2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint64_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 if (size <= 0x40000000) { /* Standard Capacity SD */
259 sd->csd[0] = 0x00; /* CSD structure */
260 sd->csd[1] = 0x26; /* Data read access-time-1 */
261 sd->csd[2] = 0x00; /* Data read access-time-2 */
262 sd->csd[3] = 0x5a; /* Max. data transfer rate */
263 sd->csd[4] = 0x5f; /* Card Command Classes */
264 sd->csd[5] = 0x50 | /* Max. read data block length */
266 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize >> 10) & 0x03);
268 sd->csd[7] = 0x00 | /* Device size */
269 ((csize >> 2) & 0xff);
270 sd->csd[8] = 0x3f | /* Max. read current */
271 ((csize << 6) & 0xc0);
272 sd->csd[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT - 2) >> 1);
274 sd->csd[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
276 sd->csd[11] = 0x00 | /* Write protect group size */
277 ((sectsize << 7) & 0x80) | wpsize;
278 sd->csd[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT >> 2);
280 sd->csd[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT << 6) & 0xc0);
282 sd->csd[14] = 0x00; /* File format group */
283 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
294 sd->csd[7] = (size >> 16) & 0xff;
295 sd->csd[8] = (size >> 8) & 0xff;
296 sd->csd[9] = (size & 0xff);
303 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
307 static void sd_set_rca(SDState *sd)
312 #define CARD_STATUS_A 0x02004100
313 #define CARD_STATUS_B 0x00c01e00
314 #define CARD_STATUS_C 0xfd39a028
316 static void sd_set_cardstatus(SDState *sd)
318 sd->card_status = 0x00000100;
321 static void sd_set_sdstatus(SDState *sd)
323 memset(sd->sd_status, 0, 64);
326 static int sd_req_crc_validate(SDRequest *req)
329 buffer[0] = 0x40 | req->cmd;
330 buffer[1] = (req->arg >> 24) & 0xff;
331 buffer[2] = (req->arg >> 16) & 0xff;
332 buffer[3] = (req->arg >> 8) & 0xff;
333 buffer[4] = (req->arg >> 0) & 0xff;
335 return sd_crc7(buffer, 5) != req->crc; /* TODO */
338 static void sd_response_r1_make(SDState *sd,
339 uint8_t *response, uint32_t last_status)
341 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
344 status = (sd->card_status & ~mask) | (last_status & mask);
345 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347 response[0] = (status >> 24) & 0xff;
348 response[1] = (status >> 16) & 0xff;
349 response[2] = (status >> 8) & 0xff;
350 response[3] = (status >> 0) & 0xff;
353 static void sd_response_r3_make(SDState *sd, uint8_t *response)
355 response[0] = (sd->ocr >> 24) & 0xff;
356 response[1] = (sd->ocr >> 16) & 0xff;
357 response[2] = (sd->ocr >> 8) & 0xff;
358 response[3] = (sd->ocr >> 0) & 0xff;
361 static void sd_response_r6_make(SDState *sd, uint8_t *response)
367 status = ((sd->card_status >> 8) & 0xc000) |
368 ((sd->card_status >> 6) & 0x2000) |
369 (sd->card_status & 0x1fff);
371 response[0] = (arg >> 8) & 0xff;
372 response[1] = arg & 0xff;
373 response[2] = (status >> 8) & 0xff;
374 response[3] = status & 0xff;
377 static void sd_response_r7_make(SDState *sd, uint8_t *response)
379 response[0] = (sd->vhs >> 24) & 0xff;
380 response[1] = (sd->vhs >> 16) & 0xff;
381 response[2] = (sd->vhs >> 8) & 0xff;
382 response[3] = (sd->vhs >> 0) & 0xff;
385 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
391 bdrv_get_geometry(bdrv, §);
399 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
401 sd->state = sd_idle_state;
406 sd_set_csd(sd, size);
407 sd_set_cardstatus(sd);
413 qemu_free(sd->wp_groups);
414 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
415 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
416 memset(sd->function_group, 0, sizeof(int) * 6);
424 static void sd_cardchange(void *opaque)
426 SDState *sd = opaque;
427 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
428 if (bdrv_is_inserted(sd->bdrv)) {
429 sd_reset(sd, sd->bdrv);
430 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
434 /* We do not model the chip select pin, so allow the board to select
435 whether card should be in SSI or MMC/SD mode. It is also up to the
436 board to ensure that ssi transfers only occur when the chip select
438 SDState *sd_init(BlockDriverState *bs, int is_spi)
442 sd = (SDState *) qemu_mallocz(sizeof(SDState));
443 sd->buf = qemu_memalign(512, 512);
448 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
453 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
455 sd->readonly_cb = readonly;
456 sd->inserted_cb = insert;
457 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
458 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
461 static void sd_erase(SDState *sd)
464 if (!sd->erase_start || !sd->erase_end) {
465 sd->card_status |= ERASE_SEQ_ERROR;
469 start = sd->erase_start >>
470 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
471 end = sd->erase_end >>
472 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 for (i = start; i <= end; i ++)
478 if (sd->wp_groups[i])
479 sd->card_status |= WP_ERASE_SKIP;
482 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
487 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
489 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
490 if (addr < sd->size && sd->wp_groups[wpnum])
496 static void sd_function_switch(SDState *sd, uint32_t arg)
498 int i, mode, new_func, crc;
499 mode = !!(arg & 0x80000000);
501 sd->data[0] = 0x00; /* Maximum current consumption */
503 sd->data[2] = 0x80; /* Supported group 6 functions */
505 sd->data[4] = 0x80; /* Supported group 5 functions */
507 sd->data[6] = 0x80; /* Supported group 4 functions */
509 sd->data[8] = 0x80; /* Supported group 3 functions */
511 sd->data[10] = 0x80; /* Supported group 2 functions */
513 sd->data[12] = 0x80; /* Supported group 1 functions */
515 for (i = 0; i < 6; i ++) {
516 new_func = (arg >> (i * 4)) & 0x0f;
517 if (mode && new_func != 0x0f)
518 sd->function_group[i] = new_func;
519 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
521 memset(&sd->data[17], 0, 47);
522 crc = sd_crc16(sd->data, 64);
523 sd->data[65] = crc >> 8;
524 sd->data[66] = crc & 0xff;
527 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
529 return sd->wp_groups[addr >>
530 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
533 static void sd_lock_command(SDState *sd)
535 int erase, lock, clr_pwd, set_pwd, pwd_len;
536 erase = !!(sd->data[0] & 0x08);
537 lock = sd->data[0] & 0x04;
538 clr_pwd = sd->data[0] & 0x02;
539 set_pwd = sd->data[0] & 0x01;
542 pwd_len = sd->data[1];
547 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
548 set_pwd || clr_pwd || lock || sd->wp_switch ||
549 (sd->csd[14] & 0x20)) {
550 sd->card_status |= LOCK_UNLOCK_FAILED;
553 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
554 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
555 sd->csd[14] &= ~0x10;
556 sd->card_status &= ~CARD_IS_LOCKED;
558 /* Erasing the entire card here! */
559 fprintf(stderr, "SD: Card force-erased by CMD42\n");
563 if (sd->blk_len < 2 + pwd_len ||
564 pwd_len <= sd->pwd_len ||
565 pwd_len > sd->pwd_len + 16) {
566 sd->card_status |= LOCK_UNLOCK_FAILED;
570 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
571 sd->card_status |= LOCK_UNLOCK_FAILED;
575 pwd_len -= sd->pwd_len;
576 if ((pwd_len && !set_pwd) ||
577 (clr_pwd && (set_pwd || lock)) ||
578 (lock && !sd->pwd_len && !set_pwd) ||
579 (!set_pwd && !clr_pwd &&
580 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
581 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
582 sd->card_status |= LOCK_UNLOCK_FAILED;
587 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
588 sd->pwd_len = pwd_len;
596 sd->card_status |= CARD_IS_LOCKED;
598 sd->card_status &= ~CARD_IS_LOCKED;
601 static sd_rsp_type_t sd_normal_command(SDState *sd,
604 uint32_t rca = 0x0000;
605 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
607 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
610 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
612 /* Basic commands (Class 0 and Class 1) */
613 case 0: /* CMD0: GO_IDLE_STATE */
615 case sd_inactive_state:
616 return sd->spi ? sd_r1 : sd_r0;
619 sd->state = sd_idle_state;
620 sd_reset(sd, sd->bdrv);
621 return sd->spi ? sd_r1 : sd_r0;
625 case 1: /* CMD1: SEND_OP_CMD */
629 sd->state = sd_transfer_state;
632 case 2: /* CMD2: ALL_SEND_CID */
637 sd->state = sd_identification_state;
645 case 3: /* CMD3: SEND_RELATIVE_ADDR */
649 case sd_identification_state:
650 case sd_standby_state:
651 sd->state = sd_standby_state;
660 case 4: /* CMD4: SEND_DSR */
664 case sd_standby_state:
672 case 5: /* CMD5: reserved for SDIO cards */
673 sd->card_status |= ILLEGAL_COMMAND;
676 case 6: /* CMD6: SWITCH_FUNCTION */
680 case sd_data_transfer_mode:
681 sd_function_switch(sd, req.arg);
682 sd->state = sd_sendingdata_state;
692 case 7: /* CMD7: SELECT/DESELECT_CARD */
696 case sd_standby_state:
700 sd->state = sd_transfer_state;
703 case sd_transfer_state:
704 case sd_sendingdata_state:
708 sd->state = sd_standby_state;
711 case sd_disconnect_state:
715 sd->state = sd_programming_state;
718 case sd_programming_state:
722 sd->state = sd_disconnect_state;
730 case 8: /* CMD8: SEND_IF_COND */
731 /* Physical Layer Specification Version 2.00 command */
736 /* No response if not exactly one VHS bit is set. */
737 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
738 return sd->spi ? sd_r7 : sd_r0;
749 case 9: /* CMD9: SEND_CSD */
751 case sd_standby_state:
757 case sd_transfer_state:
760 sd->state = sd_sendingdata_state;
761 memcpy(sd->data, sd->csd, 16);
762 sd->data_start = addr;
771 case 10: /* CMD10: SEND_CID */
773 case sd_standby_state:
779 case sd_transfer_state:
782 sd->state = sd_sendingdata_state;
783 memcpy(sd->data, sd->cid, 16);
784 sd->data_start = addr;
793 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
797 case sd_transfer_state:
798 sd->state = sd_sendingdata_state;
799 sd->data_start = req.arg;
802 if (sd->data_start + sd->blk_len > sd->size)
803 sd->card_status |= ADDRESS_ERROR;
811 case 12: /* CMD12: STOP_TRANSMISSION */
813 case sd_sendingdata_state:
814 sd->state = sd_transfer_state;
817 case sd_receivingdata_state:
818 sd->state = sd_programming_state;
819 /* Bzzzzzzztt .... Operation complete. */
820 sd->state = sd_transfer_state;
828 case 13: /* CMD13: SEND_STATUS */
830 case sd_data_transfer_mode:
841 case 15: /* CMD15: GO_INACTIVE_STATE */
845 case sd_data_transfer_mode:
849 sd->state = sd_inactive_state;
857 /* Block read commands (Classs 2) */
858 case 16: /* CMD16: SET_BLOCKLEN */
860 case sd_transfer_state:
861 if (req.arg > (1 << HWBLOCK_SHIFT))
862 sd->card_status |= BLOCK_LEN_ERROR;
864 sd->blk_len = req.arg;
873 case 17: /* CMD17: READ_SINGLE_BLOCK */
875 case sd_transfer_state:
876 sd->state = sd_sendingdata_state;
877 sd->data_start = addr;
880 if (sd->data_start + sd->blk_len > sd->size)
881 sd->card_status |= ADDRESS_ERROR;
889 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
891 case sd_transfer_state:
892 sd->state = sd_sendingdata_state;
893 sd->data_start = addr;
896 if (sd->data_start + sd->blk_len > sd->size)
897 sd->card_status |= ADDRESS_ERROR;
905 /* Block write commands (Class 4) */
906 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
908 goto unimplemented_cmd;
910 case sd_transfer_state:
911 /* Writing in SPI mode not implemented. */
914 sd->state = sd_receivingdata_state;
915 sd->data_start = addr;
919 if (sd->data_start + sd->blk_len > sd->size)
920 sd->card_status |= ADDRESS_ERROR;
921 if (sd_wp_addr(sd, sd->data_start))
922 sd->card_status |= WP_VIOLATION;
923 if (sd->csd[14] & 0x30)
924 sd->card_status |= WP_VIOLATION;
932 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
934 goto unimplemented_cmd;
936 case sd_transfer_state:
937 /* Writing in SPI mode not implemented. */
940 sd->state = sd_receivingdata_state;
941 sd->data_start = addr;
945 if (sd->data_start + sd->blk_len > sd->size)
946 sd->card_status |= ADDRESS_ERROR;
947 if (sd_wp_addr(sd, sd->data_start))
948 sd->card_status |= WP_VIOLATION;
949 if (sd->csd[14] & 0x30)
950 sd->card_status |= WP_VIOLATION;
958 case 26: /* CMD26: PROGRAM_CID */
962 case sd_transfer_state:
963 sd->state = sd_receivingdata_state;
973 case 27: /* CMD27: PROGRAM_CSD */
975 goto unimplemented_cmd;
977 case sd_transfer_state:
978 sd->state = sd_receivingdata_state;
988 /* Write protection (Class 6) */
989 case 28: /* CMD28: SET_WRITE_PROT */
991 case sd_transfer_state:
992 if (addr >= sd->size) {
993 sd->card_status = ADDRESS_ERROR;
997 sd->state = sd_programming_state;
998 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
999 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1000 /* Bzzzzzzztt .... Operation complete. */
1001 sd->state = sd_transfer_state;
1009 case 29: /* CMD29: CLR_WRITE_PROT */
1010 switch (sd->state) {
1011 case sd_transfer_state:
1012 if (addr >= sd->size) {
1013 sd->card_status = ADDRESS_ERROR;
1017 sd->state = sd_programming_state;
1018 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1019 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1020 /* Bzzzzzzztt .... Operation complete. */
1021 sd->state = sd_transfer_state;
1029 case 30: /* CMD30: SEND_WRITE_PROT */
1030 switch (sd->state) {
1031 case sd_transfer_state:
1032 sd->state = sd_sendingdata_state;
1033 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1034 sd->data_start = addr;
1035 sd->data_offset = 0;
1043 /* Erase commands (Class 5) */
1044 case 32: /* CMD32: ERASE_WR_BLK_START */
1045 switch (sd->state) {
1046 case sd_transfer_state:
1047 sd->erase_start = req.arg;
1055 case 33: /* CMD33: ERASE_WR_BLK_END */
1056 switch (sd->state) {
1057 case sd_transfer_state:
1058 sd->erase_end = req.arg;
1066 case 38: /* CMD38: ERASE */
1067 switch (sd->state) {
1068 case sd_transfer_state:
1069 if (sd->csd[14] & 0x30) {
1070 sd->card_status |= WP_VIOLATION;
1074 sd->state = sd_programming_state;
1076 /* Bzzzzzzztt .... Operation complete. */
1077 sd->state = sd_transfer_state;
1085 /* Lock card commands (Class 7) */
1086 case 42: /* CMD42: LOCK_UNLOCK */
1088 goto unimplemented_cmd;
1089 switch (sd->state) {
1090 case sd_transfer_state:
1091 sd->state = sd_receivingdata_state;
1093 sd->data_offset = 0;
1101 /* Application specific commands (Class 8) */
1102 case 55: /* CMD55: APP_CMD */
1106 sd->card_status |= APP_CMD;
1109 case 56: /* CMD56: GEN_CMD */
1110 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1112 switch (sd->state) {
1113 case sd_transfer_state:
1114 sd->data_offset = 0;
1116 sd->state = sd_sendingdata_state;
1118 sd->state = sd_receivingdata_state;
1128 sd->card_status |= ILLEGAL_COMMAND;
1130 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1134 /* Commands that are recognised but not yet implemented in SPI mode. */
1135 sd->card_status |= ILLEGAL_COMMAND;
1136 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1140 sd->card_status |= ILLEGAL_COMMAND;
1141 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1145 static sd_rsp_type_t sd_app_command(SDState *sd,
1149 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1150 rca = req.arg >> 16;
1152 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1154 case 6: /* ACMD6: SET_BUS_WIDTH */
1155 switch (sd->state) {
1156 case sd_transfer_state:
1157 sd->sd_status[0] &= 0x3f;
1158 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1166 case 13: /* ACMD13: SD_STATUS */
1167 switch (sd->state) {
1168 case sd_transfer_state:
1170 sd->data_offset = 0;
1178 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1179 switch (sd->state) {
1180 case sd_transfer_state:
1181 *(uint32_t *) sd->data = sd->blk_written;
1184 sd->data_offset = 0;
1192 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1193 switch (sd->state) {
1194 case sd_transfer_state:
1202 case 41: /* ACMD41: SD_APP_OP_COND */
1205 sd->state = sd_transfer_state;
1208 switch (sd->state) {
1210 /* We accept any voltage. 10000 V is nothing. */
1212 sd->state = sd_ready_state;
1221 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1222 switch (sd->state) {
1223 case sd_transfer_state:
1224 /* Bringing in the 50KOhm pull-up resistor... Done. */
1232 case 51: /* ACMD51: SEND_SCR */
1233 switch (sd->state) {
1234 case sd_transfer_state:
1235 sd->state = sd_sendingdata_state;
1237 sd->data_offset = 0;
1246 /* Fall back to standard commands. */
1247 sd->card_status &= ~APP_CMD;
1248 return sd_normal_command(sd, req);
1251 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1255 int sd_do_command(SDState *sd, SDRequest *req,
1256 uint8_t *response) {
1257 uint32_t last_status = sd->card_status;
1258 sd_rsp_type_t rtype;
1261 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1265 if (sd_req_crc_validate(req)) {
1266 sd->card_status &= ~COM_CRC_ERROR;
1270 sd->card_status &= ~CARD_STATUS_B;
1273 if (last_status & CARD_IS_LOCKED)
1274 if (((last_status & APP_CMD) &&
1276 (!(last_status & APP_CMD) &&
1277 (sd_cmd_class[req->cmd] == 0 ||
1278 sd_cmd_class[req->cmd] == 7 ||
1279 req->cmd == 16 || req->cmd == 55))) {
1280 sd->card_status |= ILLEGAL_COMMAND;
1281 fprintf(stderr, "SD: Card is locked\n");
1285 if (last_status & APP_CMD) {
1286 rtype = sd_app_command(sd, *req);
1287 sd->card_status &= ~APP_CMD;
1289 rtype = sd_normal_command(sd, *req);
1291 sd->current_cmd = req->cmd;
1296 sd_response_r1_make(sd, response, last_status);
1301 memcpy(response, sd->cid, sizeof(sd->cid));
1306 memcpy(response, sd->csd, sizeof(sd->csd));
1311 sd_response_r3_make(sd, response);
1316 sd_response_r6_make(sd, response);
1321 sd_response_r7_make(sd, response);
1331 if (sd->card_status & ILLEGAL_COMMAND)
1337 DPRINTF("Response:");
1338 for (i = 0; i < rsplen; i++)
1339 printf(" %02x", response[i]);
1340 printf(" state %d\n", sd->state);
1342 DPRINTF("No response %d\n", sd->state);
1349 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1351 uint64_t end = addr + len;
1353 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1354 (unsigned long long) addr, len);
1355 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1356 fprintf(stderr, "sd_blk_read: read error on host side\n");
1360 if (end > (addr & ~511) + 512) {
1361 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1363 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1364 fprintf(stderr, "sd_blk_read: read error on host side\n");
1367 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1369 memcpy(sd->data, sd->buf + (addr & 511), len);
1372 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1374 uint64_t end = addr + len;
1376 if ((addr & 511) || len < 512)
1377 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1378 fprintf(stderr, "sd_blk_write: read error on host side\n");
1382 if (end > (addr & ~511) + 512) {
1383 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1384 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1385 fprintf(stderr, "sd_blk_write: write error on host side\n");
1389 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1390 fprintf(stderr, "sd_blk_write: read error on host side\n");
1393 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1394 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1395 fprintf(stderr, "sd_blk_write: write error on host side\n");
1397 memcpy(sd->buf + (addr & 511), sd->data, len);
1398 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1399 fprintf(stderr, "sd_blk_write: write error on host side\n");
1403 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1404 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1405 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1406 #define APP_WRITE_BLOCK(a, len)
1408 void sd_write_data(SDState *sd, uint8_t value)
1412 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1415 if (sd->state != sd_receivingdata_state) {
1416 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1420 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1423 switch (sd->current_cmd) {
1424 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1425 sd->data[sd->data_offset ++] = value;
1426 if (sd->data_offset >= sd->blk_len) {
1427 /* TODO: Check CRC before committing */
1428 sd->state = sd_programming_state;
1429 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1431 sd->csd[14] |= 0x40;
1432 /* Bzzzzzzztt .... Operation complete. */
1433 sd->state = sd_transfer_state;
1437 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1438 sd->data[sd->data_offset ++] = value;
1439 if (sd->data_offset >= sd->blk_len) {
1440 /* TODO: Check CRC before committing */
1441 sd->state = sd_programming_state;
1442 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1444 sd->data_start += sd->blk_len;
1445 sd->data_offset = 0;
1446 if (sd->data_start + sd->blk_len > sd->size) {
1447 sd->card_status |= ADDRESS_ERROR;
1450 if (sd_wp_addr(sd, sd->data_start)) {
1451 sd->card_status |= WP_VIOLATION;
1454 sd->csd[14] |= 0x40;
1456 /* Bzzzzzzztt .... Operation complete. */
1457 sd->state = sd_receivingdata_state;
1461 case 26: /* CMD26: PROGRAM_CID */
1462 sd->data[sd->data_offset ++] = value;
1463 if (sd->data_offset >= sizeof(sd->cid)) {
1464 /* TODO: Check CRC before committing */
1465 sd->state = sd_programming_state;
1466 for (i = 0; i < sizeof(sd->cid); i ++)
1467 if ((sd->cid[i] | 0x00) != sd->data[i])
1468 sd->card_status |= CID_CSD_OVERWRITE;
1470 if (!(sd->card_status & CID_CSD_OVERWRITE))
1471 for (i = 0; i < sizeof(sd->cid); i ++) {
1473 sd->cid[i] &= sd->data[i];
1475 /* Bzzzzzzztt .... Operation complete. */
1476 sd->state = sd_transfer_state;
1480 case 27: /* CMD27: PROGRAM_CSD */
1481 sd->data[sd->data_offset ++] = value;
1482 if (sd->data_offset >= sizeof(sd->csd)) {
1483 /* TODO: Check CRC before committing */
1484 sd->state = sd_programming_state;
1485 for (i = 0; i < sizeof(sd->csd); i ++)
1486 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1487 (sd->data[i] | sd_csd_rw_mask[i]))
1488 sd->card_status |= CID_CSD_OVERWRITE;
1490 /* Copy flag (OTP) & Permanent write protect */
1491 if (sd->csd[14] & ~sd->data[14] & 0x60)
1492 sd->card_status |= CID_CSD_OVERWRITE;
1494 if (!(sd->card_status & CID_CSD_OVERWRITE))
1495 for (i = 0; i < sizeof(sd->csd); i ++) {
1496 sd->csd[i] |= sd_csd_rw_mask[i];
1497 sd->csd[i] &= sd->data[i];
1499 /* Bzzzzzzztt .... Operation complete. */
1500 sd->state = sd_transfer_state;
1504 case 42: /* CMD42: LOCK_UNLOCK */
1505 sd->data[sd->data_offset ++] = value;
1506 if (sd->data_offset >= sd->blk_len) {
1507 /* TODO: Check CRC before committing */
1508 sd->state = sd_programming_state;
1509 sd_lock_command(sd);
1510 /* Bzzzzzzztt .... Operation complete. */
1511 sd->state = sd_transfer_state;
1515 case 56: /* CMD56: GEN_CMD */
1516 sd->data[sd->data_offset ++] = value;
1517 if (sd->data_offset >= sd->blk_len) {
1518 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1519 sd->state = sd_transfer_state;
1524 fprintf(stderr, "sd_write_data: unknown command\n");
1529 uint8_t sd_read_data(SDState *sd)
1531 /* TODO: Append CRCs */
1535 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1538 if (sd->state != sd_sendingdata_state) {
1539 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1543 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1546 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1548 switch (sd->current_cmd) {
1549 case 6: /* CMD6: SWITCH_FUNCTION */
1550 ret = sd->data[sd->data_offset ++];
1552 if (sd->data_offset >= 64)
1553 sd->state = sd_transfer_state;
1556 case 9: /* CMD9: SEND_CSD */
1557 case 10: /* CMD10: SEND_CID */
1558 ret = sd->data[sd->data_offset ++];
1560 if (sd->data_offset >= 16)
1561 sd->state = sd_transfer_state;
1564 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1565 if (sd->data_offset == 0)
1566 BLK_READ_BLOCK(sd->data_start, io_len);
1567 ret = sd->data[sd->data_offset ++];
1569 if (sd->data_offset >= io_len) {
1570 sd->data_start += io_len;
1571 sd->data_offset = 0;
1572 if (sd->data_start + io_len > sd->size) {
1573 sd->card_status |= ADDRESS_ERROR;
1579 case 13: /* ACMD13: SD_STATUS */
1580 ret = sd->sd_status[sd->data_offset ++];
1582 if (sd->data_offset >= sizeof(sd->sd_status))
1583 sd->state = sd_transfer_state;
1586 case 17: /* CMD17: READ_SINGLE_BLOCK */
1587 if (sd->data_offset == 0)
1588 BLK_READ_BLOCK(sd->data_start, io_len);
1589 ret = sd->data[sd->data_offset ++];
1591 if (sd->data_offset >= io_len)
1592 sd->state = sd_transfer_state;
1595 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1596 if (sd->data_offset == 0)
1597 BLK_READ_BLOCK(sd->data_start, io_len);
1598 ret = sd->data[sd->data_offset ++];
1600 if (sd->data_offset >= io_len) {
1601 sd->data_start += io_len;
1602 sd->data_offset = 0;
1603 if (sd->data_start + io_len > sd->size) {
1604 sd->card_status |= ADDRESS_ERROR;
1610 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1611 ret = sd->data[sd->data_offset ++];
1613 if (sd->data_offset >= 4)
1614 sd->state = sd_transfer_state;
1617 case 30: /* CMD30: SEND_WRITE_PROT */
1618 ret = sd->data[sd->data_offset ++];
1620 if (sd->data_offset >= 4)
1621 sd->state = sd_transfer_state;
1624 case 51: /* ACMD51: SEND_SCR */
1625 ret = sd->scr[sd->data_offset ++];
1627 if (sd->data_offset >= sizeof(sd->scr))
1628 sd->state = sd_transfer_state;
1631 case 56: /* CMD56: GEN_CMD */
1632 if (sd->data_offset == 0)
1633 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1634 ret = sd->data[sd->data_offset ++];
1636 if (sd->data_offset >= sd->blk_len)
1637 sd->state = sd_transfer_state;
1641 fprintf(stderr, "sd_read_data: unknown command\n");
1648 int sd_data_ready(SDState *sd)
1650 return sd->state == sd_sendingdata_state;
1653 void sd_enable(SDState *sd, int enable)
1655 sd->enable = enable;
projects / qemu.git / blob