2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint64_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 if (size <= 0x40000000) { /* Standard Capacity SD */
259 sd->csd[0] = 0x00; /* CSD structure */
260 sd->csd[1] = 0x26; /* Data read access-time-1 */
261 sd->csd[2] = 0x00; /* Data read access-time-2 */
262 sd->csd[3] = 0x5a; /* Max. data transfer rate */
263 sd->csd[4] = 0x5f; /* Card Command Classes */
264 sd->csd[5] = 0x50 | /* Max. read data block length */
266 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize >> 10) & 0x03);
268 sd->csd[7] = 0x00 | /* Device size */
269 ((csize >> 2) & 0xff);
270 sd->csd[8] = 0x3f | /* Max. read current */
271 ((csize << 6) & 0xc0);
272 sd->csd[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT - 2) >> 1);
274 sd->csd[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
276 sd->csd[11] = 0x00 | /* Write protect group size */
277 ((sectsize << 7) & 0x80) | wpsize;
278 sd->csd[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT >> 2);
280 sd->csd[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT << 6) & 0xc0);
282 sd->csd[14] = 0x00; /* File format group */
283 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
294 sd->csd[7] = (size >> 16) & 0xff;
295 sd->csd[8] = (size >> 8) & 0xff;
296 sd->csd[9] = (size & 0xff);
303 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
307 static void sd_set_rca(SDState *sd)
312 #define CARD_STATUS_A 0x02004100
313 #define CARD_STATUS_B 0x00c01e00
314 #define CARD_STATUS_C 0xfd39a028
316 static void sd_set_cardstatus(SDState *sd)
318 sd->card_status = 0x00000100;
321 static void sd_set_sdstatus(SDState *sd)
323 memset(sd->sd_status, 0, 64);
326 static int sd_req_crc_validate(SDRequest *req)
329 buffer[0] = 0x40 | req->cmd;
330 buffer[1] = (req->arg >> 24) & 0xff;
331 buffer[2] = (req->arg >> 16) & 0xff;
332 buffer[3] = (req->arg >> 8) & 0xff;
333 buffer[4] = (req->arg >> 0) & 0xff;
335 return sd_crc7(buffer, 5) != req->crc; /* TODO */
338 static void sd_response_r1_make(SDState *sd,
339 uint8_t *response, uint32_t last_status)
341 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
344 status = (sd->card_status & ~mask) | (last_status & mask);
345 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347 response[0] = (status >> 24) & 0xff;
348 response[1] = (status >> 16) & 0xff;
349 response[2] = (status >> 8) & 0xff;
350 response[3] = (status >> 0) & 0xff;
353 static void sd_response_r3_make(SDState *sd, uint8_t *response)
355 response[0] = (sd->ocr >> 24) & 0xff;
356 response[1] = (sd->ocr >> 16) & 0xff;
357 response[2] = (sd->ocr >> 8) & 0xff;
358 response[3] = (sd->ocr >> 0) & 0xff;
361 static void sd_response_r6_make(SDState *sd, uint8_t *response)
367 status = ((sd->card_status >> 8) & 0xc000) |
368 ((sd->card_status >> 6) & 0x2000) |
369 (sd->card_status & 0x1fff);
371 response[0] = (arg >> 8) & 0xff;
372 response[1] = arg & 0xff;
373 response[2] = (status >> 8) & 0xff;
374 response[3] = status & 0xff;
377 static void sd_response_r7_make(SDState *sd, uint8_t *response)
379 response[0] = (sd->vhs >> 24) & 0xff;
380 response[1] = (sd->vhs >> 16) & 0xff;
381 response[2] = (sd->vhs >> 8) & 0xff;
382 response[3] = (sd->vhs >> 0) & 0xff;
385 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
391 bdrv_get_geometry(bdrv, §);
399 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
401 sd->state = sd_idle_state;
406 sd_set_csd(sd, size);
407 sd_set_cardstatus(sd);
413 qemu_free(sd->wp_groups);
414 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
415 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
416 memset(sd->function_group, 0, sizeof(int) * 6);
424 static void sd_cardchange(void *opaque)
426 SDState *sd = opaque;
427 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
428 if (bdrv_is_inserted(sd->bdrv)) {
429 sd_reset(sd, sd->bdrv);
430 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
434 /* We do not model the chip select pin, so allow the board to select
435 whether card should be in SSI or MMC/SD mode. It is also up to the
436 board to ensure that ssi transfers only occur when the chip select
438 SDState *sd_init(BlockDriverState *bs, int is_spi)
442 sd = (SDState *) qemu_mallocz(sizeof(SDState));
443 sd->buf = qemu_memalign(512, 512);
448 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
453 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
455 sd->readonly_cb = readonly;
456 sd->inserted_cb = insert;
457 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
458 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
461 static void sd_erase(SDState *sd)
464 if (!sd->erase_start || !sd->erase_end) {
465 sd->card_status |= ERASE_SEQ_ERROR;
469 start = sd->erase_start >>
470 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
471 end = sd->erase_end >>
472 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 for (i = start; i <= end; i ++)
478 if (sd->wp_groups[i])
479 sd->card_status |= WP_ERASE_SKIP;
482 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
487 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
489 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
490 if (addr < sd->size && sd->wp_groups[wpnum])
496 static void sd_function_switch(SDState *sd, uint32_t arg)
498 int i, mode, new_func, crc;
499 mode = !!(arg & 0x80000000);
501 sd->data[0] = 0x00; /* Maximum current consumption */
503 sd->data[2] = 0x80; /* Supported group 6 functions */
505 sd->data[4] = 0x80; /* Supported group 5 functions */
507 sd->data[6] = 0x80; /* Supported group 4 functions */
509 sd->data[8] = 0x80; /* Supported group 3 functions */
511 sd->data[10] = 0x80; /* Supported group 2 functions */
513 sd->data[12] = 0x80; /* Supported group 1 functions */
515 for (i = 0; i < 6; i ++) {
516 new_func = (arg >> (i * 4)) & 0x0f;
517 if (mode && new_func != 0x0f)
518 sd->function_group[i] = new_func;
519 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
521 memset(&sd->data[17], 0, 47);
522 crc = sd_crc16(sd->data, 64);
523 sd->data[65] = crc >> 8;
524 sd->data[66] = crc & 0xff;
527 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
529 return sd->wp_groups[addr >>
530 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
533 static void sd_lock_command(SDState *sd)
535 int erase, lock, clr_pwd, set_pwd, pwd_len;
536 erase = !!(sd->data[0] & 0x08);
537 lock = sd->data[0] & 0x04;
538 clr_pwd = sd->data[0] & 0x02;
539 set_pwd = sd->data[0] & 0x01;
542 pwd_len = sd->data[1];
547 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
548 set_pwd || clr_pwd || lock || sd->wp_switch ||
549 (sd->csd[14] & 0x20)) {
550 sd->card_status |= LOCK_UNLOCK_FAILED;
553 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
554 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
555 sd->csd[14] &= ~0x10;
556 sd->card_status &= ~CARD_IS_LOCKED;
558 /* Erasing the entire card here! */
559 fprintf(stderr, "SD: Card force-erased by CMD42\n");
563 if (sd->blk_len < 2 + pwd_len ||
564 pwd_len <= sd->pwd_len ||
565 pwd_len > sd->pwd_len + 16) {
566 sd->card_status |= LOCK_UNLOCK_FAILED;
570 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
571 sd->card_status |= LOCK_UNLOCK_FAILED;
575 pwd_len -= sd->pwd_len;
576 if ((pwd_len && !set_pwd) ||
577 (clr_pwd && (set_pwd || lock)) ||
578 (lock && !sd->pwd_len && !set_pwd) ||
579 (!set_pwd && !clr_pwd &&
580 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
581 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
582 sd->card_status |= LOCK_UNLOCK_FAILED;
587 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
588 sd->pwd_len = pwd_len;
596 sd->card_status |= CARD_IS_LOCKED;
598 sd->card_status &= ~CARD_IS_LOCKED;
601 static sd_rsp_type_t sd_normal_command(SDState *sd,
604 uint32_t rca = 0x0000;
605 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
607 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
610 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
612 /* Basic commands (Class 0 and Class 1) */
613 case 0: /* CMD0: GO_IDLE_STATE */
615 case sd_inactive_state:
616 return sd->spi ? sd_r1 : sd_r0;
619 sd->state = sd_idle_state;
620 sd_reset(sd, sd->bdrv);
621 return sd->spi ? sd_r1 : sd_r0;
625 case 1: /* CMD1: SEND_OP_CMD */
629 sd->state = sd_transfer_state;
632 case 2: /* CMD2: ALL_SEND_CID */
637 sd->state = sd_identification_state;
645 case 3: /* CMD3: SEND_RELATIVE_ADDR */
649 case sd_identification_state:
650 case sd_standby_state:
651 sd->state = sd_standby_state;
660 case 4: /* CMD4: SEND_DSR */
664 case sd_standby_state:
672 case 5: /* CMD5: reserved for SDIO cards */
673 sd->card_status |= ILLEGAL_COMMAND;
676 case 6: /* CMD6: SWITCH_FUNCTION */
680 case sd_data_transfer_mode:
681 sd_function_switch(sd, req.arg);
682 sd->state = sd_sendingdata_state;
692 case 7: /* CMD7: SELECT/DESELECT_CARD */
696 case sd_standby_state:
700 sd->state = sd_transfer_state;
703 case sd_transfer_state:
704 case sd_sendingdata_state:
708 sd->state = sd_standby_state;
711 case sd_disconnect_state:
715 sd->state = sd_programming_state;
718 case sd_programming_state:
722 sd->state = sd_disconnect_state;
730 case 8: /* CMD8: SEND_IF_COND */
731 /* Physical Layer Specification Version 2.00 command */
736 /* No response if not exactly one VHS bit is set. */
737 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
738 return sd->spi ? sd_r7 : sd_r0;
749 case 9: /* CMD9: SEND_CSD */
751 case sd_standby_state:
757 case sd_transfer_state:
760 sd->state = sd_sendingdata_state;
761 memcpy(sd->data, sd->csd, 16);
762 sd->data_start = addr;
771 case 10: /* CMD10: SEND_CID */
773 case sd_standby_state:
779 case sd_transfer_state:
782 sd->state = sd_sendingdata_state;
783 memcpy(sd->data, sd->cid, 16);
784 sd->data_start = addr;
793 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
797 case sd_transfer_state:
798 sd->state = sd_sendingdata_state;
799 sd->data_start = req.arg;
802 if (sd->data_start + sd->blk_len > sd->size)
803 sd->card_status |= ADDRESS_ERROR;
811 case 12: /* CMD12: STOP_TRANSMISSION */
813 case sd_sendingdata_state:
814 sd->state = sd_transfer_state;
817 case sd_receivingdata_state:
818 sd->state = sd_programming_state;
819 /* Bzzzzzzztt .... Operation complete. */
820 sd->state = sd_transfer_state;
828 case 13: /* CMD13: SEND_STATUS */
830 case sd_data_transfer_mode:
841 case 15: /* CMD15: GO_INACTIVE_STATE */
845 case sd_data_transfer_mode:
849 sd->state = sd_inactive_state;
857 /* Block read commands (Classs 2) */
858 case 16: /* CMD16: SET_BLOCKLEN */
860 case sd_transfer_state:
861 if (req.arg > (1 << HWBLOCK_SHIFT))
862 sd->card_status |= BLOCK_LEN_ERROR;
864 sd->blk_len = req.arg;
873 case 17: /* CMD17: READ_SINGLE_BLOCK */
875 case sd_transfer_state:
876 sd->state = sd_sendingdata_state;
877 sd->data_start = addr;
880 if (sd->data_start + sd->blk_len > sd->size)
881 sd->card_status |= ADDRESS_ERROR;
889 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
891 case sd_transfer_state:
892 sd->state = sd_sendingdata_state;
893 sd->data_start = addr;
896 if (sd->data_start + sd->blk_len > sd->size)
897 sd->card_status |= ADDRESS_ERROR;
905 /* Block write commands (Class 4) */
906 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
908 goto unimplemented_cmd;
910 case sd_transfer_state:
911 /* Writing in SPI mode not implemented. */
914 sd->state = sd_receivingdata_state;
915 sd->data_start = addr;
919 if (sd->data_start + sd->blk_len > sd->size)
920 sd->card_status |= ADDRESS_ERROR;
921 if (sd_wp_addr(sd, sd->data_start))
922 sd->card_status |= WP_VIOLATION;
923 if (sd->csd[14] & 0x30)
924 sd->card_status |= WP_VIOLATION;
932 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
934 goto unimplemented_cmd;
936 case sd_transfer_state:
937 /* Writing in SPI mode not implemented. */
940 sd->state = sd_receivingdata_state;
941 sd->data_start = addr;
945 if (sd->data_start + sd->blk_len > sd->size)
946 sd->card_status |= ADDRESS_ERROR;
947 if (sd_wp_addr(sd, sd->data_start))
948 sd->card_status |= WP_VIOLATION;
949 if (sd->csd[14] & 0x30)
950 sd->card_status |= WP_VIOLATION;
958 case 26: /* CMD26: PROGRAM_CID */
962 case sd_transfer_state:
963 sd->state = sd_receivingdata_state;
973 case 27: /* CMD27: PROGRAM_CSD */
975 goto unimplemented_cmd;
977 case sd_transfer_state:
978 sd->state = sd_receivingdata_state;
988 /* Write protection (Class 6) */
989 case 28: /* CMD28: SET_WRITE_PROT */
991 case sd_transfer_state:
992 if (addr >= sd->size) {
993 sd->card_status = ADDRESS_ERROR;
997 sd->state = sd_programming_state;
998 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
999 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1000 /* Bzzzzzzztt .... Operation complete. */
1001 sd->state = sd_transfer_state;
1009 case 29: /* CMD29: CLR_WRITE_PROT */
1010 switch (sd->state) {
1011 case sd_transfer_state:
1012 if (addr >= sd->size) {
1013 sd->card_status = ADDRESS_ERROR;
1017 sd->state = sd_programming_state;
1018 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1019 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1020 /* Bzzzzzzztt .... Operation complete. */
1021 sd->state = sd_transfer_state;
1029 case 30: /* CMD30: SEND_WRITE_PROT */
1030 switch (sd->state) {
1031 case sd_transfer_state:
1032 sd->state = sd_sendingdata_state;
1033 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1034 sd->data_start = addr;
1035 sd->data_offset = 0;
1043 /* Erase commands (Class 5) */
1044 case 32: /* CMD32: ERASE_WR_BLK_START */
1045 switch (sd->state) {
1046 case sd_transfer_state:
1047 sd->erase_start = req.arg;
1055 case 33: /* CMD33: ERASE_WR_BLK_END */
1056 switch (sd->state) {
1057 case sd_transfer_state:
1058 sd->erase_end = req.arg;
1066 case 38: /* CMD38: ERASE */
1067 switch (sd->state) {
1068 case sd_transfer_state:
1069 if (sd->csd[14] & 0x30) {
1070 sd->card_status |= WP_VIOLATION;
1074 sd->state = sd_programming_state;
1076 /* Bzzzzzzztt .... Operation complete. */
1077 sd->state = sd_transfer_state;
1085 /* Lock card commands (Class 7) */
1086 case 42: /* CMD42: LOCK_UNLOCK */
1088 goto unimplemented_cmd;
1089 switch (sd->state) {
1090 case sd_transfer_state:
1091 sd->state = sd_receivingdata_state;
1093 sd->data_offset = 0;
1101 /* Application specific commands (Class 8) */
1102 case 55: /* CMD55: APP_CMD */
1106 sd->card_status |= APP_CMD;
1109 case 56: /* CMD56: GEN_CMD */
1110 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1112 switch (sd->state) {
1113 case sd_transfer_state:
1114 sd->data_offset = 0;
1116 sd->state = sd_sendingdata_state;
1118 sd->state = sd_receivingdata_state;
1128 sd->card_status |= ILLEGAL_COMMAND;
1130 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1134 /* Commands that are recognised but not yet implemented in SPI mode. */
1135 sd->card_status |= ILLEGAL_COMMAND;
1136 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1140 sd->card_status |= ILLEGAL_COMMAND;
1141 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1145 static sd_rsp_type_t sd_app_command(SDState *sd,
1148 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1150 case 6: /* ACMD6: SET_BUS_WIDTH */
1151 switch (sd->state) {
1152 case sd_transfer_state:
1153 sd->sd_status[0] &= 0x3f;
1154 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1162 case 13: /* ACMD13: SD_STATUS */
1163 switch (sd->state) {
1164 case sd_transfer_state:
1166 sd->data_offset = 0;
1174 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1175 switch (sd->state) {
1176 case sd_transfer_state:
1177 *(uint32_t *) sd->data = sd->blk_written;
1180 sd->data_offset = 0;
1188 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1189 switch (sd->state) {
1190 case sd_transfer_state:
1198 case 41: /* ACMD41: SD_APP_OP_COND */
1201 sd->state = sd_transfer_state;
1204 switch (sd->state) {
1206 /* We accept any voltage. 10000 V is nothing. */
1208 sd->state = sd_ready_state;
1217 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1218 switch (sd->state) {
1219 case sd_transfer_state:
1220 /* Bringing in the 50KOhm pull-up resistor... Done. */
1228 case 51: /* ACMD51: SEND_SCR */
1229 switch (sd->state) {
1230 case sd_transfer_state:
1231 sd->state = sd_sendingdata_state;
1233 sd->data_offset = 0;
1242 /* Fall back to standard commands. */
1243 sd->card_status &= ~APP_CMD;
1244 return sd_normal_command(sd, req);
1247 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1251 int sd_do_command(SDState *sd, SDRequest *req,
1252 uint8_t *response) {
1253 uint32_t last_status = sd->card_status;
1254 sd_rsp_type_t rtype;
1257 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1261 if (sd_req_crc_validate(req)) {
1262 sd->card_status &= ~COM_CRC_ERROR;
1266 sd->card_status &= ~CARD_STATUS_B;
1269 if (last_status & CARD_IS_LOCKED)
1270 if (((last_status & APP_CMD) &&
1272 (!(last_status & APP_CMD) &&
1273 (sd_cmd_class[req->cmd] == 0 ||
1274 sd_cmd_class[req->cmd] == 7 ||
1275 req->cmd == 16 || req->cmd == 55))) {
1276 sd->card_status |= ILLEGAL_COMMAND;
1277 fprintf(stderr, "SD: Card is locked\n");
1281 if (last_status & APP_CMD) {
1282 rtype = sd_app_command(sd, *req);
1283 sd->card_status &= ~APP_CMD;
1285 rtype = sd_normal_command(sd, *req);
1287 sd->current_cmd = req->cmd;
1292 sd_response_r1_make(sd, response, last_status);
1297 memcpy(response, sd->cid, sizeof(sd->cid));
1302 memcpy(response, sd->csd, sizeof(sd->csd));
1307 sd_response_r3_make(sd, response);
1312 sd_response_r6_make(sd, response);
1317 sd_response_r7_make(sd, response);
1327 if (sd->card_status & ILLEGAL_COMMAND)
1333 DPRINTF("Response:");
1334 for (i = 0; i < rsplen; i++)
1335 printf(" %02x", response[i]);
1336 printf(" state %d\n", sd->state);
1338 DPRINTF("No response %d\n", sd->state);
1345 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1347 uint64_t end = addr + len;
1349 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1350 (unsigned long long) addr, len);
1351 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1352 fprintf(stderr, "sd_blk_read: read error on host side\n");
1356 if (end > (addr & ~511) + 512) {
1357 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1359 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1360 fprintf(stderr, "sd_blk_read: read error on host side\n");
1363 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1365 memcpy(sd->data, sd->buf + (addr & 511), len);
1368 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1370 uint64_t end = addr + len;
1372 if ((addr & 511) || len < 512)
1373 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1374 fprintf(stderr, "sd_blk_write: read error on host side\n");
1378 if (end > (addr & ~511) + 512) {
1379 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1380 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1381 fprintf(stderr, "sd_blk_write: write error on host side\n");
1385 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1386 fprintf(stderr, "sd_blk_write: read error on host side\n");
1389 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1390 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1391 fprintf(stderr, "sd_blk_write: write error on host side\n");
1393 memcpy(sd->buf + (addr & 511), sd->data, len);
1394 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1395 fprintf(stderr, "sd_blk_write: write error on host side\n");
1399 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1400 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1401 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1402 #define APP_WRITE_BLOCK(a, len)
1404 void sd_write_data(SDState *sd, uint8_t value)
1408 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1411 if (sd->state != sd_receivingdata_state) {
1412 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1416 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1419 switch (sd->current_cmd) {
1420 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1421 sd->data[sd->data_offset ++] = value;
1422 if (sd->data_offset >= sd->blk_len) {
1423 /* TODO: Check CRC before committing */
1424 sd->state = sd_programming_state;
1425 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1427 sd->csd[14] |= 0x40;
1428 /* Bzzzzzzztt .... Operation complete. */
1429 sd->state = sd_transfer_state;
1433 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1434 sd->data[sd->data_offset ++] = value;
1435 if (sd->data_offset >= sd->blk_len) {
1436 /* TODO: Check CRC before committing */
1437 sd->state = sd_programming_state;
1438 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1440 sd->data_start += sd->blk_len;
1441 sd->data_offset = 0;
1442 if (sd->data_start + sd->blk_len > sd->size) {
1443 sd->card_status |= ADDRESS_ERROR;
1446 if (sd_wp_addr(sd, sd->data_start)) {
1447 sd->card_status |= WP_VIOLATION;
1450 sd->csd[14] |= 0x40;
1452 /* Bzzzzzzztt .... Operation complete. */
1453 sd->state = sd_receivingdata_state;
1457 case 26: /* CMD26: PROGRAM_CID */
1458 sd->data[sd->data_offset ++] = value;
1459 if (sd->data_offset >= sizeof(sd->cid)) {
1460 /* TODO: Check CRC before committing */
1461 sd->state = sd_programming_state;
1462 for (i = 0; i < sizeof(sd->cid); i ++)
1463 if ((sd->cid[i] | 0x00) != sd->data[i])
1464 sd->card_status |= CID_CSD_OVERWRITE;
1466 if (!(sd->card_status & CID_CSD_OVERWRITE))
1467 for (i = 0; i < sizeof(sd->cid); i ++) {
1469 sd->cid[i] &= sd->data[i];
1471 /* Bzzzzzzztt .... Operation complete. */
1472 sd->state = sd_transfer_state;
1476 case 27: /* CMD27: PROGRAM_CSD */
1477 sd->data[sd->data_offset ++] = value;
1478 if (sd->data_offset >= sizeof(sd->csd)) {
1479 /* TODO: Check CRC before committing */
1480 sd->state = sd_programming_state;
1481 for (i = 0; i < sizeof(sd->csd); i ++)
1482 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1483 (sd->data[i] | sd_csd_rw_mask[i]))
1484 sd->card_status |= CID_CSD_OVERWRITE;
1486 /* Copy flag (OTP) & Permanent write protect */
1487 if (sd->csd[14] & ~sd->data[14] & 0x60)
1488 sd->card_status |= CID_CSD_OVERWRITE;
1490 if (!(sd->card_status & CID_CSD_OVERWRITE))
1491 for (i = 0; i < sizeof(sd->csd); i ++) {
1492 sd->csd[i] |= sd_csd_rw_mask[i];
1493 sd->csd[i] &= sd->data[i];
1495 /* Bzzzzzzztt .... Operation complete. */
1496 sd->state = sd_transfer_state;
1500 case 42: /* CMD42: LOCK_UNLOCK */
1501 sd->data[sd->data_offset ++] = value;
1502 if (sd->data_offset >= sd->blk_len) {
1503 /* TODO: Check CRC before committing */
1504 sd->state = sd_programming_state;
1505 sd_lock_command(sd);
1506 /* Bzzzzzzztt .... Operation complete. */
1507 sd->state = sd_transfer_state;
1511 case 56: /* CMD56: GEN_CMD */
1512 sd->data[sd->data_offset ++] = value;
1513 if (sd->data_offset >= sd->blk_len) {
1514 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1515 sd->state = sd_transfer_state;
1520 fprintf(stderr, "sd_write_data: unknown command\n");
1525 uint8_t sd_read_data(SDState *sd)
1527 /* TODO: Append CRCs */
1531 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1534 if (sd->state != sd_sendingdata_state) {
1535 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1539 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1542 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1544 switch (sd->current_cmd) {
1545 case 6: /* CMD6: SWITCH_FUNCTION */
1546 ret = sd->data[sd->data_offset ++];
1548 if (sd->data_offset >= 64)
1549 sd->state = sd_transfer_state;
1552 case 9: /* CMD9: SEND_CSD */
1553 case 10: /* CMD10: SEND_CID */
1554 ret = sd->data[sd->data_offset ++];
1556 if (sd->data_offset >= 16)
1557 sd->state = sd_transfer_state;
1560 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1561 if (sd->data_offset == 0)
1562 BLK_READ_BLOCK(sd->data_start, io_len);
1563 ret = sd->data[sd->data_offset ++];
1565 if (sd->data_offset >= io_len) {
1566 sd->data_start += io_len;
1567 sd->data_offset = 0;
1568 if (sd->data_start + io_len > sd->size) {
1569 sd->card_status |= ADDRESS_ERROR;
1575 case 13: /* ACMD13: SD_STATUS */
1576 ret = sd->sd_status[sd->data_offset ++];
1578 if (sd->data_offset >= sizeof(sd->sd_status))
1579 sd->state = sd_transfer_state;
1582 case 17: /* CMD17: READ_SINGLE_BLOCK */
1583 if (sd->data_offset == 0)
1584 BLK_READ_BLOCK(sd->data_start, io_len);
1585 ret = sd->data[sd->data_offset ++];
1587 if (sd->data_offset >= io_len)
1588 sd->state = sd_transfer_state;
1591 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1592 if (sd->data_offset == 0)
1593 BLK_READ_BLOCK(sd->data_start, io_len);
1594 ret = sd->data[sd->data_offset ++];
1596 if (sd->data_offset >= io_len) {
1597 sd->data_start += io_len;
1598 sd->data_offset = 0;
1599 if (sd->data_start + io_len > sd->size) {
1600 sd->card_status |= ADDRESS_ERROR;
1606 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1607 ret = sd->data[sd->data_offset ++];
1609 if (sd->data_offset >= 4)
1610 sd->state = sd_transfer_state;
1613 case 30: /* CMD30: SEND_WRITE_PROT */
1614 ret = sd->data[sd->data_offset ++];
1616 if (sd->data_offset >= 4)
1617 sd->state = sd_transfer_state;
1620 case 51: /* ACMD51: SEND_SCR */
1621 ret = sd->scr[sd->data_offset ++];
1623 if (sd->data_offset >= sizeof(sd->scr))
1624 sd->state = sd_transfer_state;
1627 case 56: /* CMD56: GEN_CMD */
1628 if (sd->data_offset == 0)
1629 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1630 ret = sd->data[sd->data_offset ++];
1632 if (sd->data_offset >= sd->blk_len)
1633 sd->state = sd_transfer_state;
1637 fprintf(stderr, "sd_read_data: unknown command\n");
1644 int sd_data_ready(SDState *sd)
1646 return sd->state == sd_sendingdata_state;
1649 void sd_enable(SDState *sd, int enable)
1651 sd->enable = enable;
projects / qemu.git / blob