2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { printf("SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
104 static void sd_set_status(SDState *sd)
107 case sd_inactive_state:
108 sd->mode = sd_inactive;
113 case sd_identification_state:
114 sd->mode = sd_card_identification_mode;
117 case sd_standby_state:
118 case sd_transfer_state:
119 case sd_sendingdata_state:
120 case sd_receivingdata_state:
121 case sd_programming_state:
122 case sd_disconnect_state:
123 sd->mode = sd_data_transfer_mode;
127 sd->card_status &= ~CURRENT_STATE;
128 sd->card_status |= sd->state << 9;
131 static const sd_cmd_type_t sd_cmd_type[64] = {
132 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
133 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
134 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
135 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
136 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
137 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
139 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142 static const sd_cmd_type_t sd_acmd_type[64] = {
143 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
144 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
148 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
153 static const int sd_cmd_class[64] = {
154 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
155 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
156 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
157 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
160 static uint8_t sd_crc7(void *message, size_t width)
163 uint8_t shift_reg = 0x00;
164 uint8_t *msg = (uint8_t *) message;
166 for (i = 0; i < width; i ++, msg ++)
167 for (bit = 7; bit >= 0; bit --) {
169 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
176 static uint16_t sd_crc16(void *message, size_t width)
179 uint16_t shift_reg = 0x0000;
180 uint16_t *msg = (uint16_t *) message;
183 for (i = 0; i < width; i ++, msg ++)
184 for (bit = 15; bit >= 0; bit --) {
186 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
193 static void sd_set_ocr(SDState *sd)
195 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
196 sd->ocr = 0x80ffff80;
199 static void sd_set_scr(SDState *sd)
201 sd->scr[0] = 0x00; /* SCR Structure */
202 sd->scr[1] = 0x2f; /* SD Security Support */
218 static void sd_set_cid(SDState *sd)
220 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
221 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
228 sd->cid[8] = PRV; /* Fake product revision (PRV) */
229 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
234 ((MDT_YR - 2000) / 10);
235 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
236 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
239 #define HWBLOCK_SHIFT 9 /* 512 bytes */
240 #define SECTOR_SHIFT 5 /* 16 kilobytes */
241 #define WPGROUP_SHIFT 7 /* 2 megs */
242 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
243 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
244 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint32_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 static void sd_set_rca(SDState *sd)
290 #define CARD_STATUS_A 0x02004100
291 #define CARD_STATUS_B 0x00c01e00
292 #define CARD_STATUS_C 0xfd39a028
294 static void sd_set_cardstatus(SDState *sd)
296 sd->card_status = 0x00000100;
299 static void sd_set_sdstatus(SDState *sd)
301 memset(sd->sd_status, 0, 64);
304 static int sd_req_crc_validate(struct sd_request_s *req)
307 buffer[0] = 0x40 | req->cmd;
308 buffer[1] = (req->arg >> 24) & 0xff;
309 buffer[2] = (req->arg >> 16) & 0xff;
310 buffer[3] = (req->arg >> 8) & 0xff;
311 buffer[4] = (req->arg >> 0) & 0xff;
313 return sd_crc7(buffer, 5) != req->crc; /* TODO */
316 static void sd_response_r1_make(SDState *sd,
317 uint8_t *response, uint32_t last_status)
319 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
322 status = (sd->card_status & ~mask) | (last_status & mask);
323 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
325 response[0] = (status >> 24) & 0xff;
326 response[1] = (status >> 16) & 0xff;
327 response[2] = (status >> 8) & 0xff;
328 response[3] = (status >> 0) & 0xff;
331 static void sd_response_r3_make(SDState *sd, uint8_t *response)
333 response[0] = (sd->ocr >> 24) & 0xff;
334 response[1] = (sd->ocr >> 16) & 0xff;
335 response[2] = (sd->ocr >> 8) & 0xff;
336 response[3] = (sd->ocr >> 0) & 0xff;
339 static void sd_response_r6_make(SDState *sd, uint8_t *response)
345 status = ((sd->card_status >> 8) & 0xc000) |
346 ((sd->card_status >> 6) & 0x2000) |
347 (sd->card_status & 0x1fff);
349 response[0] = (arg >> 8) & 0xff;
350 response[1] = arg & 0xff;
351 response[2] = (status >> 8) & 0xff;
352 response[3] = status & 0xff;
355 static void sd_response_r7_make(SDState *sd, uint8_t *response)
357 response[0] = (sd->vhs >> 24) & 0xff;
358 response[1] = (sd->vhs >> 16) & 0xff;
359 response[2] = (sd->vhs >> 8) & 0xff;
360 response[3] = (sd->vhs >> 0) & 0xff;
363 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
368 bdrv_get_geometry(bdrv, §);
371 if (sect > 0x40000000)
372 size = 0x40000000; /* 1 gig */
376 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
378 sd->state = sd_idle_state;
383 sd_set_csd(sd, size);
384 sd_set_cardstatus(sd);
390 qemu_free(sd->wp_groups);
391 sd->wp_switch = bdrv_is_read_only(bdrv);
392 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
393 memset(sd->function_group, 0, sizeof(int) * 6);
401 static void sd_cardchange(void *opaque)
403 SDState *sd = opaque;
404 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
405 if (bdrv_is_inserted(sd->bdrv)) {
406 sd_reset(sd, sd->bdrv);
407 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
411 /* We do not model the chip select pin, so allow the board to select
412 whether card should be in SSI or MMC/SD mode. It is also up to the
413 board to ensure that ssi transfers only occur when the chip select
415 SDState *sd_init(BlockDriverState *bs, int is_spi)
419 sd = (SDState *) qemu_mallocz(sizeof(SDState));
420 sd->buf = qemu_memalign(512, 512);
423 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
427 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
429 sd->readonly_cb = readonly;
430 sd->inserted_cb = insert;
431 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
432 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
435 static void sd_erase(SDState *sd)
438 if (!sd->erase_start || !sd->erase_end) {
439 sd->card_status |= ERASE_SEQ_ERROR;
443 start = sd->erase_start >>
444 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
445 end = sd->erase_end >>
446 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
451 for (i = start; i <= end; i ++)
452 if (sd->wp_groups[i])
453 sd->card_status |= WP_ERASE_SKIP;
456 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
461 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
463 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
464 if (addr < sd->size && sd->wp_groups[wpnum])
470 static void sd_function_switch(SDState *sd, uint32_t arg)
472 int i, mode, new_func, crc;
473 mode = !!(arg & 0x80000000);
475 sd->data[0] = 0x00; /* Maximum current consumption */
477 sd->data[2] = 0x80; /* Supported group 6 functions */
479 sd->data[4] = 0x80; /* Supported group 5 functions */
481 sd->data[6] = 0x80; /* Supported group 4 functions */
483 sd->data[8] = 0x80; /* Supported group 3 functions */
485 sd->data[10] = 0x80; /* Supported group 2 functions */
487 sd->data[12] = 0x80; /* Supported group 1 functions */
489 for (i = 0; i < 6; i ++) {
490 new_func = (arg >> (i * 4)) & 0x0f;
491 if (mode && new_func != 0x0f)
492 sd->function_group[i] = new_func;
493 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
495 memset(&sd->data[17], 0, 47);
496 crc = sd_crc16(sd->data, 64);
497 sd->data[65] = crc >> 8;
498 sd->data[66] = crc & 0xff;
501 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
503 return sd->wp_groups[addr >>
504 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
507 static void sd_lock_command(SDState *sd)
509 int erase, lock, clr_pwd, set_pwd, pwd_len;
510 erase = !!(sd->data[0] & 0x08);
511 lock = sd->data[0] & 0x04;
512 clr_pwd = sd->data[0] & 0x02;
513 set_pwd = sd->data[0] & 0x01;
516 pwd_len = sd->data[1];
521 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
522 set_pwd || clr_pwd || lock || sd->wp_switch ||
523 (sd->csd[14] & 0x20)) {
524 sd->card_status |= LOCK_UNLOCK_FAILED;
527 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
528 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
529 sd->csd[14] &= ~0x10;
530 sd->card_status &= ~CARD_IS_LOCKED;
532 /* Erasing the entire card here! */
533 printf("SD: Card force-erased by CMD42\n");
537 if (sd->blk_len < 2 + pwd_len ||
538 pwd_len <= sd->pwd_len ||
539 pwd_len > sd->pwd_len + 16) {
540 sd->card_status |= LOCK_UNLOCK_FAILED;
544 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
545 sd->card_status |= LOCK_UNLOCK_FAILED;
549 pwd_len -= sd->pwd_len;
550 if ((pwd_len && !set_pwd) ||
551 (clr_pwd && (set_pwd || lock)) ||
552 (lock && !sd->pwd_len && !set_pwd) ||
553 (!set_pwd && !clr_pwd &&
554 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
555 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
556 sd->card_status |= LOCK_UNLOCK_FAILED;
561 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
562 sd->pwd_len = pwd_len;
570 sd->card_status |= CARD_IS_LOCKED;
572 sd->card_status &= ~CARD_IS_LOCKED;
575 static sd_rsp_type_t sd_normal_command(SDState *sd,
576 struct sd_request_s req)
578 uint32_t rca = 0x0000;
580 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
583 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
585 /* Basic commands (Class 0 and Class 1) */
586 case 0: /* CMD0: GO_IDLE_STATE */
588 case sd_inactive_state:
589 return sd->spi ? sd_r1 : sd_r0;
592 sd->state = sd_idle_state;
593 sd_reset(sd, sd->bdrv);
594 return sd->spi ? sd_r1 : sd_r0;
598 case 1: /* CMD1: SEND_OP_CMD */
602 sd->state = sd_transfer_state;
605 case 2: /* CMD2: ALL_SEND_CID */
610 sd->state = sd_identification_state;
618 case 3: /* CMD3: SEND_RELATIVE_ADDR */
622 case sd_identification_state:
623 case sd_standby_state:
624 sd->state = sd_standby_state;
633 case 4: /* CMD4: SEND_DSR */
637 case sd_standby_state:
645 case 6: /* CMD6: SWITCH_FUNCTION */
649 case sd_data_transfer_mode:
650 sd_function_switch(sd, req.arg);
651 sd->state = sd_sendingdata_state;
661 case 7: /* CMD7: SELECT/DESELECT_CARD */
665 case sd_standby_state:
669 sd->state = sd_transfer_state;
672 case sd_transfer_state:
673 case sd_sendingdata_state:
677 sd->state = sd_standby_state;
680 case sd_disconnect_state:
684 sd->state = sd_programming_state;
687 case sd_programming_state:
691 sd->state = sd_disconnect_state;
699 case 8: /* CMD8: SEND_IF_COND */
700 /* Physical Layer Specification Version 2.00 command */
705 /* No response if not exactly one VHS bit is set. */
706 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
707 return sd->spi ? sd_r7 : sd_r0;
718 case 9: /* CMD9: SEND_CSD */
720 case sd_standby_state:
726 case sd_transfer_state:
729 sd->state = sd_sendingdata_state;
730 memcpy(sd->data, sd->csd, 16);
731 sd->data_start = req.arg;
740 case 10: /* CMD10: SEND_CID */
742 case sd_standby_state:
748 case sd_transfer_state:
751 sd->state = sd_sendingdata_state;
752 memcpy(sd->data, sd->cid, 16);
753 sd->data_start = req.arg;
762 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
766 case sd_transfer_state:
767 sd->state = sd_sendingdata_state;
768 sd->data_start = req.arg;
771 if (sd->data_start + sd->blk_len > sd->size)
772 sd->card_status |= ADDRESS_ERROR;
780 case 12: /* CMD12: STOP_TRANSMISSION */
782 case sd_sendingdata_state:
783 sd->state = sd_transfer_state;
786 case sd_receivingdata_state:
787 sd->state = sd_programming_state;
788 /* Bzzzzzzztt .... Operation complete. */
789 sd->state = sd_transfer_state;
797 case 13: /* CMD13: SEND_STATUS */
799 case sd_data_transfer_mode:
810 case 15: /* CMD15: GO_INACTIVE_STATE */
814 case sd_data_transfer_mode:
818 sd->state = sd_inactive_state;
826 /* Block read commands (Classs 2) */
827 case 16: /* CMD16: SET_BLOCKLEN */
829 case sd_transfer_state:
830 if (req.arg > (1 << HWBLOCK_SHIFT))
831 sd->card_status |= BLOCK_LEN_ERROR;
833 sd->blk_len = req.arg;
842 case 17: /* CMD17: READ_SINGLE_BLOCK */
844 case sd_transfer_state:
845 sd->state = sd_sendingdata_state;
846 sd->data_start = req.arg;
849 if (sd->data_start + sd->blk_len > sd->size)
850 sd->card_status |= ADDRESS_ERROR;
858 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
860 case sd_transfer_state:
861 sd->state = sd_sendingdata_state;
862 sd->data_start = req.arg;
865 if (sd->data_start + sd->blk_len > sd->size)
866 sd->card_status |= ADDRESS_ERROR;
874 /* Block write commands (Class 4) */
875 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
877 goto unimplemented_cmd;
879 case sd_transfer_state:
880 /* Writing in SPI mode not implemented. */
883 sd->state = sd_receivingdata_state;
884 sd->data_start = req.arg;
888 if (sd->data_start + sd->blk_len > sd->size)
889 sd->card_status |= ADDRESS_ERROR;
890 if (sd_wp_addr(sd, sd->data_start))
891 sd->card_status |= WP_VIOLATION;
892 if (sd->csd[14] & 0x30)
893 sd->card_status |= WP_VIOLATION;
901 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
903 goto unimplemented_cmd;
905 case sd_transfer_state:
906 /* Writing in SPI mode not implemented. */
909 sd->state = sd_receivingdata_state;
910 sd->data_start = req.arg;
914 if (sd->data_start + sd->blk_len > sd->size)
915 sd->card_status |= ADDRESS_ERROR;
916 if (sd_wp_addr(sd, sd->data_start))
917 sd->card_status |= WP_VIOLATION;
918 if (sd->csd[14] & 0x30)
919 sd->card_status |= WP_VIOLATION;
927 case 26: /* CMD26: PROGRAM_CID */
931 case sd_transfer_state:
932 sd->state = sd_receivingdata_state;
942 case 27: /* CMD27: PROGRAM_CSD */
944 goto unimplemented_cmd;
946 case sd_transfer_state:
947 sd->state = sd_receivingdata_state;
957 /* Write protection (Class 6) */
958 case 28: /* CMD28: SET_WRITE_PROT */
960 case sd_transfer_state:
961 if (req.arg >= sd->size) {
962 sd->card_status = ADDRESS_ERROR;
966 sd->state = sd_programming_state;
967 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
968 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
969 /* Bzzzzzzztt .... Operation complete. */
970 sd->state = sd_transfer_state;
978 case 29: /* CMD29: CLR_WRITE_PROT */
980 case sd_transfer_state:
981 if (req.arg >= sd->size) {
982 sd->card_status = ADDRESS_ERROR;
986 sd->state = sd_programming_state;
987 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
988 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
989 /* Bzzzzzzztt .... Operation complete. */
990 sd->state = sd_transfer_state;
998 case 30: /* CMD30: SEND_WRITE_PROT */
1000 case sd_transfer_state:
1001 sd->state = sd_sendingdata_state;
1002 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1003 sd->data_start = req.arg;
1004 sd->data_offset = 0;
1012 /* Erase commands (Class 5) */
1013 case 32: /* CMD32: ERASE_WR_BLK_START */
1014 switch (sd->state) {
1015 case sd_transfer_state:
1016 sd->erase_start = req.arg;
1024 case 33: /* CMD33: ERASE_WR_BLK_END */
1025 switch (sd->state) {
1026 case sd_transfer_state:
1027 sd->erase_end = req.arg;
1035 case 38: /* CMD38: ERASE */
1036 switch (sd->state) {
1037 case sd_transfer_state:
1038 if (sd->csd[14] & 0x30) {
1039 sd->card_status |= WP_VIOLATION;
1043 sd->state = sd_programming_state;
1045 /* Bzzzzzzztt .... Operation complete. */
1046 sd->state = sd_transfer_state;
1054 /* Lock card commands (Class 7) */
1055 case 42: /* CMD42: LOCK_UNLOCK */
1057 goto unimplemented_cmd;
1058 switch (sd->state) {
1059 case sd_transfer_state:
1060 sd->state = sd_receivingdata_state;
1062 sd->data_offset = 0;
1070 /* Application specific commands (Class 8) */
1071 case 55: /* CMD55: APP_CMD */
1075 sd->card_status |= APP_CMD;
1078 case 56: /* CMD56: GEN_CMD */
1079 printf("SD: GEN_CMD 0x%08x\n", req.arg);
1081 switch (sd->state) {
1082 case sd_transfer_state:
1083 sd->data_offset = 0;
1085 sd->state = sd_sendingdata_state;
1087 sd->state = sd_receivingdata_state;
1097 sd->card_status |= ILLEGAL_COMMAND;
1099 printf("SD: Unknown CMD%i\n", req.cmd);
1103 /* Commands that are recognised but not yet implemented in SPI mode. */
1104 sd->card_status |= ILLEGAL_COMMAND;
1105 printf ("SD: CMD%i not implemented in SPI mode\n", req.cmd);
1109 sd->card_status |= ILLEGAL_COMMAND;
1110 printf("SD: CMD%i in a wrong state\n", req.cmd);
1114 static sd_rsp_type_t sd_app_command(SDState *sd,
1115 struct sd_request_s req) {
1118 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1119 rca = req.arg >> 16;
1121 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1123 case 6: /* ACMD6: SET_BUS_WIDTH */
1124 switch (sd->state) {
1125 case sd_transfer_state:
1126 sd->sd_status[0] &= 0x3f;
1127 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1135 case 13: /* ACMD13: SD_STATUS */
1136 switch (sd->state) {
1137 case sd_transfer_state:
1139 sd->data_offset = 0;
1147 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1148 switch (sd->state) {
1149 case sd_transfer_state:
1150 *(uint32_t *) sd->data = sd->blk_written;
1153 sd->data_offset = 0;
1161 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1162 switch (sd->state) {
1163 case sd_transfer_state:
1171 case 41: /* ACMD41: SD_APP_OP_COND */
1174 sd->state = sd_transfer_state;
1177 switch (sd->state) {
1179 /* We accept any voltage. 10000 V is nothing. */
1181 sd->state = sd_ready_state;
1190 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 /* Bringing in the 50KOhm pull-up resistor... Done. */
1201 case 51: /* ACMD51: SEND_SCR */
1202 switch (sd->state) {
1203 case sd_transfer_state:
1204 sd->state = sd_sendingdata_state;
1206 sd->data_offset = 0;
1215 /* Fall back to standard commands. */
1216 sd->card_status &= ~APP_CMD;
1217 return sd_normal_command(sd, req);
1220 printf("SD: ACMD%i in a wrong state\n", req.cmd);
1224 int sd_do_command(SDState *sd, struct sd_request_s *req,
1225 uint8_t *response) {
1226 uint32_t last_status = sd->card_status;
1227 sd_rsp_type_t rtype;
1230 if (!bdrv_is_inserted(sd->bdrv)) {
1234 if (sd_req_crc_validate(req)) {
1235 sd->card_status &= ~COM_CRC_ERROR;
1239 sd->card_status &= ~CARD_STATUS_B;
1242 if (last_status & CARD_IS_LOCKED)
1243 if (((last_status & APP_CMD) &&
1245 (!(last_status & APP_CMD) &&
1246 (sd_cmd_class[req->cmd] == 0 ||
1247 sd_cmd_class[req->cmd] == 7 ||
1248 req->cmd == 16 || req->cmd == 55))) {
1249 sd->card_status |= ILLEGAL_COMMAND;
1250 printf("SD: Card is locked\n");
1254 if (last_status & APP_CMD) {
1255 rtype = sd_app_command(sd, *req);
1256 sd->card_status &= ~APP_CMD;
1258 rtype = sd_normal_command(sd, *req);
1260 sd->current_cmd = req->cmd;
1265 sd_response_r1_make(sd, response, last_status);
1270 memcpy(response, sd->cid, sizeof(sd->cid));
1275 memcpy(response, sd->csd, sizeof(sd->csd));
1280 sd_response_r3_make(sd, response);
1285 sd_response_r6_make(sd, response);
1290 sd_response_r7_make(sd, response);
1300 if (sd->card_status & ILLEGAL_COMMAND)
1306 DPRINTF("Response:");
1307 for (i = 0; i < rsplen; i++)
1308 printf(" %02x", response[i]);
1309 printf(" state %d\n", sd->state);
1311 DPRINTF("No response %d\n", sd->state);
1318 /* No real need for 64 bit addresses here */
1319 static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1321 uint32_t end = addr + len;
1323 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1324 printf("sd_blk_read: read error on host side\n");
1328 if (end > (addr & ~511) + 512) {
1329 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1331 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1332 printf("sd_blk_read: read error on host side\n");
1335 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1337 memcpy(sd->data, sd->buf + (addr & 511), len);
1340 static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1342 uint32_t end = addr + len;
1344 if ((addr & 511) || len < 512)
1345 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1346 printf("sd_blk_write: read error on host side\n");
1350 if (end > (addr & ~511) + 512) {
1351 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1352 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1353 printf("sd_blk_write: write error on host side\n");
1357 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1358 printf("sd_blk_write: read error on host side\n");
1361 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1362 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1363 printf("sd_blk_write: write error on host side\n");
1365 memcpy(sd->buf + (addr & 511), sd->data, len);
1366 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1367 printf("sd_blk_write: write error on host side\n");
1371 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1372 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1373 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1374 #define APP_WRITE_BLOCK(a, len)
1376 void sd_write_data(SDState *sd, uint8_t value)
1380 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1383 if (sd->state != sd_receivingdata_state) {
1384 printf("sd_write_data: not in Receiving-Data state\n");
1388 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1391 switch (sd->current_cmd) {
1392 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1393 sd->data[sd->data_offset ++] = value;
1394 if (sd->data_offset >= sd->blk_len) {
1395 /* TODO: Check CRC before committing */
1396 sd->state = sd_programming_state;
1397 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1399 sd->csd[14] |= 0x40;
1400 /* Bzzzzzzztt .... Operation complete. */
1401 sd->state = sd_transfer_state;
1405 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1406 sd->data[sd->data_offset ++] = value;
1407 if (sd->data_offset >= sd->blk_len) {
1408 /* TODO: Check CRC before committing */
1409 sd->state = sd_programming_state;
1410 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1412 sd->data_start += sd->blk_len;
1413 sd->data_offset = 0;
1414 if (sd->data_start + sd->blk_len > sd->size) {
1415 sd->card_status |= ADDRESS_ERROR;
1418 if (sd_wp_addr(sd, sd->data_start)) {
1419 sd->card_status |= WP_VIOLATION;
1422 sd->csd[14] |= 0x40;
1424 /* Bzzzzzzztt .... Operation complete. */
1425 sd->state = sd_receivingdata_state;
1429 case 26: /* CMD26: PROGRAM_CID */
1430 sd->data[sd->data_offset ++] = value;
1431 if (sd->data_offset >= sizeof(sd->cid)) {
1432 /* TODO: Check CRC before committing */
1433 sd->state = sd_programming_state;
1434 for (i = 0; i < sizeof(sd->cid); i ++)
1435 if ((sd->cid[i] | 0x00) != sd->data[i])
1436 sd->card_status |= CID_CSD_OVERWRITE;
1438 if (!(sd->card_status & CID_CSD_OVERWRITE))
1439 for (i = 0; i < sizeof(sd->cid); i ++) {
1441 sd->cid[i] &= sd->data[i];
1443 /* Bzzzzzzztt .... Operation complete. */
1444 sd->state = sd_transfer_state;
1448 case 27: /* CMD27: PROGRAM_CSD */
1449 sd->data[sd->data_offset ++] = value;
1450 if (sd->data_offset >= sizeof(sd->csd)) {
1451 /* TODO: Check CRC before committing */
1452 sd->state = sd_programming_state;
1453 for (i = 0; i < sizeof(sd->csd); i ++)
1454 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1455 (sd->data[i] | sd_csd_rw_mask[i]))
1456 sd->card_status |= CID_CSD_OVERWRITE;
1458 /* Copy flag (OTP) & Permanent write protect */
1459 if (sd->csd[14] & ~sd->data[14] & 0x60)
1460 sd->card_status |= CID_CSD_OVERWRITE;
1462 if (!(sd->card_status & CID_CSD_OVERWRITE))
1463 for (i = 0; i < sizeof(sd->csd); i ++) {
1464 sd->csd[i] |= sd_csd_rw_mask[i];
1465 sd->csd[i] &= sd->data[i];
1467 /* Bzzzzzzztt .... Operation complete. */
1468 sd->state = sd_transfer_state;
1472 case 42: /* CMD42: LOCK_UNLOCK */
1473 sd->data[sd->data_offset ++] = value;
1474 if (sd->data_offset >= sd->blk_len) {
1475 /* TODO: Check CRC before committing */
1476 sd->state = sd_programming_state;
1477 sd_lock_command(sd);
1478 /* Bzzzzzzztt .... Operation complete. */
1479 sd->state = sd_transfer_state;
1483 case 56: /* CMD56: GEN_CMD */
1484 sd->data[sd->data_offset ++] = value;
1485 if (sd->data_offset >= sd->blk_len) {
1486 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1487 sd->state = sd_transfer_state;
1492 printf("sd_write_data: unknown command\n");
1497 uint8_t sd_read_data(SDState *sd)
1499 /* TODO: Append CRCs */
1502 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1505 if (sd->state != sd_sendingdata_state) {
1506 printf("sd_read_data: not in Sending-Data state\n");
1510 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1513 switch (sd->current_cmd) {
1514 case 6: /* CMD6: SWITCH_FUNCTION */
1515 ret = sd->data[sd->data_offset ++];
1517 if (sd->data_offset >= 64)
1518 sd->state = sd_transfer_state;
1521 case 9: /* CMD9: SEND_CSD */
1522 case 10: /* CMD10: SEND_CID */
1523 ret = sd->data[sd->data_offset ++];
1525 if (sd->data_offset >= 16)
1526 sd->state = sd_transfer_state;
1529 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1530 if (sd->data_offset == 0)
1531 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1532 ret = sd->data[sd->data_offset ++];
1534 if (sd->data_offset >= sd->blk_len) {
1535 sd->data_start += sd->blk_len;
1536 sd->data_offset = 0;
1537 if (sd->data_start + sd->blk_len > sd->size) {
1538 sd->card_status |= ADDRESS_ERROR;
1544 case 13: /* ACMD13: SD_STATUS */
1545 ret = sd->sd_status[sd->data_offset ++];
1547 if (sd->data_offset >= sizeof(sd->sd_status))
1548 sd->state = sd_transfer_state;
1551 case 17: /* CMD17: READ_SINGLE_BLOCK */
1552 if (sd->data_offset == 0)
1553 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1554 ret = sd->data[sd->data_offset ++];
1556 if (sd->data_offset >= sd->blk_len)
1557 sd->state = sd_transfer_state;
1560 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1561 if (sd->data_offset == 0)
1562 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1563 ret = sd->data[sd->data_offset ++];
1565 if (sd->data_offset >= sd->blk_len) {
1566 sd->data_start += sd->blk_len;
1567 sd->data_offset = 0;
1568 if (sd->data_start + sd->blk_len > sd->size) {
1569 sd->card_status |= ADDRESS_ERROR;
1575 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1576 ret = sd->data[sd->data_offset ++];
1578 if (sd->data_offset >= 4)
1579 sd->state = sd_transfer_state;
1582 case 30: /* CMD30: SEND_WRITE_PROT */
1583 ret = sd->data[sd->data_offset ++];
1585 if (sd->data_offset >= 4)
1586 sd->state = sd_transfer_state;
1589 case 51: /* ACMD51: SEND_SCR */
1590 ret = sd->scr[sd->data_offset ++];
1592 if (sd->data_offset >= sizeof(sd->scr))
1593 sd->state = sd_transfer_state;
1596 case 56: /* CMD56: GEN_CMD */
1597 if (sd->data_offset == 0)
1598 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1599 ret = sd->data[sd->data_offset ++];
1601 if (sd->data_offset >= sd->blk_len)
1602 sd->state = sd_transfer_state;
1606 printf("sd_read_data: unknown command\n");
1613 int sd_data_ready(SDState *sd)
1615 return sd->state == sd_sendingdata_state;
projects / qemu.git / blob