2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
63 sd_inactive_state = -1,
66 sd_identification_state,
70 sd_receivingdata_state,
80 uint8_t sd_status[64];
90 int function_group[6];
100 BlockDriverState *bdrv;
106 static void sd_set_status(SDState *sd)
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
178 static uint16_t sd_crc16(void *message, size_t width)
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint64_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 if (size <= 0x40000000) { /* Standard Capacity SD */
259 sd->csd[0] = 0x00; /* CSD structure */
260 sd->csd[1] = 0x26; /* Data read access-time-1 */
261 sd->csd[2] = 0x00; /* Data read access-time-2 */
262 sd->csd[3] = 0x5a; /* Max. data transfer rate */
263 sd->csd[4] = 0x5f; /* Card Command Classes */
264 sd->csd[5] = 0x50 | /* Max. read data block length */
266 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize >> 10) & 0x03);
268 sd->csd[7] = 0x00 | /* Device size */
269 ((csize >> 2) & 0xff);
270 sd->csd[8] = 0x3f | /* Max. read current */
271 ((csize << 6) & 0xc0);
272 sd->csd[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT - 2) >> 1);
274 sd->csd[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
276 sd->csd[11] = 0x00 | /* Write protect group size */
277 ((sectsize << 7) & 0x80) | wpsize;
278 sd->csd[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT >> 2);
280 sd->csd[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT << 6) & 0xc0);
282 sd->csd[14] = 0x00; /* File format group */
283 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
294 sd->csd[7] = (size >> 16) & 0xff;
295 sd->csd[8] = (size >> 8) & 0xff;
296 sd->csd[9] = (size & 0xff);
303 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
307 static void sd_set_rca(SDState *sd)
312 /* Card status bits, split by clear condition:
313 * A : According to the card current state
314 * B : Always related to the previous command
315 * C : Cleared by read
317 #define CARD_STATUS_A 0x02004100
318 #define CARD_STATUS_B 0x00c01e00
319 #define CARD_STATUS_C 0xfd39a028
321 static void sd_set_cardstatus(SDState *sd)
323 sd->card_status = 0x00000100;
326 static void sd_set_sdstatus(SDState *sd)
328 memset(sd->sd_status, 0, 64);
331 static int sd_req_crc_validate(SDRequest *req)
334 buffer[0] = 0x40 | req->cmd;
335 buffer[1] = (req->arg >> 24) & 0xff;
336 buffer[2] = (req->arg >> 16) & 0xff;
337 buffer[3] = (req->arg >> 8) & 0xff;
338 buffer[4] = (req->arg >> 0) & 0xff;
340 return sd_crc7(buffer, 5) != req->crc; /* TODO */
343 static void sd_response_r1_make(SDState *sd,
344 uint8_t *response, uint32_t last_status)
346 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
349 status = (sd->card_status & ~mask) | (last_status & mask);
350 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
352 response[0] = (status >> 24) & 0xff;
353 response[1] = (status >> 16) & 0xff;
354 response[2] = (status >> 8) & 0xff;
355 response[3] = (status >> 0) & 0xff;
358 static void sd_response_r3_make(SDState *sd, uint8_t *response)
360 response[0] = (sd->ocr >> 24) & 0xff;
361 response[1] = (sd->ocr >> 16) & 0xff;
362 response[2] = (sd->ocr >> 8) & 0xff;
363 response[3] = (sd->ocr >> 0) & 0xff;
366 static void sd_response_r6_make(SDState *sd, uint8_t *response)
372 status = ((sd->card_status >> 8) & 0xc000) |
373 ((sd->card_status >> 6) & 0x2000) |
374 (sd->card_status & 0x1fff);
376 response[0] = (arg >> 8) & 0xff;
377 response[1] = arg & 0xff;
378 response[2] = (status >> 8) & 0xff;
379 response[3] = status & 0xff;
382 static void sd_response_r7_make(SDState *sd, uint8_t *response)
384 response[0] = (sd->vhs >> 24) & 0xff;
385 response[1] = (sd->vhs >> 16) & 0xff;
386 response[2] = (sd->vhs >> 8) & 0xff;
387 response[3] = (sd->vhs >> 0) & 0xff;
390 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
396 bdrv_get_geometry(bdrv, §);
402 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
404 sd->state = sd_idle_state;
409 sd_set_csd(sd, size);
410 sd_set_cardstatus(sd);
416 g_free(sd->wp_groups);
417 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
418 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
419 memset(sd->function_group, 0, sizeof(int) * 6);
427 static void sd_cardchange(void *opaque, bool load)
429 SDState *sd = opaque;
431 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
432 if (bdrv_is_inserted(sd->bdrv)) {
433 sd_reset(sd, sd->bdrv);
434 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
438 static const BlockDevOps sd_block_ops = {
439 .change_media_cb = sd_cardchange,
442 /* We do not model the chip select pin, so allow the board to select
443 whether card should be in SSI or MMC/SD mode. It is also up to the
444 board to ensure that ssi transfers only occur when the chip select
446 SDState *sd_init(BlockDriverState *bs, int is_spi)
450 sd = (SDState *) g_malloc0(sizeof(SDState));
451 sd->buf = qemu_blockalign(bs, 512);
456 bdrv_attach_dev_nofail(sd->bdrv, sd);
457 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
462 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
464 sd->readonly_cb = readonly;
465 sd->inserted_cb = insert;
466 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
467 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
470 static void sd_erase(SDState *sd)
473 if (!sd->erase_start || !sd->erase_end) {
474 sd->card_status |= ERASE_SEQ_ERROR;
478 start = sd->erase_start >>
479 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
480 end = sd->erase_end >>
481 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
486 for (i = start; i <= end; i ++)
487 if (sd->wp_groups[i])
488 sd->card_status |= WP_ERASE_SKIP;
491 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
496 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
498 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
499 if (addr < sd->size && sd->wp_groups[wpnum])
505 static void sd_function_switch(SDState *sd, uint32_t arg)
507 int i, mode, new_func, crc;
508 mode = !!(arg & 0x80000000);
510 sd->data[0] = 0x00; /* Maximum current consumption */
512 sd->data[2] = 0x80; /* Supported group 6 functions */
514 sd->data[4] = 0x80; /* Supported group 5 functions */
516 sd->data[6] = 0x80; /* Supported group 4 functions */
518 sd->data[8] = 0x80; /* Supported group 3 functions */
520 sd->data[10] = 0x80; /* Supported group 2 functions */
522 sd->data[12] = 0x80; /* Supported group 1 functions */
524 for (i = 0; i < 6; i ++) {
525 new_func = (arg >> (i * 4)) & 0x0f;
526 if (mode && new_func != 0x0f)
527 sd->function_group[i] = new_func;
528 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
530 memset(&sd->data[17], 0, 47);
531 crc = sd_crc16(sd->data, 64);
532 sd->data[65] = crc >> 8;
533 sd->data[66] = crc & 0xff;
536 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
538 return sd->wp_groups[addr >>
539 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
542 static void sd_lock_command(SDState *sd)
544 int erase, lock, clr_pwd, set_pwd, pwd_len;
545 erase = !!(sd->data[0] & 0x08);
546 lock = sd->data[0] & 0x04;
547 clr_pwd = sd->data[0] & 0x02;
548 set_pwd = sd->data[0] & 0x01;
551 pwd_len = sd->data[1];
556 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
557 set_pwd || clr_pwd || lock || sd->wp_switch ||
558 (sd->csd[14] & 0x20)) {
559 sd->card_status |= LOCK_UNLOCK_FAILED;
562 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
563 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
564 sd->csd[14] &= ~0x10;
565 sd->card_status &= ~CARD_IS_LOCKED;
567 /* Erasing the entire card here! */
568 fprintf(stderr, "SD: Card force-erased by CMD42\n");
572 if (sd->blk_len < 2 + pwd_len ||
573 pwd_len <= sd->pwd_len ||
574 pwd_len > sd->pwd_len + 16) {
575 sd->card_status |= LOCK_UNLOCK_FAILED;
579 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
580 sd->card_status |= LOCK_UNLOCK_FAILED;
584 pwd_len -= sd->pwd_len;
585 if ((pwd_len && !set_pwd) ||
586 (clr_pwd && (set_pwd || lock)) ||
587 (lock && !sd->pwd_len && !set_pwd) ||
588 (!set_pwd && !clr_pwd &&
589 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
590 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
591 sd->card_status |= LOCK_UNLOCK_FAILED;
596 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
597 sd->pwd_len = pwd_len;
605 sd->card_status |= CARD_IS_LOCKED;
607 sd->card_status &= ~CARD_IS_LOCKED;
610 static sd_rsp_type_t sd_normal_command(SDState *sd,
613 uint32_t rca = 0x0000;
614 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
616 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
619 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
621 /* Basic commands (Class 0 and Class 1) */
622 case 0: /* CMD0: GO_IDLE_STATE */
624 case sd_inactive_state:
625 return sd->spi ? sd_r1 : sd_r0;
628 sd->state = sd_idle_state;
629 sd_reset(sd, sd->bdrv);
630 return sd->spi ? sd_r1 : sd_r0;
634 case 1: /* CMD1: SEND_OP_CMD */
638 sd->state = sd_transfer_state;
641 case 2: /* CMD2: ALL_SEND_CID */
646 sd->state = sd_identification_state;
654 case 3: /* CMD3: SEND_RELATIVE_ADDR */
658 case sd_identification_state:
659 case sd_standby_state:
660 sd->state = sd_standby_state;
669 case 4: /* CMD4: SEND_DSR */
673 case sd_standby_state:
681 case 5: /* CMD5: reserved for SDIO cards */
682 sd->card_status |= ILLEGAL_COMMAND;
685 case 6: /* CMD6: SWITCH_FUNCTION */
689 case sd_data_transfer_mode:
690 sd_function_switch(sd, req.arg);
691 sd->state = sd_sendingdata_state;
701 case 7: /* CMD7: SELECT/DESELECT_CARD */
705 case sd_standby_state:
709 sd->state = sd_transfer_state;
712 case sd_transfer_state:
713 case sd_sendingdata_state:
717 sd->state = sd_standby_state;
720 case sd_disconnect_state:
724 sd->state = sd_programming_state;
727 case sd_programming_state:
731 sd->state = sd_disconnect_state;
739 case 8: /* CMD8: SEND_IF_COND */
740 /* Physical Layer Specification Version 2.00 command */
745 /* No response if not exactly one VHS bit is set. */
746 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
747 return sd->spi ? sd_r7 : sd_r0;
758 case 9: /* CMD9: SEND_CSD */
760 case sd_standby_state:
766 case sd_transfer_state:
769 sd->state = sd_sendingdata_state;
770 memcpy(sd->data, sd->csd, 16);
771 sd->data_start = addr;
780 case 10: /* CMD10: SEND_CID */
782 case sd_standby_state:
788 case sd_transfer_state:
791 sd->state = sd_sendingdata_state;
792 memcpy(sd->data, sd->cid, 16);
793 sd->data_start = addr;
802 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
806 case sd_transfer_state:
807 sd->state = sd_sendingdata_state;
808 sd->data_start = req.arg;
811 if (sd->data_start + sd->blk_len > sd->size)
812 sd->card_status |= ADDRESS_ERROR;
820 case 12: /* CMD12: STOP_TRANSMISSION */
822 case sd_sendingdata_state:
823 sd->state = sd_transfer_state;
826 case sd_receivingdata_state:
827 sd->state = sd_programming_state;
828 /* Bzzzzzzztt .... Operation complete. */
829 sd->state = sd_transfer_state;
837 case 13: /* CMD13: SEND_STATUS */
839 case sd_data_transfer_mode:
850 case 15: /* CMD15: GO_INACTIVE_STATE */
854 case sd_data_transfer_mode:
858 sd->state = sd_inactive_state;
866 /* Block read commands (Classs 2) */
867 case 16: /* CMD16: SET_BLOCKLEN */
869 case sd_transfer_state:
870 if (req.arg > (1 << HWBLOCK_SHIFT))
871 sd->card_status |= BLOCK_LEN_ERROR;
873 sd->blk_len = req.arg;
882 case 17: /* CMD17: READ_SINGLE_BLOCK */
884 case sd_transfer_state:
885 sd->state = sd_sendingdata_state;
886 sd->data_start = addr;
889 if (sd->data_start + sd->blk_len > sd->size)
890 sd->card_status |= ADDRESS_ERROR;
898 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
900 case sd_transfer_state:
901 sd->state = sd_sendingdata_state;
902 sd->data_start = addr;
905 if (sd->data_start + sd->blk_len > sd->size)
906 sd->card_status |= ADDRESS_ERROR;
914 /* Block write commands (Class 4) */
915 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
917 goto unimplemented_cmd;
919 case sd_transfer_state:
920 /* Writing in SPI mode not implemented. */
923 sd->state = sd_receivingdata_state;
924 sd->data_start = addr;
928 if (sd->data_start + sd->blk_len > sd->size)
929 sd->card_status |= ADDRESS_ERROR;
930 if (sd_wp_addr(sd, sd->data_start))
931 sd->card_status |= WP_VIOLATION;
932 if (sd->csd[14] & 0x30)
933 sd->card_status |= WP_VIOLATION;
941 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
943 goto unimplemented_cmd;
945 case sd_transfer_state:
946 /* Writing in SPI mode not implemented. */
949 sd->state = sd_receivingdata_state;
950 sd->data_start = addr;
954 if (sd->data_start + sd->blk_len > sd->size)
955 sd->card_status |= ADDRESS_ERROR;
956 if (sd_wp_addr(sd, sd->data_start))
957 sd->card_status |= WP_VIOLATION;
958 if (sd->csd[14] & 0x30)
959 sd->card_status |= WP_VIOLATION;
967 case 26: /* CMD26: PROGRAM_CID */
971 case sd_transfer_state:
972 sd->state = sd_receivingdata_state;
982 case 27: /* CMD27: PROGRAM_CSD */
984 goto unimplemented_cmd;
986 case sd_transfer_state:
987 sd->state = sd_receivingdata_state;
997 /* Write protection (Class 6) */
998 case 28: /* CMD28: SET_WRITE_PROT */
1000 case sd_transfer_state:
1001 if (addr >= sd->size) {
1002 sd->card_status |= ADDRESS_ERROR;
1006 sd->state = sd_programming_state;
1007 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1008 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1009 /* Bzzzzzzztt .... Operation complete. */
1010 sd->state = sd_transfer_state;
1018 case 29: /* CMD29: CLR_WRITE_PROT */
1019 switch (sd->state) {
1020 case sd_transfer_state:
1021 if (addr >= sd->size) {
1022 sd->card_status |= ADDRESS_ERROR;
1026 sd->state = sd_programming_state;
1027 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1028 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1029 /* Bzzzzzzztt .... Operation complete. */
1030 sd->state = sd_transfer_state;
1038 case 30: /* CMD30: SEND_WRITE_PROT */
1039 switch (sd->state) {
1040 case sd_transfer_state:
1041 sd->state = sd_sendingdata_state;
1042 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1043 sd->data_start = addr;
1044 sd->data_offset = 0;
1052 /* Erase commands (Class 5) */
1053 case 32: /* CMD32: ERASE_WR_BLK_START */
1054 switch (sd->state) {
1055 case sd_transfer_state:
1056 sd->erase_start = req.arg;
1064 case 33: /* CMD33: ERASE_WR_BLK_END */
1065 switch (sd->state) {
1066 case sd_transfer_state:
1067 sd->erase_end = req.arg;
1075 case 38: /* CMD38: ERASE */
1076 switch (sd->state) {
1077 case sd_transfer_state:
1078 if (sd->csd[14] & 0x30) {
1079 sd->card_status |= WP_VIOLATION;
1083 sd->state = sd_programming_state;
1085 /* Bzzzzzzztt .... Operation complete. */
1086 sd->state = sd_transfer_state;
1094 /* Lock card commands (Class 7) */
1095 case 42: /* CMD42: LOCK_UNLOCK */
1097 goto unimplemented_cmd;
1098 switch (sd->state) {
1099 case sd_transfer_state:
1100 sd->state = sd_receivingdata_state;
1102 sd->data_offset = 0;
1112 /* CMD52, CMD53: reserved for SDIO cards
1113 * (see the SDIO Simplified Specification V2.0)
1114 * Handle as illegal command but do not complain
1115 * on stderr, as some OSes may use these in their
1116 * probing for presence of an SDIO card.
1118 sd->card_status |= ILLEGAL_COMMAND;
1121 /* Application specific commands (Class 8) */
1122 case 55: /* CMD55: APP_CMD */
1126 sd->card_status |= APP_CMD;
1129 case 56: /* CMD56: GEN_CMD */
1130 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1132 switch (sd->state) {
1133 case sd_transfer_state:
1134 sd->data_offset = 0;
1136 sd->state = sd_sendingdata_state;
1138 sd->state = sd_receivingdata_state;
1148 sd->card_status |= ILLEGAL_COMMAND;
1150 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1154 /* Commands that are recognised but not yet implemented in SPI mode. */
1155 sd->card_status |= ILLEGAL_COMMAND;
1156 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1160 sd->card_status |= ILLEGAL_COMMAND;
1161 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1165 static sd_rsp_type_t sd_app_command(SDState *sd,
1168 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1170 case 6: /* ACMD6: SET_BUS_WIDTH */
1171 switch (sd->state) {
1172 case sd_transfer_state:
1173 sd->sd_status[0] &= 0x3f;
1174 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1182 case 13: /* ACMD13: SD_STATUS */
1183 switch (sd->state) {
1184 case sd_transfer_state:
1185 sd->state = sd_sendingdata_state;
1187 sd->data_offset = 0;
1195 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1196 switch (sd->state) {
1197 case sd_transfer_state:
1198 *(uint32_t *) sd->data = sd->blk_written;
1200 sd->state = sd_sendingdata_state;
1202 sd->data_offset = 0;
1210 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1211 switch (sd->state) {
1212 case sd_transfer_state:
1220 case 41: /* ACMD41: SD_APP_OP_COND */
1223 sd->state = sd_transfer_state;
1226 switch (sd->state) {
1228 /* We accept any voltage. 10000 V is nothing. */
1230 sd->state = sd_ready_state;
1239 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1240 switch (sd->state) {
1241 case sd_transfer_state:
1242 /* Bringing in the 50KOhm pull-up resistor... Done. */
1250 case 51: /* ACMD51: SEND_SCR */
1251 switch (sd->state) {
1252 case sd_transfer_state:
1253 sd->state = sd_sendingdata_state;
1255 sd->data_offset = 0;
1264 /* Fall back to standard commands. */
1265 sd->card_status &= ~APP_CMD;
1266 return sd_normal_command(sd, req);
1269 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1273 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1275 /* Valid commands in locked state:
1277 * lock card class (7)
1279 * implicitly, the ACMD prefix CMD55
1281 * Anything else provokes an "illegal command" response.
1283 if (sd->card_status & APP_CMD) {
1284 return req->cmd == 41 || req->cmd == 42;
1286 if (req->cmd == 16 || req->cmd == 55) {
1289 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1292 int sd_do_command(SDState *sd, SDRequest *req,
1293 uint8_t *response) {
1294 uint32_t last_status = sd->card_status;
1295 sd_rsp_type_t rtype;
1298 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1302 if (sd_req_crc_validate(req)) {
1303 sd->card_status |= COM_CRC_ERROR;
1307 sd->card_status &= ~CARD_STATUS_B;
1310 if (last_status & CARD_IS_LOCKED) {
1311 if (!cmd_valid_while_locked(sd, req)) {
1312 sd->card_status |= ILLEGAL_COMMAND;
1313 fprintf(stderr, "SD: Card is locked\n");
1318 if (last_status & APP_CMD) {
1319 rtype = sd_app_command(sd, *req);
1320 sd->card_status &= ~APP_CMD;
1322 rtype = sd_normal_command(sd, *req);
1324 sd->current_cmd = req->cmd;
1329 sd_response_r1_make(sd, response, last_status);
1334 memcpy(response, sd->cid, sizeof(sd->cid));
1339 memcpy(response, sd->csd, sizeof(sd->csd));
1344 sd_response_r3_make(sd, response);
1349 sd_response_r6_make(sd, response);
1354 sd_response_r7_make(sd, response);
1364 if (sd->card_status & ILLEGAL_COMMAND)
1370 DPRINTF("Response:");
1371 for (i = 0; i < rsplen; i++)
1372 printf(" %02x", response[i]);
1373 printf(" state %d\n", sd->state);
1375 DPRINTF("No response %d\n", sd->state);
1382 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1384 uint64_t end = addr + len;
1386 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1387 (unsigned long long) addr, len);
1388 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1389 fprintf(stderr, "sd_blk_read: read error on host side\n");
1393 if (end > (addr & ~511) + 512) {
1394 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1396 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1397 fprintf(stderr, "sd_blk_read: read error on host side\n");
1400 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1402 memcpy(sd->data, sd->buf + (addr & 511), len);
1405 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1407 uint64_t end = addr + len;
1409 if ((addr & 511) || len < 512)
1410 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1411 fprintf(stderr, "sd_blk_write: read error on host side\n");
1415 if (end > (addr & ~511) + 512) {
1416 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1417 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1418 fprintf(stderr, "sd_blk_write: write error on host side\n");
1422 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1423 fprintf(stderr, "sd_blk_write: read error on host side\n");
1426 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1427 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1428 fprintf(stderr, "sd_blk_write: write error on host side\n");
1430 memcpy(sd->buf + (addr & 511), sd->data, len);
1431 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1432 fprintf(stderr, "sd_blk_write: write error on host side\n");
1436 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1437 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1438 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1439 #define APP_WRITE_BLOCK(a, len)
1441 void sd_write_data(SDState *sd, uint8_t value)
1445 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1448 if (sd->state != sd_receivingdata_state) {
1449 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1453 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1456 switch (sd->current_cmd) {
1457 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1458 sd->data[sd->data_offset ++] = value;
1459 if (sd->data_offset >= sd->blk_len) {
1460 /* TODO: Check CRC before committing */
1461 sd->state = sd_programming_state;
1462 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1464 sd->csd[14] |= 0x40;
1465 /* Bzzzzzzztt .... Operation complete. */
1466 sd->state = sd_transfer_state;
1470 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1471 if (sd->data_offset == 0) {
1472 /* Start of the block - lets check the address is valid */
1473 if (sd->data_start + sd->blk_len > sd->size) {
1474 sd->card_status |= ADDRESS_ERROR;
1477 if (sd_wp_addr(sd, sd->data_start)) {
1478 sd->card_status |= WP_VIOLATION;
1482 sd->data[sd->data_offset++] = value;
1483 if (sd->data_offset >= sd->blk_len) {
1484 /* TODO: Check CRC before committing */
1485 sd->state = sd_programming_state;
1486 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1488 sd->data_start += sd->blk_len;
1489 sd->data_offset = 0;
1490 sd->csd[14] |= 0x40;
1492 /* Bzzzzzzztt .... Operation complete. */
1493 sd->state = sd_receivingdata_state;
1497 case 26: /* CMD26: PROGRAM_CID */
1498 sd->data[sd->data_offset ++] = value;
1499 if (sd->data_offset >= sizeof(sd->cid)) {
1500 /* TODO: Check CRC before committing */
1501 sd->state = sd_programming_state;
1502 for (i = 0; i < sizeof(sd->cid); i ++)
1503 if ((sd->cid[i] | 0x00) != sd->data[i])
1504 sd->card_status |= CID_CSD_OVERWRITE;
1506 if (!(sd->card_status & CID_CSD_OVERWRITE))
1507 for (i = 0; i < sizeof(sd->cid); i ++) {
1509 sd->cid[i] &= sd->data[i];
1511 /* Bzzzzzzztt .... Operation complete. */
1512 sd->state = sd_transfer_state;
1516 case 27: /* CMD27: PROGRAM_CSD */
1517 sd->data[sd->data_offset ++] = value;
1518 if (sd->data_offset >= sizeof(sd->csd)) {
1519 /* TODO: Check CRC before committing */
1520 sd->state = sd_programming_state;
1521 for (i = 0; i < sizeof(sd->csd); i ++)
1522 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1523 (sd->data[i] | sd_csd_rw_mask[i]))
1524 sd->card_status |= CID_CSD_OVERWRITE;
1526 /* Copy flag (OTP) & Permanent write protect */
1527 if (sd->csd[14] & ~sd->data[14] & 0x60)
1528 sd->card_status |= CID_CSD_OVERWRITE;
1530 if (!(sd->card_status & CID_CSD_OVERWRITE))
1531 for (i = 0; i < sizeof(sd->csd); i ++) {
1532 sd->csd[i] |= sd_csd_rw_mask[i];
1533 sd->csd[i] &= sd->data[i];
1535 /* Bzzzzzzztt .... Operation complete. */
1536 sd->state = sd_transfer_state;
1540 case 42: /* CMD42: LOCK_UNLOCK */
1541 sd->data[sd->data_offset ++] = value;
1542 if (sd->data_offset >= sd->blk_len) {
1543 /* TODO: Check CRC before committing */
1544 sd->state = sd_programming_state;
1545 sd_lock_command(sd);
1546 /* Bzzzzzzztt .... Operation complete. */
1547 sd->state = sd_transfer_state;
1551 case 56: /* CMD56: GEN_CMD */
1552 sd->data[sd->data_offset ++] = value;
1553 if (sd->data_offset >= sd->blk_len) {
1554 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1555 sd->state = sd_transfer_state;
1560 fprintf(stderr, "sd_write_data: unknown command\n");
1565 uint8_t sd_read_data(SDState *sd)
1567 /* TODO: Append CRCs */
1571 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1574 if (sd->state != sd_sendingdata_state) {
1575 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1579 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1582 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1584 switch (sd->current_cmd) {
1585 case 6: /* CMD6: SWITCH_FUNCTION */
1586 ret = sd->data[sd->data_offset ++];
1588 if (sd->data_offset >= 64)
1589 sd->state = sd_transfer_state;
1592 case 9: /* CMD9: SEND_CSD */
1593 case 10: /* CMD10: SEND_CID */
1594 ret = sd->data[sd->data_offset ++];
1596 if (sd->data_offset >= 16)
1597 sd->state = sd_transfer_state;
1600 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1601 if (sd->data_offset == 0)
1602 BLK_READ_BLOCK(sd->data_start, io_len);
1603 ret = sd->data[sd->data_offset ++];
1605 if (sd->data_offset >= io_len) {
1606 sd->data_start += io_len;
1607 sd->data_offset = 0;
1608 if (sd->data_start + io_len > sd->size) {
1609 sd->card_status |= ADDRESS_ERROR;
1615 case 13: /* ACMD13: SD_STATUS */
1616 ret = sd->sd_status[sd->data_offset ++];
1618 if (sd->data_offset >= sizeof(sd->sd_status))
1619 sd->state = sd_transfer_state;
1622 case 17: /* CMD17: READ_SINGLE_BLOCK */
1623 if (sd->data_offset == 0)
1624 BLK_READ_BLOCK(sd->data_start, io_len);
1625 ret = sd->data[sd->data_offset ++];
1627 if (sd->data_offset >= io_len)
1628 sd->state = sd_transfer_state;
1631 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1632 if (sd->data_offset == 0)
1633 BLK_READ_BLOCK(sd->data_start, io_len);
1634 ret = sd->data[sd->data_offset ++];
1636 if (sd->data_offset >= io_len) {
1637 sd->data_start += io_len;
1638 sd->data_offset = 0;
1639 if (sd->data_start + io_len > sd->size) {
1640 sd->card_status |= ADDRESS_ERROR;
1646 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1647 ret = sd->data[sd->data_offset ++];
1649 if (sd->data_offset >= 4)
1650 sd->state = sd_transfer_state;
1653 case 30: /* CMD30: SEND_WRITE_PROT */
1654 ret = sd->data[sd->data_offset ++];
1656 if (sd->data_offset >= 4)
1657 sd->state = sd_transfer_state;
1660 case 51: /* ACMD51: SEND_SCR */
1661 ret = sd->scr[sd->data_offset ++];
1663 if (sd->data_offset >= sizeof(sd->scr))
1664 sd->state = sd_transfer_state;
1667 case 56: /* CMD56: GEN_CMD */
1668 if (sd->data_offset == 0)
1669 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1670 ret = sd->data[sd->data_offset ++];
1672 if (sd->data_offset >= sd->blk_len)
1673 sd->state = sd_transfer_state;
1677 fprintf(stderr, "sd_read_data: unknown command\n");
1684 int sd_data_ready(SDState *sd)
1686 return sd->state == sd_sendingdata_state;
1689 void sd_enable(SDState *sd, int enable)
1691 sd->enable = enable;
projects / qemu.git / blob