command
317 * C : Cleared by read
319 #define CARD_STATUS_A 0x02004100
320 #define CARD_STATUS_B 0x00c01e00
321 #define CARD_STATUS_C 0xfd39a028
323 static void sd_set_cardstatus(SDState *sd)
325 sd->card_status = 0x00000100;
328 static void sd_set_sdstatus(SDState *sd)
330 memset(sd->sd_status, 0, 64);
333 static int sd_req_crc_validate(SDRequest *req)
336 buffer[0] = 0x40 | req->cmd;
337 buffer[1] = (req->arg >> 24) & 0xff;
338 buffer[2] = (req->arg >> 16) & 0xff;
339 buffer[3] = (req->arg >> 8) & 0xff;
340 buffer[4] = (req->arg >> 0) & 0xff;
342 return sd_crc7(buffer, 5) != req->crc; /* TODO */
345 static void sd_response_r1_make(SDState *sd, uint8_t *response)
347 uint32_t status = sd->card_status;
348 /* Clear the "clear on read" status bits */
349 sd->card_status &= ~CARD_STATUS_C;
351 response[0] = (status >> 24) & 0xff;
352 response[1] = (status >> 16) & 0xff;
353 response[2] = (status >> 8) & 0xff;
354 response[3] = (status >> 0) & 0xff;
357 static void sd_response_r3_make(SDState *sd, uint8_t *response)
359 response[0] = (sd->ocr >> 24) & 0xff;
360 response[1] = (sd->ocr >> 16) & 0xff;
361 response[2] = (sd->ocr >> 8) & 0xff;
362 response[3] = (sd->ocr >> 0) & 0xff;
365 static void sd_response_r6_make(SDState *sd, uint8_t *response)
371 status = ((sd->card_status >> 8) & 0xc000) |
372 ((sd->card_status >> 6) & 0x2000) |
373 (sd->card_status & 0x1fff);
374 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
376 response[0] = (arg >> 8) & 0xff;
377 response[1] = arg & 0xff;
378 response[2] = (status >> 8) & 0xff;
379 response[3] = status & 0xff;
382 static void sd_response_r7_make(SDState *sd, uint8_t *response)
384 response[0] = (sd->vhs >> 24) & 0xff;
385 response[1] = (sd->vhs >> 16) & 0xff;
386 response[2] = (sd->vhs >> 8) & 0xff;
387 response[3] = (sd->vhs >> 0) & 0xff;
390 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
396 bdrv_get_geometry(bdrv, §);
402 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
404 sd->state = sd_idle_state;
409 sd_set_csd(sd, size);
410 sd_set_cardstatus(sd);
416 g_free(sd->wp_groups);
417 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
418 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
419 memset(sd->function_group, 0, sizeof(int) * 6);
425 sd->expecting_acmd = 0;
428 static void sd_cardchange(void *opaque, bool load)
430 SDState *sd = opaque;
432 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
433 if (bdrv_is_inserted(sd->bdrv)) {
434 sd_reset(sd, sd->bdrv);
435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
439 static const BlockDevOps sd_block_ops = {
440 .change_media_cb = sd_cardchange,
443 /* We do not model the chip select pin, so allow the board to select
444 whether card should be in SSI or MMC/SD mode. It is also up to the
445 board to ensure that ssi transfers only occur when the chip select
447 SDState *sd_init(BlockDriverState *bs, int is_spi)
451 sd = (SDState *) g_malloc0(sizeof(SDState));
452 sd->buf = qemu_blockalign(bs, 512);
457 bdrv_attach_dev_nofail(sd->bdrv, sd);
458 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
463 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
465 sd->readonly_cb = readonly;
466 sd->inserted_cb = insert;
467 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
468 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
471 static void sd_erase(SDState *sd)
474 if (!sd->erase_start || !sd->erase_end) {
475 sd->card_status |= ERASE_SEQ_ERROR;
479 start = sd->erase_start >>
480 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
481 end = sd->erase_end >>
482 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
487 for (i = start; i <= end; i ++)
488 if (sd->wp_groups[i])
489 sd->card_status |= WP_ERASE_SKIP;
492 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
497 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
499 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
500 if (addr < sd->size && sd->wp_groups[wpnum])
506 static void sd_function_switch(SDState *sd, uint32_t arg)
508 int i, mode, new_func, crc;
509 mode = !!(arg & 0x80000000);
511 sd->data[0] = 0x00; /* Maximum current consumption */
513 sd->data[2] = 0x80; /* Supported group 6 functions */
515 sd->data[4] = 0x80; /* Supported group 5 functions */
517 sd->data[6] = 0x80; /* Supported group 4 functions */
519 sd->data[8] = 0x80; /* Supported group 3 functions */
521 sd->data[10] = 0x80; /* Supported group 2 functions */
523 sd->data[12] = 0x80; /* Supported group 1 functions */
525 for (i = 0; i < 6; i ++) {
526 new_func = (arg >> (i * 4)) & 0x0f;
527 if (mode && new_func != 0x0f)
528 sd->function_group[i] = new_func;
529 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
531 memset(&sd->data[17], 0, 47);
532 crc = sd_crc16(sd->data, 64);
533 sd->data[65] = crc >> 8;
534 sd->data[66] = crc & 0xff;
537 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
539 return sd->wp_groups[addr >>
540 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
543 static void sd_lock_command(SDState *sd)
545 int erase, lock, clr_pwd, set_pwd, pwd_len;
546 erase = !!(sd->data[0] & 0x08);
547 lock = sd->data[0] & 0x04;
548 clr_pwd = sd->data[0] & 0x02;
549 set_pwd = sd->data[0] & 0x01;
552 pwd_len = sd->data[1];
557 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
558 set_pwd || clr_pwd || lock || sd->wp_switch ||
559 (sd->csd[14] & 0x20)) {
560 sd->card_status |= LOCK_UNLOCK_FAILED;
563 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
564 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
565 sd->csd[14] &= ~0x10;
566 sd->card_status &= ~CARD_IS_LOCKED;
568 /* Erasing the entire card here! */
569 fprintf(stderr, "SD: Card force-erased by CMD42\n");
573 if (sd->blk_len < 2 + pwd_len ||
574 pwd_len <= sd->pwd_len ||
575 pwd_len > sd->pwd_len + 16) {
576 sd->card_status |= LOCK_UNLOCK_FAILED;
580 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
581 sd->card_status |= LOCK_UNLOCK_FAILED;
585 pwd_len -= sd->pwd_len;
586 if ((pwd_len && !set_pwd) ||
587 (clr_pwd && (set_pwd || lock)) ||
588 (lock && !sd->pwd_len && !set_pwd) ||
589 (!set_pwd && !clr_pwd &&
590 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
591 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
592 sd->card_status |= LOCK_UNLOCK_FAILED;
597 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
598 sd->pwd_len = pwd_len;
606 sd->card_status |= CARD_IS_LOCKED;
608 sd->card_status &= ~CARD_IS_LOCKED;
611 static sd_rsp_type_t sd_normal_command(SDState *sd,
614 uint32_t rca = 0x0000;
615 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
617 /* Not interpreting this as an app command */
618 sd->card_status &= ~APP_CMD;
620 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
623 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
625 /* Basic commands (Class 0 and Class 1) */
626 case 0: /* CMD0: GO_IDLE_STATE */
628 case sd_inactive_state:
629 return sd->spi ? sd_r1 : sd_r0;
632 sd->state = sd_idle_state;
633 sd_reset(sd, sd->bdrv);
634 return sd->spi ? sd_r1 : sd_r0;
638 case 1: /* CMD1: SEND_OP_CMD */
642 sd->state = sd_transfer_state;
645 case 2: /* CMD2: ALL_SEND_CID */
650 sd->state = sd_identification_state;
658 case 3: /* CMD3: SEND_RELATIVE_ADDR */
662 case sd_identification_state:
663 case sd_standby_state:
664 sd->state = sd_standby_state;
673 case 4: /* CMD4: SEND_DSR */
677 case sd_standby_state:
685 case 5: /* CMD5: reserved for SDIO cards */
688 case 6: /* CMD6: SWITCH_FUNCTION */
692 case sd_data_transfer_mode:
693 sd_function_switch(sd, req.arg);
694 sd->state = sd_sendingdata_state;
704 case 7: /* CMD7: SELECT/DESELECT_CARD */
708 case sd_standby_state:
712 sd->state = sd_transfer_state;
715 case sd_transfer_state:
716 case sd_sendingdata_state:
720 sd->state = sd_standby_state;
723 case sd_disconnect_state:
727 sd->state = sd_programming_state;
730 case sd_programming_state:
734 sd->state = sd_disconnect_state;
742 case 8: /* CMD8: SEND_IF_COND */
743 /* Physical Layer Specification Version 2.00 command */
748 /* No response if not exactly one VHS bit is set. */
749 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
750 return sd->spi ? sd_r7 : sd_r0;
761 case 9: /* CMD9: SEND_CSD */
763 case sd_standby_state:
769 case sd_transfer_state:
772 sd->state = sd_sendingdata_state;
773 memcpy(sd->data, sd->csd, 16);
774 sd->data_start = addr;
783 case 10: /* CMD10: SEND_CID */
785 case sd_standby_state:
791 case sd_transfer_state:
794 sd->state = sd_sendingdata_state;
795 memcpy(sd->data, sd->cid, 16);
796 sd->data_start = addr;
805 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
809 case sd_transfer_state:
810 sd->state = sd_sendingdata_state;
811 sd->data_start = req.arg;
814 if (sd->data_start + sd->blk_len > sd->size)
815 sd->card_status |= ADDRESS_ERROR;
823 case 12: /* CMD12: STOP_TRANSMISSION */
825 case sd_sendingdata_state:
826 sd->state = sd_transfer_state;
829 case sd_receivingdata_state:
830 sd->state = sd_programming_state;
831 /* Bzzzzzzztt .... Operation complete. */
832 sd->state = sd_transfer_state;
840 case 13: /* CMD13: SEND_STATUS */
842 case sd_data_transfer_mode:
853 case 15: /* CMD15: GO_INACTIVE_STATE */
857 case sd_data_transfer_mode:
861 sd->state = sd_inactive_state;
869 /* Block read commands (Classs 2) */
870 case 16: /* CMD16: SET_BLOCKLEN */
872 case sd_transfer_state:
873 if (req.arg > (1 << HWBLOCK_SHIFT))
874 sd->card_status |= BLOCK_LEN_ERROR;
876 sd->blk_len = req.arg;
885 case 17: /* CMD17: READ_SINGLE_BLOCK */
887 case sd_transfer_state:
888 sd->state = sd_sendingdata_state;
889 sd->data_start = addr;
892 if (sd->data_start + sd->blk_len > sd->size)
893 sd->card_status |= ADDRESS_ERROR;
901 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
903 case sd_transfer_state:
904 sd->state = sd_sendingdata_state;
905 sd->data_start = addr;
908 if (sd->data_start + sd->blk_len > sd->size)
909 sd->card_status |= ADDRESS_ERROR;
917 /* Block write commands (Class 4) */
918 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
920 goto unimplemented_cmd;
922 case sd_transfer_state:
923 /* Writing in SPI mode not implemented. */
926 sd->state = sd_receivingdata_state;
927 sd->data_start = addr;
931 if (sd->data_start + sd->blk_len > sd->size)
932 sd->card_status |= ADDRESS_ERROR;
933 if (sd_wp_addr(sd, sd->data_start))
934 sd->card_status |= WP_VIOLATION;
935 if (sd->csd[14] & 0x30)
936 sd->card_status |= WP_VIOLATION;
944 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
946 goto unimplemented_cmd;
948 case sd_transfer_state:
949 /* Writing in SPI mode not implemented. */
952 sd->state = sd_receivingdata_state;
953 sd->data_start = addr;
957 if (sd->data_start + sd->blk_len > sd->size)
958 sd->card_status |= ADDRESS_ERROR;
959 if (sd_wp_addr(sd, sd->data_start))
960 sd->card_status |= WP_VIOLATION;
961 if (sd->csd[14] & 0x30)
962 sd->card_status |= WP_VIOLATION;
970 case 26: /* CMD26: PROGRAM_CID */
974 case sd_transfer_state:
975 sd->state = sd_receivingdata_state;
985 case 27: /* CMD27: PROGRAM_CSD */
987 goto unimplemented_cmd;
989 case sd_transfer_state:
990 sd->state = sd_receivingdata_state;
1000 /* Write protection (Class 6) */
1001 case 28: /* CMD28: SET_WRITE_PROT */
1002 switch (sd->state) {
1003 case sd_transfer_state:
1004 if (addr >= sd->size) {
1005 sd->card_status |= ADDRESS_ERROR;
1009 sd->state = sd_programming_state;
1010 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1011 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1012 /* Bzzzzzzztt .... Operation complete. */
1013 sd->state = sd_transfer_state;
1021 case 29: /* CMD29: CLR_WRITE_PROT */
1022 switch (sd->state) {
1023 case sd_transfer_state:
1024 if (addr >= sd->size) {
1025 sd->card_status |= ADDRESS_ERROR;
1029 sd->state = sd_programming_state;
1030 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1031 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1032 /* Bzzzzzzztt .... Operation complete. */
1033 sd->state = sd_transfer_state;
1041 case 30: /* CMD30: SEND_WRITE_PROT */
1042 switch (sd->state) {
1043 case sd_transfer_state:
1044 sd->state = sd_sendingdata_state;
1045 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1046 sd->data_start = addr;
1047 sd->data_offset = 0;
1055 /* Erase commands (Class 5) */
1056 case 32: /* CMD32: ERASE_WR_BLK_START */
1057 switch (sd->state) {
1058 case sd_transfer_state:
1059 sd->erase_start = req.arg;
1067 case 33: /* CMD33: ERASE_WR_BLK_END */
1068 switch (sd->state) {
1069 case sd_transfer_state:
1070 sd->erase_end = req.arg;
1078 case 38: /* CMD38: ERASE */
1079 switch (sd->state) {
1080 case sd_transfer_state:
1081 if (sd->csd[14] & 0x30) {
1082 sd->card_status |= WP_VIOLATION;
1086 sd->state = sd_programming_state;
1088 /* Bzzzzzzztt .... Operation complete. */
1089 sd->state = sd_transfer_state;
1097 /* Lock card commands (Class 7) */
1098 case 42: /* CMD42: LOCK_UNLOCK */
1100 goto unimplemented_cmd;
1101 switch (sd->state) {
1102 case sd_transfer_state:
1103 sd->state = sd_receivingdata_state;
1105 sd->data_offset = 0;
1115 /* CMD52, CMD53: reserved for SDIO cards
1116 * (see the SDIO Simplified Specification V2.0)
1117 * Handle as illegal command but do not complain
1118 * on stderr, as some OSes may use these in their
1119 * probing for presence of an SDIO card.
1123 /* Application specific commands (Class 8) */
1124 case 55: /* CMD55: APP_CMD */
1128 sd->expecting_acmd = 1;
1129 sd->card_status |= APP_CMD;
1132 case 56: /* CMD56: GEN_CMD */
1133 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1135 switch (sd->state) {
1136 case sd_transfer_state:
1137 sd->data_offset = 0;
1139 sd->state = sd_sendingdata_state;
1141 sd->state = sd_receivingdata_state;
1151 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1155 /* Commands that are recognised but not yet implemented in SPI mode. */
1156 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1160 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1164 static sd_rsp_type_t sd_app_command(SDState *sd,
1167 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1168 sd->card_status |= APP_CMD;
1170 case 6: /* ACMD6: SET_BUS_WIDTH */
1171 switch (sd->state) {
1172 case sd_transfer_state:
1173 sd->sd_status[0] &= 0x3f;
1174 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1182 case 13: /* ACMD13: SD_STATUS */
1183 switch (sd->state) {
1184 case sd_transfer_state:
1185 sd->state = sd_sendingdata_state;
1187 sd->data_offset = 0;
1195 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1196 switch (sd->state) {
1197 case sd_transfer_state:
1198 *(uint32_t *) sd->data = sd->blk_written;
1200 sd->state = sd_sendingdata_state;
1202 sd->data_offset = 0;
1210 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1211 switch (sd->state) {
1212 case sd_transfer_state:
1220 case 41: /* ACMD41: SD_APP_OP_COND */
1223 sd->state = sd_transfer_state;
1226 switch (sd->state) {
1228 /* We accept any voltage. 10000 V is nothing. */
1230 sd->state = sd_ready_state;
1239 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1240 switch (sd->state) {
1241 case sd_transfer_state:
1242 /* Bringing in the 50KOhm pull-up resistor... Done. */
1250 case 51: /* ACMD51: SEND_SCR */
1251 switch (sd->state) {
1252 case sd_transfer_state:
1253 sd->state = sd_sendingdata_state;
1255 sd->data_offset = 0;
1264 /* Fall back to standard commands. */
1265 return sd_normal_command(sd, req);
1268 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1272 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1274 /* Valid commands in locked state:
1276 * lock card class (7)
1278 * implicitly, the ACMD prefix CMD55
1280 * Anything else provokes an "illegal command" response.
1282 if (sd->expecting_acmd) {
1283 return req->cmd == 41 || req->cmd == 42;
1285 if (req->cmd == 16 || req->cmd == 55) {
1288 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1291 int sd_do_command(SDState *sd, SDRequest *req,
1292 uint8_t *response) {
1294 sd_rsp_type_t rtype;
1297 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1301 if (sd_req_crc_validate(req)) {
1302 sd->card_status |= COM_CRC_ERROR;
1307 if (sd->card_status & CARD_IS_LOCKED) {
1308 if (!cmd_valid_while_locked(sd, req)) {
1309 sd->card_status |= ILLEGAL_COMMAND;
1310 sd->expecting_acmd = 0;
1311 fprintf(stderr, "SD: Card is locked\n");
1317 last_state = sd->state;
1320 if (sd->expecting_acmd) {
1321 sd->expecting_acmd = 0;
1322 rtype = sd_app_command(sd, *req);
1324 rtype = sd_normal_command(sd, *req);
1327 if (rtype == sd_illegal) {
1328 sd->card_status |= ILLEGAL_COMMAND;
1330 /* Valid command, we can update the 'state before command' bits.
1331 * (Do this now so they appear in r1 responses.)
1333 sd->current_cmd = req->cmd;
1334 sd->card_status &= ~CURRENT_STATE;
1335 sd->card_status |= (last_state << 9);
1342 sd_response_r1_make(sd, response);
1347 memcpy(response, sd->cid, sizeof(sd->cid));
1352 memcpy(response, sd->csd, sizeof(sd->csd));
1357 sd_response_r3_make(sd, response);
1362 sd_response_r6_make(sd, response);
1367 sd_response_r7_make(sd, response);
1378 if (rtype != sd_illegal) {
1379 /* Clear the "clear on valid command" status bits now we've
1382 sd->card_status &= ~CARD_STATUS_B;
1388 DPRINTF("Response:");
1389 for (i = 0; i < rsplen; i++)
1390 printf(" %02x", response[i]);
1391 printf(" state %d\n", sd->state);
1393 DPRINTF("No response %d\n", sd->state);
1400 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1402 uint64_t end = addr + len;
1404 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1405 (unsigned long long) addr, len);
1406 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1407 fprintf(stderr, "sd_blk_read: read error on host side\n");
1411 if (end > (addr & ~511) + 512) {
1412 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1414 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1415 fprintf(stderr, "sd_blk_read: read error on host side\n");
1418 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1420 memcpy(sd->data, sd->buf + (addr & 511), len);
1423 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1425 uint64_t end = addr + len;
1427 if ((addr & 511) || len < 512)
1428 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1429 fprintf(stderr, "sd_blk_write: read error on host side\n");
1433 if (end > (addr & ~511) + 512) {
1434 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1435 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1436 fprintf(stderr, "sd_blk_write: write error on host side\n");
1440 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1441 fprintf(stderr, "sd_blk_write: read error on host side\n");
1444 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1445 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1446 fprintf(stderr, "sd_blk_write: write error on host side\n");
1448 memcpy(sd->buf + (addr & 511), sd->data, len);
1449 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1450 fprintf(stderr, "sd_blk_write: write error on host side\n");
1454 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1455 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1456 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1457 #define APP_WRITE_BLOCK(a, len)
1459 void sd_write_data(SDState *sd, uint8_t value)
1463 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1466 if (sd->state != sd_receivingdata_state) {
1467 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1471 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1474 switch (sd->current_cmd) {
1475 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1476 sd->data[sd->data_offset ++] = value;
1477 if (sd->data_offset >= sd->blk_len) {
1478 /* TODO: Check CRC before committing */
1479 sd->state = sd_programming_state;
1480 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1482 sd->csd[14] |= 0x40;
1483 /* Bzzzzzzztt .... Operation complete. */
1484 sd->state = sd_transfer_state;
1488 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1489 if (sd->data_offset == 0) {
1490 /* Start of the block - lets check the address is valid */
1491 if (sd->data_start + sd->blk_len > sd->size) {
1492 sd->card_status |= ADDRESS_ERROR;
1495 if (sd_wp_addr(sd, sd->data_start)) {
1496 sd->card_status |= WP_VIOLATION;
1500 sd->data[sd->data_offset++] = value;
1501 if (sd->data_offset >= sd->blk_len) {
1502 /* TODO: Check CRC before committing */
1503 sd->state = sd_programming_state;
1504 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1506 sd->data_start += sd->blk_len;
1507 sd->data_offset = 0;
1508 sd->csd[14] |= 0x40;
1510 /* Bzzzzzzztt .... Operation complete. */
1511 sd->state = sd_receivingdata_state;
1515 case 26: /* CMD26: PROGRAM_CID */
1516 sd->data[sd->data_offset ++] = value;
1517 if (sd->data_offset >= sizeof(sd->cid)) {
1518 /* TODO: Check CRC before committing */
1519 sd->state = sd_programming_state;
1520 for (i = 0; i < sizeof(sd->cid); i ++)
1521 if ((sd->cid[i] | 0x00) != sd->data[i])
1522 sd->card_status |= CID_CSD_OVERWRITE;
1524 if (!(sd->card_status & CID_CSD_OVERWRITE))
1525 for (i = 0; i < sizeof(sd->cid); i ++) {
1527 sd->cid[i] &= sd->data[i];
1529 /* Bzzzzzzztt .... Operation complete. */
1530 sd->state = sd_transfer_state;
1534 case 27: /* CMD27: PROGRAM_CSD */
1535 sd->data[sd->data_offset ++] = value;
1536 if (sd->data_offset >= sizeof(sd->csd)) {
1537 /* TODO: Check CRC before committing */
1538 sd->state = sd_programming_state;
1539 for (i = 0; i < sizeof(sd->csd); i ++)
1540 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1541 (sd->data[i] | sd_csd_rw_mask[i]))
1542 sd->card_status |= CID_CSD_OVERWRITE;
1544 /* Copy flag (OTP) & Permanent write protect */
1545 if (sd->csd[14] & ~sd->data[14] & 0x60)
1546 sd->card_status |= CID_CSD_OVERWRITE;
1548 if (!(sd->card_status & CID_CSD_OVERWRITE))
1549 for (i = 0; i < sizeof(sd->csd); i ++) {
1550 sd->csd[i] |= sd_csd_rw_mask[i];
1551 sd->csd[i] &= sd->data[i];
1553 /* Bzzzzzzztt .... Operation complete. */
1554 sd->state = sd_transfer_state;
1558 case 42: /* CMD42: LOCK_UNLOCK */
1559 sd->data[sd->data_offset ++] = value;
1560 if (sd->data_offset >= sd->blk_len) {
1561 /* TODO: Check CRC before committing */
1562 sd->state = sd_programming_state;
1563 sd_lock_command(sd);
1564 /* Bzzzzzzztt .... Operation complete. */
1565 sd->state = sd_transfer_state;
1569 case 56: /* CMD56: GEN_CMD */
1570 sd->data[sd->data_offset ++] = value;
1571 if (sd->data_offset >= sd->blk_len) {
1572 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1573 sd->state = sd_transfer_state;
1578 fprintf(stderr, "sd_write_data: unknown command\n");
1583 uint8_t sd_read_data(SDState *sd)
1585 /* TODO: Append CRCs */
1589 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1592 if (sd->state != sd_sendingdata_state) {
1593 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1597 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1600 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1602 switch (sd->current_cmd) {
1603 case 6: /* CMD6: SWITCH_FUNCTION */
1604 ret = sd->data[sd->data_offset ++];
1606 if (sd->data_offset >= 64)
1607 sd->state = sd_transfer_state;
1610 case 9: /* CMD9: SEND_CSD */
1611 case 10: /* CMD10: SEND_CID */
1612 ret = sd->data[sd->data_offset ++];
1614 if (sd->data_offset >= 16)
1615 sd->state = sd_transfer_state;
1618 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1619 if (sd->data_offset == 0)
1620 BLK_READ_BLOCK(sd->data_start, io_len);
1621 ret = sd->data[sd->data_offset ++];
1623 if (sd->data_offset >= io_len) {
1624 sd->data_start += io_len;
1625 sd->data_offset = 0;
1626 if (sd->data_start + io_len > sd->size) {
1627 sd->card_status |= ADDRESS_ERROR;
1633 case 13: /* ACMD13: SD_STATUS */
1634 ret = sd->sd_status[sd->data_offset ++];
1636 if (sd->data_offset >= sizeof(sd->sd_status))
1637 sd->state = sd_transfer_state;
1640 case 17: /* CMD17: READ_SINGLE_BLOCK */
1641 if (sd->data_offset == 0)
1642 BLK_READ_BLOCK(sd->data_start, io_len);
1643 ret = sd->data[sd->data_offset ++];
1645 if (sd->data_offset >= io_len)
1646 sd->state = sd_transfer_state;
1649 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1650 if (sd->data_offset == 0)
1651 BLK_READ_BLOCK(sd->data_start, io_len);
1652 ret = sd->data[sd->data_offset ++];
1654 if (sd->data_offset >= io_len) {
1655 sd->data_start += io_len;
1656 sd->data_offset = 0;
1657 if (sd->data_start + io_len > sd->size) {
1658 sd->card_status |= ADDRESS_ERROR;
1664 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1665 ret = sd->data[sd->data_offset ++];
1667 if (sd->data_offset >= 4)
1668 sd->state = sd_transfer_state;
1671 case 30: /* CMD30: SEND_WRITE_PROT */
1672 ret = sd->data[sd->data_offset ++];
1674 if (sd->data_offset >= 4)
1675 sd->state = sd_transfer_state;
1678 case 51: /* ACMD51: SEND_SCR */
1679 ret = sd->scr[sd->data_offset ++];
1681 if (sd->data_offset >= sizeof(sd->scr))
1682 sd->state = sd_transfer_state;
1685 case 56: /* CMD56: GEN_CMD */
1686 if (sd->data_offset == 0)
1687 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1688 ret = sd->data[sd->data_offset ++];
1690 if (sd->data_offset >= sd->blk_len)
1691 sd->state = sd_transfer_state;
1695 fprintf(stderr, "sd_read_data: unknown command\n");
1702 int sd_data_ready(SDState *sd)
1704 return sd->state == sd_sendingdata_state;
1707 void sd_enable(SDState *sd, int enable)
1709 sd->enable = enable;
projects / qemu.git / blob