2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { printf("SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0
= 0, /* no response */
47 sd_r1
, /* normal response command */
48 sd_r2_i
, /* CID register */
49 sd_r2_s
, /* CSD register */
50 sd_r3
, /* OCR register */
51 sd_r6
= 6, /* Published RCA response */
58 sd_card_identification_mode
,
59 sd_data_transfer_mode
,
62 sd_inactive_state
= -1,
65 sd_identification_state
,
69 sd_receivingdata_state
,
79 uint8_t sd_status
[64];
88 int function_group
[6];
98 BlockDriverState
*bdrv
;
102 static void sd_set_status(SDState
*sd
)
105 case sd_inactive_state
:
106 sd
->mode
= sd_inactive
;
111 case sd_identification_state
:
112 sd
->mode
= sd_card_identification_mode
;
115 case sd_standby_state
:
116 case sd_transfer_state
:
117 case sd_sendingdata_state
:
118 case sd_receivingdata_state
:
119 case sd_programming_state
:
120 case sd_disconnect_state
:
121 sd
->mode
= sd_data_transfer_mode
;
125 sd
->card_status
&= ~CURRENT_STATE
;
126 sd
->card_status
|= sd
->state
<< 9;
129 const sd_cmd_type_t sd_cmd_type
[64] = {
130 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
131 sd_none
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
132 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
133 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
134 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
135 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
136 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
137 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
140 const sd_cmd_type_t sd_acmd_type
[64] = {
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
142 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
143 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
144 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
145 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
146 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
147 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
148 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
151 static const int sd_cmd_class
[64] = {
152 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
153 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
154 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
155 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
158 static uint8_t sd_crc7(void *message
, size_t width
)
161 uint8_t shift_reg
= 0x00;
162 uint8_t *msg
= (uint8_t *) message
;
164 for (i
= 0; i
< width
; i
++, msg
++)
165 for (bit
= 7; bit
>= 0; bit
--) {
167 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
174 static uint16_t sd_crc16(void *message
, size_t width
)
177 uint16_t shift_reg
= 0x0000;
178 uint16_t *msg
= (uint16_t *) message
;
181 for (i
= 0; i
< width
; i
++, msg
++)
182 for (bit
= 15; bit
>= 0; bit
--) {
184 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
191 static void sd_set_ocr(SDState
*sd
)
193 sd
->ocr
= 0x80ffff80;
196 static void sd_set_scr(SDState
*sd
)
198 sd
->scr
[0] = 0x00; /* SCR Structure */
199 sd
->scr
[1] = 0x2f; /* SD Security Support */
215 static void sd_set_cid(SDState
*sd
)
217 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
218 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
220 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
225 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
226 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
230 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
231 ((MDT_YR
- 2000) / 10);
232 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
233 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
236 #define HWBLOCK_SHIFT 9 /* 512 bytes */
237 #define SECTOR_SHIFT 5 /* 16 kilobytes */
238 #define WPGROUP_SHIFT 7 /* 2 megs */
239 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
240 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
241 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
242 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
244 static const uint8_t sd_csd_rw_mask
[16] = {
245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
249 static void sd_set_csd(SDState
*sd
, uint32_t size
)
251 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
252 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
253 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
255 sd
->csd
[0] = 0x00; /* CSD structure */
256 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
257 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
258 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
259 sd
->csd
[4] = 0x5f; /* Card Command Classes */
260 sd
->csd
[5] = 0x50 | /* Max. read data block length */
262 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
263 ((csize
>> 10) & 0x03);
264 sd
->csd
[7] = 0x00 | /* Device size */
265 ((csize
>> 2) & 0xff);
266 sd
->csd
[8] = 0x3f | /* Max. read current */
267 ((csize
<< 6) & 0xc0);
268 sd
->csd
[9] = 0xfc | /* Max. write current */
269 ((CMULT_SHIFT
- 2) >> 1);
270 sd
->csd
[10] = 0x40 | /* Erase sector size */
271 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
272 sd
->csd
[11] = 0x00 | /* Write protect group size */
273 ((sectsize
<< 7) & 0x80) | wpsize
;
274 sd
->csd
[12] = 0x90 | /* Write speed factor */
275 (HWBLOCK_SHIFT
>> 2);
276 sd
->csd
[13] = 0x20 | /* Max. write data block length */
277 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
278 sd
->csd
[14] = 0x00; /* File format group */
279 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
282 static void sd_set_rca(SDState
*sd
)
287 #define CARD_STATUS_A 0x02004100
288 #define CARD_STATUS_B 0x00c01e00
289 #define CARD_STATUS_C 0xfd39a028
291 static void sd_set_cardstatus(SDState
*sd
)
293 sd
->card_status
= 0x00000100;
296 static void sd_set_sdstatus(SDState
*sd
)
298 memset(sd
->sd_status
, 0, 64);
301 static int sd_req_crc_validate(struct sd_request_s
*req
)
304 buffer
[0] = 0x40 | req
->cmd
;
305 buffer
[1] = (req
->arg
>> 24) & 0xff;
306 buffer
[2] = (req
->arg
>> 16) & 0xff;
307 buffer
[3] = (req
->arg
>> 8) & 0xff;
308 buffer
[4] = (req
->arg
>> 0) & 0xff;
310 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
313 static void sd_response_r1_make(SDState
*sd
,
314 uint8_t *response
, uint32_t last_status
)
316 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
319 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
320 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
322 response
[0] = (status
>> 24) & 0xff;
323 response
[1] = (status
>> 16) & 0xff;
324 response
[2] = (status
>> 8) & 0xff;
325 response
[3] = (status
>> 0) & 0xff;
328 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
330 response
[0] = (sd
->ocr
>> 24) & 0xff;
331 response
[1] = (sd
->ocr
>> 16) & 0xff;
332 response
[2] = (sd
->ocr
>> 8) & 0xff;
333 response
[3] = (sd
->ocr
>> 0) & 0xff;
336 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
342 status
= ((sd
->card_status
>> 8) & 0xc000) |
343 ((sd
->card_status
>> 6) & 0x2000) |
344 (sd
->card_status
& 0x1fff);
346 response
[0] = (arg
>> 8) & 0xff;
347 response
[1] = arg
& 0xff;
348 response
[2] = (status
>> 8) & 0xff;
349 response
[3] = status
& 0xff;
352 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
357 bdrv_get_geometry(bdrv
, §
);
360 if (sect
> 0x40000000)
361 size
= 0x40000000; /* 1 gig */
365 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
367 sd
->state
= sd_idle_state
;
372 sd_set_csd(sd
, size
);
373 sd_set_cardstatus(sd
);
379 qemu_free(sd
->wp_groups
);
380 sd
->wp_switch
= bdrv_is_read_only(bdrv
);
381 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
382 memset(sd
->function_group
, 0, sizeof(int) * 6);
390 static void sd_cardchange(void *opaque
)
392 SDState
*sd
= opaque
;
393 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
394 if (bdrv_is_inserted(sd
->bdrv
)) {
395 sd_reset(sd
, sd
->bdrv
);
396 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
400 /* We do not model the chip select pin, so allow the board to select
401 whether card should be in SSI or MMC/SD mode. It is also up to the
402 board to ensure that ssi transfers only occur when the chip select
404 SDState
*sd_init(BlockDriverState
*bs
, int is_spi
)
408 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
409 sd
->buf
= qemu_memalign(512, 512);
412 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
416 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
418 sd
->readonly_cb
= readonly
;
419 sd
->inserted_cb
= insert
;
420 qemu_set_irq(readonly
, bdrv_is_read_only(sd
->bdrv
));
421 qemu_set_irq(insert
, bdrv_is_inserted(sd
->bdrv
));
424 static void sd_erase(SDState
*sd
)
427 if (!sd
->erase_start
|| !sd
->erase_end
) {
428 sd
->card_status
|= ERASE_SEQ_ERROR
;
432 start
= sd
->erase_start
>>
433 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
434 end
= sd
->erase_end
>>
435 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
440 for (i
= start
; i
<= end
; i
++)
441 if (sd
->wp_groups
[i
])
442 sd
->card_status
|= WP_ERASE_SKIP
;
445 static uint32_t sd_wpbits(SDState
*sd
, uint32_t addr
)
450 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
452 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
453 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
459 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
461 int i
, mode
, new_func
, crc
;
462 mode
= !!(arg
& 0x80000000);
464 sd
->data
[0] = 0x00; /* Maximum current consumption */
466 sd
->data
[2] = 0x80; /* Supported group 6 functions */
468 sd
->data
[4] = 0x80; /* Supported group 5 functions */
470 sd
->data
[6] = 0x80; /* Supported group 4 functions */
472 sd
->data
[8] = 0x80; /* Supported group 3 functions */
474 sd
->data
[10] = 0x80; /* Supported group 2 functions */
476 sd
->data
[12] = 0x80; /* Supported group 1 functions */
478 for (i
= 0; i
< 6; i
++) {
479 new_func
= (arg
>> (i
* 4)) & 0x0f;
480 if (mode
&& new_func
!= 0x0f)
481 sd
->function_group
[i
] = new_func
;
482 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
484 memset(&sd
->data
[17], 0, 47);
485 crc
= sd_crc16(sd
->data
, 64);
486 sd
->data
[65] = crc
>> 8;
487 sd
->data
[66] = crc
& 0xff;
490 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
492 return sd
->wp_groups
[addr
>>
493 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
496 static void sd_lock_command(SDState
*sd
)
498 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
499 erase
= !!(sd
->data
[0] & 0x08);
500 lock
= sd
->data
[0] & 0x04;
501 clr_pwd
= sd
->data
[0] & 0x02;
502 set_pwd
= sd
->data
[0] & 0x01;
505 pwd_len
= sd
->data
[1];
510 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
511 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
512 (sd
->csd
[14] & 0x20)) {
513 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
516 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
517 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
518 sd
->csd
[14] &= ~0x10;
519 sd
->card_status
&= ~CARD_IS_LOCKED
;
521 /* Erasing the entire card here! */
522 printf("SD: Card force-erased by CMD42\n");
526 if (sd
->blk_len
< 2 + pwd_len
||
527 pwd_len
<= sd
->pwd_len
||
528 pwd_len
> sd
->pwd_len
+ 16) {
529 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
533 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
534 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
538 pwd_len
-= sd
->pwd_len
;
539 if ((pwd_len
&& !set_pwd
) ||
540 (clr_pwd
&& (set_pwd
|| lock
)) ||
541 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
542 (!set_pwd
&& !clr_pwd
&&
543 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
544 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
545 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
550 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
551 sd
->pwd_len
= pwd_len
;
559 sd
->card_status
|= CARD_IS_LOCKED
;
561 sd
->card_status
&= ~CARD_IS_LOCKED
;
564 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
565 struct sd_request_s req
)
567 uint32_t rca
= 0x0000;
569 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
572 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
574 /* Basic commands (Class 0 and Class 1) */
575 case 0: /* CMD0: GO_IDLE_STATE */
577 case sd_inactive_state
:
578 return sd
->spi
? sd_r1
: sd_r0
;
581 sd
->state
= sd_idle_state
;
582 sd_reset(sd
, sd
->bdrv
);
583 return sd
->spi
? sd_r1
: sd_r0
;
587 case 1: /* CMD1: SEND_OP_CMD */
591 sd
->state
= sd_transfer_state
;
594 case 2: /* CMD2: ALL_SEND_CID */
599 sd
->state
= sd_identification_state
;
607 case 3: /* CMD3: SEND_RELATIVE_ADDR */
611 case sd_identification_state
:
612 case sd_standby_state
:
613 sd
->state
= sd_standby_state
;
622 case 4: /* CMD4: SEND_DSR */
626 case sd_standby_state
:
634 case 6: /* CMD6: SWITCH_FUNCTION */
638 case sd_data_transfer_mode
:
639 sd_function_switch(sd
, req
.arg
);
640 sd
->state
= sd_sendingdata_state
;
650 case 7: /* CMD7: SELECT/DESELECT_CARD */
654 case sd_standby_state
:
658 sd
->state
= sd_transfer_state
;
661 case sd_transfer_state
:
662 case sd_sendingdata_state
:
666 sd
->state
= sd_standby_state
;
669 case sd_disconnect_state
:
673 sd
->state
= sd_programming_state
;
676 case sd_programming_state
:
680 sd
->state
= sd_disconnect_state
;
688 case 9: /* CMD9: SEND_CSD */
690 case sd_standby_state
:
696 case sd_transfer_state
:
699 sd
->state
= sd_sendingdata_state
;
700 memcpy(sd
->data
, sd
->csd
, 16);
701 sd
->data_start
= req
.arg
;
710 case 10: /* CMD10: SEND_CID */
712 case sd_standby_state
:
718 case sd_transfer_state
:
721 sd
->state
= sd_sendingdata_state
;
722 memcpy(sd
->data
, sd
->cid
, 16);
723 sd
->data_start
= req
.arg
;
732 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
736 case sd_transfer_state
:
737 sd
->state
= sd_sendingdata_state
;
738 sd
->data_start
= req
.arg
;
741 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
742 sd
->card_status
|= ADDRESS_ERROR
;
750 case 12: /* CMD12: STOP_TRANSMISSION */
752 case sd_sendingdata_state
:
753 sd
->state
= sd_transfer_state
;
756 case sd_receivingdata_state
:
757 sd
->state
= sd_programming_state
;
758 /* Bzzzzzzztt .... Operation complete. */
759 sd
->state
= sd_transfer_state
;
767 case 13: /* CMD13: SEND_STATUS */
769 case sd_data_transfer_mode
:
780 case 15: /* CMD15: GO_INACTIVE_STATE */
784 case sd_data_transfer_mode
:
788 sd
->state
= sd_inactive_state
;
796 /* Block read commands (Classs 2) */
797 case 16: /* CMD16: SET_BLOCKLEN */
799 case sd_transfer_state
:
800 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
801 sd
->card_status
|= BLOCK_LEN_ERROR
;
803 sd
->blk_len
= req
.arg
;
812 case 17: /* CMD17: READ_SINGLE_BLOCK */
814 case sd_transfer_state
:
815 sd
->state
= sd_sendingdata_state
;
816 sd
->data_start
= req
.arg
;
819 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
820 sd
->card_status
|= ADDRESS_ERROR
;
828 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
830 case sd_transfer_state
:
831 sd
->state
= sd_sendingdata_state
;
832 sd
->data_start
= req
.arg
;
835 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
836 sd
->card_status
|= ADDRESS_ERROR
;
844 /* Block write commands (Class 4) */
845 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
847 goto unimplemented_cmd
;
849 case sd_transfer_state
:
850 /* Writing in SPI mode not implemented. */
853 sd
->state
= sd_receivingdata_state
;
854 sd
->data_start
= req
.arg
;
858 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
859 sd
->card_status
|= ADDRESS_ERROR
;
860 if (sd_wp_addr(sd
, sd
->data_start
))
861 sd
->card_status
|= WP_VIOLATION
;
862 if (sd
->csd
[14] & 0x30)
863 sd
->card_status
|= WP_VIOLATION
;
871 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
873 goto unimplemented_cmd
;
875 case sd_transfer_state
:
876 /* Writing in SPI mode not implemented. */
879 sd
->state
= sd_receivingdata_state
;
880 sd
->data_start
= req
.arg
;
884 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
885 sd
->card_status
|= ADDRESS_ERROR
;
886 if (sd_wp_addr(sd
, sd
->data_start
))
887 sd
->card_status
|= WP_VIOLATION
;
888 if (sd
->csd
[14] & 0x30)
889 sd
->card_status
|= WP_VIOLATION
;
897 case 26: /* CMD26: PROGRAM_CID */
901 case sd_transfer_state
:
902 sd
->state
= sd_receivingdata_state
;
912 case 27: /* CMD27: PROGRAM_CSD */
914 goto unimplemented_cmd
;
916 case sd_transfer_state
:
917 sd
->state
= sd_receivingdata_state
;
927 /* Write protection (Class 6) */
928 case 28: /* CMD28: SET_WRITE_PROT */
930 case sd_transfer_state
:
931 if (req
.arg
>= sd
->size
) {
932 sd
->card_status
= ADDRESS_ERROR
;
936 sd
->state
= sd_programming_state
;
937 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
938 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
939 /* Bzzzzzzztt .... Operation complete. */
940 sd
->state
= sd_transfer_state
;
948 case 29: /* CMD29: CLR_WRITE_PROT */
950 case sd_transfer_state
:
951 if (req
.arg
>= sd
->size
) {
952 sd
->card_status
= ADDRESS_ERROR
;
956 sd
->state
= sd_programming_state
;
957 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
958 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
959 /* Bzzzzzzztt .... Operation complete. */
960 sd
->state
= sd_transfer_state
;
968 case 30: /* CMD30: SEND_WRITE_PROT */
970 case sd_transfer_state
:
971 sd
->state
= sd_sendingdata_state
;
972 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
973 sd
->data_start
= req
.arg
;
982 /* Erase commands (Class 5) */
983 case 32: /* CMD32: ERASE_WR_BLK_START */
985 case sd_transfer_state
:
986 sd
->erase_start
= req
.arg
;
994 case 33: /* CMD33: ERASE_WR_BLK_END */
996 case sd_transfer_state
:
997 sd
->erase_end
= req
.arg
;
1005 case 38: /* CMD38: ERASE */
1006 switch (sd
->state
) {
1007 case sd_transfer_state
:
1008 if (sd
->csd
[14] & 0x30) {
1009 sd
->card_status
|= WP_VIOLATION
;
1013 sd
->state
= sd_programming_state
;
1015 /* Bzzzzzzztt .... Operation complete. */
1016 sd
->state
= sd_transfer_state
;
1024 /* Lock card commands (Class 7) */
1025 case 42: /* CMD42: LOCK_UNLOCK */
1027 goto unimplemented_cmd
;
1028 switch (sd
->state
) {
1029 case sd_transfer_state
:
1030 sd
->state
= sd_receivingdata_state
;
1032 sd
->data_offset
= 0;
1040 /* Application specific commands (Class 8) */
1041 case 55: /* CMD55: APP_CMD */
1045 sd
->card_status
|= APP_CMD
;
1048 case 56: /* CMD56: GEN_CMD */
1049 printf("SD: GEN_CMD 0x%08x\n", req
.arg
);
1051 switch (sd
->state
) {
1052 case sd_transfer_state
:
1053 sd
->data_offset
= 0;
1055 sd
->state
= sd_sendingdata_state
;
1057 sd
->state
= sd_receivingdata_state
;
1067 sd
->card_status
|= ILLEGAL_COMMAND
;
1069 printf("SD: Unknown CMD%i\n", req
.cmd
);
1073 /* Commands that are recognised but not yet implemented in SPI mode. */
1074 sd
->card_status
|= ILLEGAL_COMMAND
;
1075 printf ("SD: CMD%i not implemented in SPI mode\n", req
.cmd
);
1079 sd
->card_status
|= ILLEGAL_COMMAND
;
1080 printf("SD: CMD%i in a wrong state\n", req
.cmd
);
1084 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1085 struct sd_request_s req
) {
1088 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
1089 rca
= req
.arg
>> 16;
1091 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1093 case 6: /* ACMD6: SET_BUS_WIDTH */
1094 switch (sd
->state
) {
1095 case sd_transfer_state
:
1096 sd
->sd_status
[0] &= 0x3f;
1097 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1105 case 13: /* ACMD13: SD_STATUS */
1106 switch (sd
->state
) {
1107 case sd_transfer_state
:
1109 sd
->data_offset
= 0;
1117 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1118 switch (sd
->state
) {
1119 case sd_transfer_state
:
1120 *(uint32_t *) sd
->data
= sd
->blk_written
;
1123 sd
->data_offset
= 0;
1131 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1132 switch (sd
->state
) {
1133 case sd_transfer_state
:
1141 case 41: /* ACMD41: SD_APP_OP_COND */
1144 sd
->state
= sd_transfer_state
;
1147 switch (sd
->state
) {
1149 /* We accept any voltage. 10000 V is nothing. */
1151 sd
->state
= sd_ready_state
;
1160 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1161 switch (sd
->state
) {
1162 case sd_transfer_state
:
1163 /* Bringing in the 50KOhm pull-up resistor... Done. */
1171 case 51: /* ACMD51: SEND_SCR */
1172 switch (sd
->state
) {
1173 case sd_transfer_state
:
1174 sd
->state
= sd_sendingdata_state
;
1176 sd
->data_offset
= 0;
1185 /* Fall back to standard commands. */
1186 sd
->card_status
&= ~APP_CMD
;
1187 return sd_normal_command(sd
, req
);
1190 printf("SD: ACMD%i in a wrong state\n", req
.cmd
);
1194 int sd_do_command(SDState
*sd
, struct sd_request_s
*req
,
1195 uint8_t *response
) {
1196 uint32_t last_status
= sd
->card_status
;
1197 sd_rsp_type_t rtype
;
1200 if (!bdrv_is_inserted(sd
->bdrv
)) {
1204 if (sd_req_crc_validate(req
)) {
1205 sd
->card_status
&= ~COM_CRC_ERROR
;
1209 sd
->card_status
&= ~CARD_STATUS_B
;
1212 if (last_status
& CARD_IS_LOCKED
)
1213 if (((last_status
& APP_CMD
) &&
1215 (!(last_status
& APP_CMD
) &&
1216 (sd_cmd_class
[req
->cmd
] == 0 ||
1217 sd_cmd_class
[req
->cmd
] == 7 ||
1218 req
->cmd
== 16 || req
->cmd
== 55))) {
1219 sd
->card_status
|= ILLEGAL_COMMAND
;
1220 printf("SD: Card is locked\n");
1224 if (last_status
& APP_CMD
) {
1225 rtype
= sd_app_command(sd
, *req
);
1226 sd
->card_status
&= ~APP_CMD
;
1228 rtype
= sd_normal_command(sd
, *req
);
1230 sd
->current_cmd
= req
->cmd
;
1235 sd_response_r1_make(sd
, response
, last_status
);
1240 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1246 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1252 sd_response_r3_make(sd
, response
);
1257 sd_response_r6_make(sd
, response
);
1267 if (sd
->card_status
& ILLEGAL_COMMAND
)
1273 DPRINTF("Response:");
1274 for (i
= 0; i
< rsplen
; i
++)
1275 printf(" %02x", response
[i
]);
1276 printf(" state %d\n", sd
->state
);
1278 DPRINTF("No response %d\n", sd
->state
);
1285 /* No real need for 64 bit addresses here */
1286 static void sd_blk_read(SDState
*sd
, uint32_t addr
, uint32_t len
)
1288 uint32_t end
= addr
+ len
;
1290 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1291 printf("sd_blk_read: read error on host side\n");
1295 if (end
> (addr
& ~511) + 512) {
1296 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), 512 - (addr
& 511));
1298 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1299 printf("sd_blk_read: read error on host side\n");
1302 memcpy(sd
->data
+ 512 - (addr
& 511), sd
->buf
, end
& 511);
1304 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), len
);
1307 static void sd_blk_write(SDState
*sd
, uint32_t addr
, uint32_t len
)
1309 uint32_t end
= addr
+ len
;
1311 if ((addr
& 511) || len
< 512)
1312 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1313 printf("sd_blk_write: read error on host side\n");
1317 if (end
> (addr
& ~511) + 512) {
1318 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, 512 - (addr
& 511));
1319 if (bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1320 printf("sd_blk_write: write error on host side\n");
1324 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1325 printf("sd_blk_write: read error on host side\n");
1328 memcpy(sd
->buf
, sd
->data
+ 512 - (addr
& 511), end
& 511);
1329 if (bdrv_write(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1)
1330 printf("sd_blk_write: write error on host side\n");
1332 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, len
);
1333 if (!sd
->bdrv
|| bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1)
1334 printf("sd_blk_write: write error on host side\n");
1338 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1339 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1340 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1341 #define APP_WRITE_BLOCK(a, len)
1343 void sd_write_data(SDState
*sd
, uint8_t value
)
1347 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1350 if (sd
->state
!= sd_receivingdata_state
) {
1351 printf("sd_write_data: not in Receiving-Data state\n");
1355 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1358 switch (sd
->current_cmd
) {
1359 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1360 sd
->data
[sd
->data_offset
++] = value
;
1361 if (sd
->data_offset
>= sd
->blk_len
) {
1362 /* TODO: Check CRC before committing */
1363 sd
->state
= sd_programming_state
;
1364 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1366 sd
->csd
[14] |= 0x40;
1367 /* Bzzzzzzztt .... Operation complete. */
1368 sd
->state
= sd_transfer_state
;
1372 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1373 sd
->data
[sd
->data_offset
++] = value
;
1374 if (sd
->data_offset
>= sd
->blk_len
) {
1375 /* TODO: Check CRC before committing */
1376 sd
->state
= sd_programming_state
;
1377 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1379 sd
->data_start
+= sd
->blk_len
;
1380 sd
->data_offset
= 0;
1381 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1382 sd
->card_status
|= ADDRESS_ERROR
;
1385 if (sd_wp_addr(sd
, sd
->data_start
)) {
1386 sd
->card_status
|= WP_VIOLATION
;
1389 sd
->csd
[14] |= 0x40;
1391 /* Bzzzzzzztt .... Operation complete. */
1392 sd
->state
= sd_receivingdata_state
;
1396 case 26: /* CMD26: PROGRAM_CID */
1397 sd
->data
[sd
->data_offset
++] = value
;
1398 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1399 /* TODO: Check CRC before committing */
1400 sd
->state
= sd_programming_state
;
1401 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1402 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1403 sd
->card_status
|= CID_CSD_OVERWRITE
;
1405 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1406 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1408 sd
->cid
[i
] &= sd
->data
[i
];
1410 /* Bzzzzzzztt .... Operation complete. */
1411 sd
->state
= sd_transfer_state
;
1415 case 27: /* CMD27: PROGRAM_CSD */
1416 sd
->data
[sd
->data_offset
++] = value
;
1417 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1418 /* TODO: Check CRC before committing */
1419 sd
->state
= sd_programming_state
;
1420 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1421 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1422 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1423 sd
->card_status
|= CID_CSD_OVERWRITE
;
1425 /* Copy flag (OTP) & Permanent write protect */
1426 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1427 sd
->card_status
|= CID_CSD_OVERWRITE
;
1429 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1430 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1431 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1432 sd
->csd
[i
] &= sd
->data
[i
];
1434 /* Bzzzzzzztt .... Operation complete. */
1435 sd
->state
= sd_transfer_state
;
1439 case 42: /* CMD42: LOCK_UNLOCK */
1440 sd
->data
[sd
->data_offset
++] = value
;
1441 if (sd
->data_offset
>= sd
->blk_len
) {
1442 /* TODO: Check CRC before committing */
1443 sd
->state
= sd_programming_state
;
1444 sd_lock_command(sd
);
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd
->state
= sd_transfer_state
;
1450 case 56: /* CMD56: GEN_CMD */
1451 sd
->data
[sd
->data_offset
++] = value
;
1452 if (sd
->data_offset
>= sd
->blk_len
) {
1453 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1454 sd
->state
= sd_transfer_state
;
1459 printf("sd_write_data: unknown command\n");
1464 uint8_t sd_read_data(SDState
*sd
)
1466 /* TODO: Append CRCs */
1469 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1472 if (sd
->state
!= sd_sendingdata_state
) {
1473 printf("sd_read_data: not in Sending-Data state\n");
1477 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1480 switch (sd
->current_cmd
) {
1481 case 6: /* CMD6: SWITCH_FUNCTION */
1482 ret
= sd
->data
[sd
->data_offset
++];
1484 if (sd
->data_offset
>= 64)
1485 sd
->state
= sd_transfer_state
;
1488 case 9: /* CMD9: SEND_CSD */
1489 case 10: /* CMD10: SEND_CID */
1490 ret
= sd
->data
[sd
->data_offset
++];
1492 if (sd
->data_offset
>= 16)
1493 sd
->state
= sd_transfer_state
;
1496 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1497 if (sd
->data_offset
== 0)
1498 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1499 ret
= sd
->data
[sd
->data_offset
++];
1501 if (sd
->data_offset
>= sd
->blk_len
) {
1502 sd
->data_start
+= sd
->blk_len
;
1503 sd
->data_offset
= 0;
1504 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1505 sd
->card_status
|= ADDRESS_ERROR
;
1511 case 13: /* ACMD13: SD_STATUS */
1512 ret
= sd
->sd_status
[sd
->data_offset
++];
1514 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1515 sd
->state
= sd_transfer_state
;
1518 case 17: /* CMD17: READ_SINGLE_BLOCK */
1519 if (sd
->data_offset
== 0)
1520 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1521 ret
= sd
->data
[sd
->data_offset
++];
1523 if (sd
->data_offset
>= sd
->blk_len
)
1524 sd
->state
= sd_transfer_state
;
1527 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1528 if (sd
->data_offset
== 0)
1529 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1530 ret
= sd
->data
[sd
->data_offset
++];
1532 if (sd
->data_offset
>= sd
->blk_len
) {
1533 sd
->data_start
+= sd
->blk_len
;
1534 sd
->data_offset
= 0;
1535 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1536 sd
->card_status
|= ADDRESS_ERROR
;
1542 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1543 ret
= sd
->data
[sd
->data_offset
++];
1545 if (sd
->data_offset
>= 4)
1546 sd
->state
= sd_transfer_state
;
1549 case 30: /* CMD30: SEND_WRITE_PROT */
1550 ret
= sd
->data
[sd
->data_offset
++];
1552 if (sd
->data_offset
>= 4)
1553 sd
->state
= sd_transfer_state
;
1556 case 51: /* ACMD51: SEND_SCR */
1557 ret
= sd
->scr
[sd
->data_offset
++];
1559 if (sd
->data_offset
>= sizeof(sd
->scr
))
1560 sd
->state
= sd_transfer_state
;
1563 case 56: /* CMD56: GEN_CMD */
1564 if (sd
->data_offset
== 0)
1565 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1566 ret
= sd
->data
[sd
->data_offset
++];
1568 if (sd
->data_offset
>= sd
->blk_len
)
1569 sd
->state
= sd_transfer_state
;
1573 printf("sd_read_data: unknown command\n");
1580 int sd_data_ready(SDState
*sd
)
1582 return sd
->state
== sd_sendingdata_state
;