2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "block_int.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
53 sd_r7, /* Operating voltage */
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
64 sd_inactive_state = -1,
67 sd_identification_state,
71 sd_receivingdata_state,
81 uint8_t sd_status[64];
91 int function_group[6];
100 qemu_irq inserted_cb;
101 BlockDriverState *bdrv;
107 static void sd_set_status(SDState *sd)
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
134 static const sd_cmd_type_t sd_cmd_type[64] = {
135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
145 static const sd_cmd_type_t sd_acmd_type[64] = {
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
156 static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
163 static uint8_t sd_crc7(void *message, size_t width)
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
179 static uint16_t sd_crc16(void *message, size_t width)
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
196 static void sd_set_ocr(SDState *sd)
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd->ocr = 0x80ffff00;
202 static void sd_set_scr(SDState *sd)
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
221 static void sd_set_cid(SDState *sd)
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248 static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
253 static void sd_set_csd(SDState *sd, uint64_t size)
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
308 static void sd_set_rca(SDState *sd)
313 #define CARD_STATUS_A 0x02004100
314 #define CARD_STATUS_B 0x00c01e00
315 #define CARD_STATUS_C 0xfd39a028
317 static void sd_set_cardstatus(SDState *sd)
319 sd->card_status = 0x00000100;
322 static void sd_set_sdstatus(SDState *sd)
324 memset(sd->sd_status, 0, 64);
327 static int sd_req_crc_validate(SDRequest *req)
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
339 static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
378 static void sd_response_r7_make(SDState *sd, uint8_t *response)
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
386 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
392 bdrv_get_geometry(bdrv, §);
400 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
402 sd->state = sd_idle_state;
407 sd_set_csd(sd, size);
408 sd_set_cardstatus(sd);
414 qemu_free(sd->wp_groups);
415 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
416 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
417 memset(sd->function_group, 0, sizeof(int) * 6);
425 static void sd_cardchange(void *opaque)
427 SDState *sd = opaque;
428 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
429 if (bdrv_is_inserted(sd->bdrv)) {
430 sd_reset(sd, sd->bdrv);
431 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
435 /* We do not model the chip select pin, so allow the board to select
436 whether card should be in SSI or MMC/SD mode. It is also up to the
437 board to ensure that ssi transfers only occur when the chip select
439 SDState *sd_init(BlockDriverState *bs, int is_spi)
443 sd = (SDState *) qemu_mallocz(sizeof(SDState));
444 sd->buf = qemu_blockalign(bs, 512);
449 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
454 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
456 sd->readonly_cb = readonly;
457 sd->inserted_cb = insert;
458 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
459 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
462 static void sd_erase(SDState *sd)
465 if (!sd->erase_start || !sd->erase_end) {
466 sd->card_status |= ERASE_SEQ_ERROR;
470 start = sd->erase_start >>
471 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
472 end = sd->erase_end >>
473 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
478 for (i = start; i <= end; i ++)
479 if (sd->wp_groups[i])
480 sd->card_status |= WP_ERASE_SKIP;
483 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
488 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
490 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
491 if (addr < sd->size && sd->wp_groups[wpnum])
497 static void sd_function_switch(SDState *sd, uint32_t arg)
499 int i, mode, new_func, crc;
500 mode = !!(arg & 0x80000000);
502 sd->data[0] = 0x00; /* Maximum current consumption */
504 sd->data[2] = 0x80; /* Supported group 6 functions */
506 sd->data[4] = 0x80; /* Supported group 5 functions */
508 sd->data[6] = 0x80; /* Supported group 4 functions */
510 sd->data[8] = 0x80; /* Supported group 3 functions */
512 sd->data[10] = 0x80; /* Supported group 2 functions */
514 sd->data[12] = 0x80; /* Supported group 1 functions */
516 for (i = 0; i < 6; i ++) {
517 new_func = (arg >> (i * 4)) & 0x0f;
518 if (mode && new_func != 0x0f)
519 sd->function_group[i] = new_func;
520 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
522 memset(&sd->data[17], 0, 47);
523 crc = sd_crc16(sd->data, 64);
524 sd->data[65] = crc >> 8;
525 sd->data[66] = crc & 0xff;
528 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
530 return sd->wp_groups[addr >>
531 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
534 static void sd_lock_command(SDState *sd)
536 int erase, lock, clr_pwd, set_pwd, pwd_len;
537 erase = !!(sd->data[0] & 0x08);
538 lock = sd->data[0] & 0x04;
539 clr_pwd = sd->data[0] & 0x02;
540 set_pwd = sd->data[0] & 0x01;
543 pwd_len = sd->data[1];
548 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
549 set_pwd || clr_pwd || lock || sd->wp_switch ||
550 (sd->csd[14] & 0x20)) {
551 sd->card_status |= LOCK_UNLOCK_FAILED;
554 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
555 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
556 sd->csd[14] &= ~0x10;
557 sd->card_status &= ~CARD_IS_LOCKED;
559 /* Erasing the entire card here! */
560 fprintf(stderr, "SD: Card force-erased by CMD42\n");
564 if (sd->blk_len < 2 + pwd_len ||
565 pwd_len <= sd->pwd_len ||
566 pwd_len > sd->pwd_len + 16) {
567 sd->card_status |= LOCK_UNLOCK_FAILED;
571 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
572 sd->card_status |= LOCK_UNLOCK_FAILED;
576 pwd_len -= sd->pwd_len;
577 if ((pwd_len && !set_pwd) ||
578 (clr_pwd && (set_pwd || lock)) ||
579 (lock && !sd->pwd_len && !set_pwd) ||
580 (!set_pwd && !clr_pwd &&
581 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
582 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
583 sd->card_status |= LOCK_UNLOCK_FAILED;
588 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
589 sd->pwd_len = pwd_len;
597 sd->card_status |= CARD_IS_LOCKED;
599 sd->card_status &= ~CARD_IS_LOCKED;
602 static sd_rsp_type_t sd_normal_command(SDState *sd,
605 uint32_t rca = 0x0000;
606 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
608 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
611 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
613 /* Basic commands (Class 0 and Class 1) */
614 case 0: /* CMD0: GO_IDLE_STATE */
616 case sd_inactive_state:
617 return sd->spi ? sd_r1 : sd_r0;
620 sd->state = sd_idle_state;
621 sd_reset(sd, sd->bdrv);
622 return sd->spi ? sd_r1 : sd_r0;
626 case 1: /* CMD1: SEND_OP_CMD */
630 sd->state = sd_transfer_state;
633 case 2: /* CMD2: ALL_SEND_CID */
638 sd->state = sd_identification_state;
646 case 3: /* CMD3: SEND_RELATIVE_ADDR */
650 case sd_identification_state:
651 case sd_standby_state:
652 sd->state = sd_standby_state;
661 case 4: /* CMD4: SEND_DSR */
665 case sd_standby_state:
673 case 5: /* CMD5: reserved for SDIO cards */
674 sd->card_status |= ILLEGAL_COMMAND;
677 case 6: /* CMD6: SWITCH_FUNCTION */
681 case sd_data_transfer_mode:
682 sd_function_switch(sd, req.arg);
683 sd->state = sd_sendingdata_state;
693 case 7: /* CMD7: SELECT/DESELECT_CARD */
697 case sd_standby_state:
701 sd->state = sd_transfer_state;
704 case sd_transfer_state:
705 case sd_sendingdata_state:
709 sd->state = sd_standby_state;
712 case sd_disconnect_state:
716 sd->state = sd_programming_state;
719 case sd_programming_state:
723 sd->state = sd_disconnect_state;
731 case 8: /* CMD8: SEND_IF_COND */
732 /* Physical Layer Specification Version 2.00 command */
737 /* No response if not exactly one VHS bit is set. */
738 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
739 return sd->spi ? sd_r7 : sd_r0;
750 case 9: /* CMD9: SEND_CSD */
752 case sd_standby_state:
758 case sd_transfer_state:
761 sd->state = sd_sendingdata_state;
762 memcpy(sd->data, sd->csd, 16);
763 sd->data_start = addr;
772 case 10: /* CMD10: SEND_CID */
774 case sd_standby_state:
780 case sd_transfer_state:
783 sd->state = sd_sendingdata_state;
784 memcpy(sd->data, sd->cid, 16);
785 sd->data_start = addr;
794 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
798 case sd_transfer_state:
799 sd->state = sd_sendingdata_state;
800 sd->data_start = req.arg;
803 if (sd->data_start + sd->blk_len > sd->size)
804 sd->card_status |= ADDRESS_ERROR;
812 case 12: /* CMD12: STOP_TRANSMISSION */
814 case sd_sendingdata_state:
815 sd->state = sd_transfer_state;
818 case sd_receivingdata_state:
819 sd->state = sd_programming_state;
820 /* Bzzzzzzztt .... Operation complete. */
821 sd->state = sd_transfer_state;
829 case 13: /* CMD13: SEND_STATUS */
831 case sd_data_transfer_mode:
842 case 15: /* CMD15: GO_INACTIVE_STATE */
846 case sd_data_transfer_mode:
850 sd->state = sd_inactive_state;
858 /* Block read commands (Classs 2) */
859 case 16: /* CMD16: SET_BLOCKLEN */
861 case sd_transfer_state:
862 if (req.arg > (1 << HWBLOCK_SHIFT))
863 sd->card_status |= BLOCK_LEN_ERROR;
865 sd->blk_len = req.arg;
874 case 17: /* CMD17: READ_SINGLE_BLOCK */
876 case sd_transfer_state:
877 sd->state = sd_sendingdata_state;
878 sd->data_start = addr;
881 if (sd->data_start + sd->blk_len > sd->size)
882 sd->card_status |= ADDRESS_ERROR;
890 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
892 case sd_transfer_state:
893 sd->state = sd_sendingdata_state;
894 sd->data_start = addr;
897 if (sd->data_start + sd->blk_len > sd->size)
898 sd->card_status |= ADDRESS_ERROR;
906 /* Block write commands (Class 4) */
907 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
909 goto unimplemented_cmd;
911 case sd_transfer_state:
912 /* Writing in SPI mode not implemented. */
915 sd->state = sd_receivingdata_state;
916 sd->data_start = addr;
920 if (sd->data_start + sd->blk_len > sd->size)
921 sd->card_status |= ADDRESS_ERROR;
922 if (sd_wp_addr(sd, sd->data_start))
923 sd->card_status |= WP_VIOLATION;
924 if (sd->csd[14] & 0x30)
925 sd->card_status |= WP_VIOLATION;
933 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
935 goto unimplemented_cmd;
937 case sd_transfer_state:
938 /* Writing in SPI mode not implemented. */
941 sd->state = sd_receivingdata_state;
942 sd->data_start = addr;
946 if (sd->data_start + sd->blk_len > sd->size)
947 sd->card_status |= ADDRESS_ERROR;
948 if (sd_wp_addr(sd, sd->data_start))
949 sd->card_status |= WP_VIOLATION;
950 if (sd->csd[14] & 0x30)
951 sd->card_status |= WP_VIOLATION;
959 case 26: /* CMD26: PROGRAM_CID */
963 case sd_transfer_state:
964 sd->state = sd_receivingdata_state;
974 case 27: /* CMD27: PROGRAM_CSD */
976 goto unimplemented_cmd;
978 case sd_transfer_state:
979 sd->state = sd_receivingdata_state;
989 /* Write protection (Class 6) */
990 case 28: /* CMD28: SET_WRITE_PROT */
992 case sd_transfer_state:
993 if (addr >= sd->size) {
994 sd->card_status = ADDRESS_ERROR;
998 sd->state = sd_programming_state;
999 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1000 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1001 /* Bzzzzzzztt .... Operation complete. */
1002 sd->state = sd_transfer_state;
1010 case 29: /* CMD29: CLR_WRITE_PROT */
1011 switch (sd->state) {
1012 case sd_transfer_state:
1013 if (addr >= sd->size) {
1014 sd->card_status = ADDRESS_ERROR;
1018 sd->state = sd_programming_state;
1019 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1020 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1021 /* Bzzzzzzztt .... Operation complete. */
1022 sd->state = sd_transfer_state;
1030 case 30: /* CMD30: SEND_WRITE_PROT */
1031 switch (sd->state) {
1032 case sd_transfer_state:
1033 sd->state = sd_sendingdata_state;
1034 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1035 sd->data_start = addr;
1036 sd->data_offset = 0;
1044 /* Erase commands (Class 5) */
1045 case 32: /* CMD32: ERASE_WR_BLK_START */
1046 switch (sd->state) {
1047 case sd_transfer_state:
1048 sd->erase_start = req.arg;
1056 case 33: /* CMD33: ERASE_WR_BLK_END */
1057 switch (sd->state) {
1058 case sd_transfer_state:
1059 sd->erase_end = req.arg;
1067 case 38: /* CMD38: ERASE */
1068 switch (sd->state) {
1069 case sd_transfer_state:
1070 if (sd->csd[14] & 0x30) {
1071 sd->card_status |= WP_VIOLATION;
1075 sd->state = sd_programming_state;
1077 /* Bzzzzzzztt .... Operation complete. */
1078 sd->state = sd_transfer_state;
1086 /* Lock card commands (Class 7) */
1087 case 42: /* CMD42: LOCK_UNLOCK */
1089 goto unimplemented_cmd;
1090 switch (sd->state) {
1091 case sd_transfer_state:
1092 sd->state = sd_receivingdata_state;
1094 sd->data_offset = 0;
1102 /* Application specific commands (Class 8) */
1103 case 55: /* CMD55: APP_CMD */
1107 sd->card_status |= APP_CMD;
1110 case 56: /* CMD56: GEN_CMD */
1111 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1113 switch (sd->state) {
1114 case sd_transfer_state:
1115 sd->data_offset = 0;
1117 sd->state = sd_sendingdata_state;
1119 sd->state = sd_receivingdata_state;
1129 sd->card_status |= ILLEGAL_COMMAND;
1131 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1135 /* Commands that are recognised but not yet implemented in SPI mode. */
1136 sd->card_status |= ILLEGAL_COMMAND;
1137 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1141 sd->card_status |= ILLEGAL_COMMAND;
1142 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1146 static sd_rsp_type_t sd_app_command(SDState *sd,
1149 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1151 case 6: /* ACMD6: SET_BUS_WIDTH */
1152 switch (sd->state) {
1153 case sd_transfer_state:
1154 sd->sd_status[0] &= 0x3f;
1155 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1163 case 13: /* ACMD13: SD_STATUS */
1164 switch (sd->state) {
1165 case sd_transfer_state:
1167 sd->data_offset = 0;
1175 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1176 switch (sd->state) {
1177 case sd_transfer_state:
1178 *(uint32_t *) sd->data = sd->blk_written;
1181 sd->data_offset = 0;
1189 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1190 switch (sd->state) {
1191 case sd_transfer_state:
1199 case 41: /* ACMD41: SD_APP_OP_COND */
1202 sd->state = sd_transfer_state;
1205 switch (sd->state) {
1207 /* We accept any voltage. 10000 V is nothing. */
1209 sd->state = sd_ready_state;
1218 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1219 switch (sd->state) {
1220 case sd_transfer_state:
1221 /* Bringing in the 50KOhm pull-up resistor... Done. */
1229 case 51: /* ACMD51: SEND_SCR */
1230 switch (sd->state) {
1231 case sd_transfer_state:
1232 sd->state = sd_sendingdata_state;
1234 sd->data_offset = 0;
1243 /* Fall back to standard commands. */
1244 sd->card_status &= ~APP_CMD;
1245 return sd_normal_command(sd, req);
1248 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1252 int sd_do_command(SDState *sd, SDRequest *req,
1253 uint8_t *response) {
1254 uint32_t last_status = sd->card_status;
1255 sd_rsp_type_t rtype;
1258 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1262 if (sd_req_crc_validate(req)) {
1263 sd->card_status &= ~COM_CRC_ERROR;
1267 sd->card_status &= ~CARD_STATUS_B;
1270 if (last_status & CARD_IS_LOCKED)
1271 if (((last_status & APP_CMD) &&
1273 (!(last_status & APP_CMD) &&
1274 (sd_cmd_class[req->cmd] == 0 ||
1275 sd_cmd_class[req->cmd] == 7 ||
1276 req->cmd == 16 || req->cmd == 55))) {
1277 sd->card_status |= ILLEGAL_COMMAND;
1278 fprintf(stderr, "SD: Card is locked\n");
1282 if (last_status & APP_CMD) {
1283 rtype = sd_app_command(sd, *req);
1284 sd->card_status &= ~APP_CMD;
1286 rtype = sd_normal_command(sd, *req);
1288 sd->current_cmd = req->cmd;
1293 sd_response_r1_make(sd, response, last_status);
1298 memcpy(response, sd->cid, sizeof(sd->cid));
1303 memcpy(response, sd->csd, sizeof(sd->csd));
1308 sd_response_r3_make(sd, response);
1313 sd_response_r6_make(sd, response);
1318 sd_response_r7_make(sd, response);
1328 if (sd->card_status & ILLEGAL_COMMAND)
1334 DPRINTF("Response:");
1335 for (i = 0; i < rsplen; i++)
1336 printf(" %02x", response[i]);
1337 printf(" state %d\n", sd->state);
1339 DPRINTF("No response %d\n", sd->state);
1346 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1348 uint64_t end = addr + len;
1350 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1351 (unsigned long long) addr, len);
1352 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1353 fprintf(stderr, "sd_blk_read: read error on host side\n");
1357 if (end > (addr & ~511) + 512) {
1358 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1360 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1361 fprintf(stderr, "sd_blk_read: read error on host side\n");
1364 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1366 memcpy(sd->data, sd->buf + (addr & 511), len);
1369 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1371 uint64_t end = addr + len;
1373 if ((addr & 511) || len < 512)
1374 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1375 fprintf(stderr, "sd_blk_write: read error on host side\n");
1379 if (end > (addr & ~511) + 512) {
1380 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1381 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1382 fprintf(stderr, "sd_blk_write: write error on host side\n");
1386 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1387 fprintf(stderr, "sd_blk_write: read error on host side\n");
1390 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1391 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1392 fprintf(stderr, "sd_blk_write: write error on host side\n");
1394 memcpy(sd->buf + (addr & 511), sd->data, len);
1395 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1396 fprintf(stderr, "sd_blk_write: write error on host side\n");
1400 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1401 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1402 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1403 #define APP_WRITE_BLOCK(a, len)
1405 void sd_write_data(SDState *sd, uint8_t value)
1409 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1412 if (sd->state != sd_receivingdata_state) {
1413 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1417 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1420 switch (sd->current_cmd) {
1421 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1422 sd->data[sd->data_offset ++] = value;
1423 if (sd->data_offset >= sd->blk_len) {
1424 /* TODO: Check CRC before committing */
1425 sd->state = sd_programming_state;
1426 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1428 sd->csd[14] |= 0x40;
1429 /* Bzzzzzzztt .... Operation complete. */
1430 sd->state = sd_transfer_state;
1434 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1435 sd->data[sd->data_offset ++] = value;
1436 if (sd->data_offset >= sd->blk_len) {
1437 /* TODO: Check CRC before committing */
1438 sd->state = sd_programming_state;
1439 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1441 sd->data_start += sd->blk_len;
1442 sd->data_offset = 0;
1443 if (sd->data_start + sd->blk_len > sd->size) {
1444 sd->card_status |= ADDRESS_ERROR;
1447 if (sd_wp_addr(sd, sd->data_start)) {
1448 sd->card_status |= WP_VIOLATION;
1451 sd->csd[14] |= 0x40;
1453 /* Bzzzzzzztt .... Operation complete. */
1454 sd->state = sd_receivingdata_state;
1458 case 26: /* CMD26: PROGRAM_CID */
1459 sd->data[sd->data_offset ++] = value;
1460 if (sd->data_offset >= sizeof(sd->cid)) {
1461 /* TODO: Check CRC before committing */
1462 sd->state = sd_programming_state;
1463 for (i = 0; i < sizeof(sd->cid); i ++)
1464 if ((sd->cid[i] | 0x00) != sd->data[i])
1465 sd->card_status |= CID_CSD_OVERWRITE;
1467 if (!(sd->card_status & CID_CSD_OVERWRITE))
1468 for (i = 0; i < sizeof(sd->cid); i ++) {
1470 sd->cid[i] &= sd->data[i];
1472 /* Bzzzzzzztt .... Operation complete. */
1473 sd->state = sd_transfer_state;
1477 case 27: /* CMD27: PROGRAM_CSD */
1478 sd->data[sd->data_offset ++] = value;
1479 if (sd->data_offset >= sizeof(sd->csd)) {
1480 /* TODO: Check CRC before committing */
1481 sd->state = sd_programming_state;
1482 for (i = 0; i < sizeof(sd->csd); i ++)
1483 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1484 (sd->data[i] | sd_csd_rw_mask[i]))
1485 sd->card_status |= CID_CSD_OVERWRITE;
1487 /* Copy flag (OTP) & Permanent write protect */
1488 if (sd->csd[14] & ~sd->data[14] & 0x60)
1489 sd->card_status |= CID_CSD_OVERWRITE;
1491 if (!(sd->card_status & CID_CSD_OVERWRITE))
1492 for (i = 0; i < sizeof(sd->csd); i ++) {
1493 sd->csd[i] |= sd_csd_rw_mask[i];
1494 sd->csd[i] &= sd->data[i];
1496 /* Bzzzzzzztt .... Operation complete. */
1497 sd->state = sd_transfer_state;
1501 case 42: /* CMD42: LOCK_UNLOCK */
1502 sd->data[sd->data_offset ++] = value;
1503 if (sd->data_offset >= sd->blk_len) {
1504 /* TODO: Check CRC before committing */
1505 sd->state = sd_programming_state;
1506 sd_lock_command(sd);
1507 /* Bzzzzzzztt .... Operation complete. */
1508 sd->state = sd_transfer_state;
1512 case 56: /* CMD56: GEN_CMD */
1513 sd->data[sd->data_offset ++] = value;
1514 if (sd->data_offset >= sd->blk_len) {
1515 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1516 sd->state = sd_transfer_state;
1521 fprintf(stderr, "sd_write_data: unknown command\n");
1526 uint8_t sd_read_data(SDState *sd)
1528 /* TODO: Append CRCs */
1532 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1535 if (sd->state != sd_sendingdata_state) {
1536 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1540 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1543 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1545 switch (sd->current_cmd) {
1546 case 6: /* CMD6: SWITCH_FUNCTION */
1547 ret = sd->data[sd->data_offset ++];
1549 if (sd->data_offset >= 64)
1550 sd->state = sd_transfer_state;
1553 case 9: /* CMD9: SEND_CSD */
1554 case 10: /* CMD10: SEND_CID */
1555 ret = sd->data[sd->data_offset ++];
1557 if (sd->data_offset >= 16)
1558 sd->state = sd_transfer_state;
1561 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1562 if (sd->data_offset == 0)
1563 BLK_READ_BLOCK(sd->data_start, io_len);
1564 ret = sd->data[sd->data_offset ++];
1566 if (sd->data_offset >= io_len) {
1567 sd->data_start += io_len;
1568 sd->data_offset = 0;
1569 if (sd->data_start + io_len > sd->size) {
1570 sd->card_status |= ADDRESS_ERROR;
1576 case 13: /* ACMD13: SD_STATUS */
1577 ret = sd->sd_status[sd->data_offset ++];
1579 if (sd->data_offset >= sizeof(sd->sd_status))
1580 sd->state = sd_transfer_state;
1583 case 17: /* CMD17: READ_SINGLE_BLOCK */
1584 if (sd->data_offset == 0)
1585 BLK_READ_BLOCK(sd->data_start, io_len);
1586 ret = sd->data[sd->data_offset ++];
1588 if (sd->data_offset >= io_len)
1589 sd->state = sd_transfer_state;
1592 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1593 if (sd->data_offset == 0)
1594 BLK_READ_BLOCK(sd->data_start, io_len);
1595 ret = sd->data[sd->data_offset ++];
1597 if (sd->data_offset >= io_len) {
1598 sd->data_start += io_len;
1599 sd->data_offset = 0;
1600 if (sd->data_start + io_len > sd->size) {
1601 sd->card_status |= ADDRESS_ERROR;
1607 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1608 ret = sd->data[sd->data_offset ++];
1610 if (sd->data_offset >= 4)
1611 sd->state = sd_transfer_state;
1614 case 30: /* CMD30: SEND_WRITE_PROT */
1615 ret = sd->data[sd->data_offset ++];
1617 if (sd->data_offset >= 4)
1618 sd->state = sd_transfer_state;
1621 case 51: /* ACMD51: SEND_SCR */
1622 ret = sd->scr[sd->data_offset ++];
1624 if (sd->data_offset >= sizeof(sd->scr))
1625 sd->state = sd_transfer_state;
1628 case 56: /* CMD56: GEN_CMD */
1629 if (sd->data_offset == 0)
1630 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1631 ret = sd->data[sd->data_offset ++];
1633 if (sd->data_offset >= sd->blk_len)
1634 sd->state = sd_transfer_state;
1638 fprintf(stderr, "sd_read_data: unknown command\n");
1645 int sd_data_ready(SDState *sd)
1647 return sd->state == sd_sendingdata_state;
1650 void sd_enable(SDState *sd, int enable)
1652 sd->enable = enable;
projects / qemu.git / blob