2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { printf("SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0
= 0, /* no response */
47 sd_r1
, /* normal response command */
48 sd_r2_i
, /* CID register */
49 sd_r2_s
, /* CSD register */
50 sd_r3
, /* OCR register */
51 sd_r6
= 6, /* Published RCA response */
58 sd_card_identification_mode
,
59 sd_data_transfer_mode
,
62 sd_inactive_state
= -1,
65 sd_identification_state
,
69 sd_receivingdata_state
,
79 uint8_t sd_status
[64];
88 int function_group
[6];
97 BlockDriverState
*bdrv
;
100 static void sd_set_status(SDState
*sd
)
103 case sd_inactive_state
:
104 sd
->mode
= sd_inactive
;
109 case sd_identification_state
:
110 sd
->mode
= sd_card_identification_mode
;
113 case sd_standby_state
:
114 case sd_transfer_state
:
115 case sd_sendingdata_state
:
116 case sd_receivingdata_state
:
117 case sd_programming_state
:
118 case sd_disconnect_state
:
119 sd
->mode
= sd_data_transfer_mode
;
123 sd
->card_status
&= ~CURRENT_STATE
;
124 sd
->card_status
|= sd
->state
<< 9;
127 const sd_cmd_type_t sd_cmd_type
[64] = {
128 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
129 sd_none
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
130 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
131 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
132 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
133 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
134 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
135 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
138 const sd_cmd_type_t sd_acmd_type
[64] = {
139 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
140 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
142 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
143 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
144 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
145 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
146 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
149 static const int sd_cmd_class
[64] = {
150 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
151 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
152 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
153 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
156 static uint8_t sd_crc7(void *message
, size_t width
)
159 uint8_t shift_reg
= 0x00;
160 uint8_t *msg
= (uint8_t *) message
;
162 for (i
= 0; i
< width
; i
++, msg
++)
163 for (bit
= 7; bit
>= 0; bit
--) {
165 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
172 static uint16_t sd_crc16(void *message
, size_t width
)
175 uint16_t shift_reg
= 0x0000;
176 uint16_t *msg
= (uint16_t *) message
;
179 for (i
= 0; i
< width
; i
++, msg
++)
180 for (bit
= 15; bit
>= 0; bit
--) {
182 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
189 static void sd_set_ocr(SDState
*sd
)
191 sd
->ocr
= 0x80fffff0;
194 static void sd_set_scr(SDState
*sd
)
196 sd
->scr
[0] = 0x00; /* SCR Structure */
197 sd
->scr
[1] = 0x2f; /* SD Security Support */
213 static void sd_set_cid(SDState
*sd
)
215 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
216 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
218 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
223 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
224 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
228 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
229 ((MDT_YR
- 2000) / 10);
230 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
231 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
234 #define HWBLOCK_SHIFT 9 /* 512 bytes */
235 #define SECTOR_SHIFT 5 /* 16 kilobytes */
236 #define WPGROUP_SHIFT 7 /* 2 megs */
237 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
238 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
239 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
240 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
242 static const uint8_t sd_csd_rw_mask
[16] = {
243 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
247 static void sd_set_csd(SDState
*sd
, uint32_t size
)
249 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
250 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
251 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
253 sd
->csd
[0] = 0x00; /* CSD structure */
254 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
255 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
256 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
257 sd
->csd
[4] = 0x5f; /* Card Command Classes */
258 sd
->csd
[5] = 0x50 | /* Max. read data block length */
260 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
261 ((csize
>> 10) & 0x03);
262 sd
->csd
[7] = 0x00 | /* Device size */
263 ((csize
>> 2) & 0xff);
264 sd
->csd
[8] = 0x3f | /* Max. read current */
265 ((csize
<< 6) & 0xc0);
266 sd
->csd
[9] = 0xfc | /* Max. write current */
267 ((CMULT_SHIFT
- 2) >> 1);
268 sd
->csd
[10] = 0x40 | /* Erase sector size */
269 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
270 sd
->csd
[11] = 0x00 | /* Write protect group size */
271 ((sectsize
<< 7) & 0x80) | wpsize
;
272 sd
->csd
[12] = 0x90 | /* Write speed factor */
273 (HWBLOCK_SHIFT
>> 2);
274 sd
->csd
[13] = 0x20 | /* Max. write data block length */
275 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
276 sd
->csd
[14] = 0x00; /* File format group */
277 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
280 static void sd_set_rca(SDState
*sd
)
285 #define CARD_STATUS_A 0x02004100
286 #define CARD_STATUS_B 0x00c01e00
287 #define CARD_STATUS_C 0xfd39a028
289 static void sd_set_cardstatus(SDState
*sd
)
291 sd
->card_status
= 0x00000100;
294 static void sd_set_sdstatus(SDState
*sd
)
296 memset(sd
->sd_status
, 0, 64);
299 static int sd_req_crc_validate(struct sd_request_s
*req
)
302 buffer
[0] = 0x40 | req
->cmd
;
303 buffer
[1] = (req
->arg
>> 24) & 0xff;
304 buffer
[2] = (req
->arg
>> 16) & 0xff;
305 buffer
[3] = (req
->arg
>> 8) & 0xff;
306 buffer
[4] = (req
->arg
>> 0) & 0xff;
308 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
311 void sd_response_r1_make(SDState
*sd
,
312 uint8_t *response
, uint32_t last_status
)
314 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
317 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
318 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
320 response
[0] = (status
>> 24) & 0xff;
321 response
[1] = (status
>> 16) & 0xff;
322 response
[2] = (status
>> 8) & 0xff;
323 response
[3] = (status
>> 0) & 0xff;
326 void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
328 response
[0] = (sd
->ocr
>> 24) & 0xff;
329 response
[1] = (sd
->ocr
>> 16) & 0xff;
330 response
[2] = (sd
->ocr
>> 8) & 0xff;
331 response
[3] = (sd
->ocr
>> 0) & 0xff;
334 void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
340 status
= ((sd
->card_status
>> 8) & 0xc000) |
341 ((sd
->card_status
>> 6) & 0x2000) |
342 (sd
->card_status
& 0x1fff);
344 response
[0] = (arg
>> 8) & 0xff;
345 response
[1] = arg
& 0xff;
346 response
[2] = (status
>> 8) & 0xff;
347 response
[3] = status
& 0xff;
350 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
355 bdrv_get_geometry(bdrv
, §
);
358 if (sect
> 0x40000000)
359 size
= 0x40000000; /* 1 gig */
363 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
365 sd
->state
= sd_idle_state
;
370 sd_set_csd(sd
, size
);
371 sd_set_cardstatus(sd
);
377 qemu_free(sd
->wp_groups
);
378 sd
->wp_switch
= bdrv_is_read_only(bdrv
);
379 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
380 memset(sd
->wp_groups
, 0, sizeof(int) * sect
);
381 memset(sd
->function_group
, 0, sizeof(int) * 6);
389 static void sd_cardchange(void *opaque
)
391 SDState
*sd
= opaque
;
392 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
393 if (bdrv_is_inserted(sd
->bdrv
)) {
394 sd_reset(sd
, sd
->bdrv
);
395 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
399 SDState
*sd_init(BlockDriverState
*bs
)
403 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
405 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
409 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
411 sd
->readonly_cb
= readonly
;
412 sd
->inserted_cb
= insert
;
413 qemu_set_irq(readonly
, bdrv_is_read_only(sd
->bdrv
));
414 qemu_set_irq(insert
, bdrv_is_inserted(sd
->bdrv
));
417 static void sd_erase(SDState
*sd
)
420 if (!sd
->erase_start
|| !sd
->erase_end
) {
421 sd
->card_status
|= ERASE_SEQ_ERROR
;
425 start
= sd
->erase_start
>>
426 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
427 end
= sd
->erase_end
>>
428 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
433 for (i
= start
; i
<= end
; i
++)
434 if (sd
->wp_groups
[i
])
435 sd
->card_status
|= WP_ERASE_SKIP
;
438 static uint32_t sd_wpbits(SDState
*sd
, uint32_t addr
)
443 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
445 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
446 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
452 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
454 int i
, mode
, new_func
, crc
;
455 mode
= !!(arg
& 0x80000000);
457 sd
->data
[0] = 0x00; /* Maximum current consumption */
459 sd
->data
[2] = 0x80; /* Supported group 6 functions */
461 sd
->data
[4] = 0x80; /* Supported group 5 functions */
463 sd
->data
[6] = 0x80; /* Supported group 4 functions */
465 sd
->data
[8] = 0x80; /* Supported group 3 functions */
467 sd
->data
[10] = 0x80; /* Supported group 2 functions */
469 sd
->data
[12] = 0x80; /* Supported group 1 functions */
471 for (i
= 0; i
< 6; i
++) {
472 new_func
= (arg
>> (i
* 4)) & 0x0f;
473 if (mode
&& new_func
!= 0x0f)
474 sd
->function_group
[i
] = new_func
;
475 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
477 memset(&sd
->data
[17], 0, 47);
478 crc
= sd_crc16(sd
->data
, 64);
479 sd
->data
[65] = crc
>> 8;
480 sd
->data
[66] = crc
& 0xff;
483 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
485 return sd
->wp_groups
[addr
>>
486 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
489 static void sd_lock_command(SDState
*sd
)
491 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
492 erase
= !!(sd
->data
[0] & 0x08);
493 lock
= sd
->data
[0] & 0x04;
494 clr_pwd
= sd
->data
[0] & 0x02;
495 set_pwd
= sd
->data
[0] & 0x01;
498 pwd_len
= sd
->data
[1];
503 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
504 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
505 (sd
->csd
[14] & 0x20)) {
506 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
509 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
510 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
511 sd
->csd
[14] &= ~0x10;
512 sd
->card_status
&= ~CARD_IS_LOCKED
;
514 /* Erasing the entire card here! */
515 printf("SD: Card force-erased by CMD42\n");
519 if (sd
->blk_len
< 2 + pwd_len
||
520 pwd_len
<= sd
->pwd_len
||
521 pwd_len
> sd
->pwd_len
+ 16) {
522 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
526 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
527 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
531 pwd_len
-= sd
->pwd_len
;
532 if ((pwd_len
&& !set_pwd
) ||
533 (clr_pwd
&& (set_pwd
|| lock
)) ||
534 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
535 (!set_pwd
&& !clr_pwd
&&
536 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
537 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
538 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
543 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
544 sd
->pwd_len
= pwd_len
;
552 sd
->card_status
|= CARD_IS_LOCKED
;
554 sd
->card_status
&= ~CARD_IS_LOCKED
;
557 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
558 struct sd_request_s req
)
560 uint32_t rca
= 0x0000;
562 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
565 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
567 /* Basic commands (Class 0 and Class 1) */
568 case 0: /* CMD0: GO_IDLE_STATE */
570 case sd_inactive_state
:
574 sd
->state
= sd_idle_state
;
575 sd_reset(sd
, sd
->bdrv
);
580 case 2: /* CMD2: ALL_SEND_CID */
583 sd
->state
= sd_identification_state
;
591 case 3: /* CMD3: SEND_RELATIVE_ADDR */
593 case sd_identification_state
:
594 case sd_standby_state
:
595 sd
->state
= sd_standby_state
;
604 case 4: /* CMD4: SEND_DSR */
606 case sd_standby_state
:
614 case 6: /* CMD6: SWITCH_FUNCTION */
616 case sd_data_transfer_mode
:
617 sd_function_switch(sd
, req
.arg
);
618 sd
->state
= sd_sendingdata_state
;
628 case 7: /* CMD7: SELECT/DESELECT_CARD */
630 case sd_standby_state
:
634 sd
->state
= sd_transfer_state
;
637 case sd_transfer_state
:
638 case sd_sendingdata_state
:
642 sd
->state
= sd_standby_state
;
645 case sd_disconnect_state
:
649 sd
->state
= sd_programming_state
;
652 case sd_programming_state
:
656 sd
->state
= sd_disconnect_state
;
664 case 9: /* CMD9: SEND_CSD */
666 case sd_standby_state
:
677 case 10: /* CMD10: SEND_CID */
679 case sd_standby_state
:
690 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
692 case sd_transfer_state
:
693 sd
->state
= sd_sendingdata_state
;
694 sd
->data_start
= req
.arg
;
697 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
698 sd
->card_status
|= ADDRESS_ERROR
;
706 case 12: /* CMD12: STOP_TRANSMISSION */
708 case sd_sendingdata_state
:
709 sd
->state
= sd_transfer_state
;
712 case sd_receivingdata_state
:
713 sd
->state
= sd_programming_state
;
714 /* Bzzzzzzztt .... Operation complete. */
715 sd
->state
= sd_transfer_state
;
723 case 13: /* CMD13: SEND_STATUS */
725 case sd_data_transfer_mode
:
736 case 15: /* CMD15: GO_INACTIVE_STATE */
738 case sd_data_transfer_mode
:
742 sd
->state
= sd_inactive_state
;
750 /* Block read commands (Classs 2) */
751 case 16: /* CMD16: SET_BLOCKLEN */
753 case sd_transfer_state
:
754 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
755 sd
->card_status
|= BLOCK_LEN_ERROR
;
757 sd
->blk_len
= req
.arg
;
766 case 17: /* CMD17: READ_SINGLE_BLOCK */
768 case sd_transfer_state
:
769 sd
->state
= sd_sendingdata_state
;
770 sd
->data_start
= req
.arg
;
773 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
774 sd
->card_status
|= ADDRESS_ERROR
;
782 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
784 case sd_transfer_state
:
785 sd
->state
= sd_sendingdata_state
;
786 sd
->data_start
= req
.arg
;
789 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
790 sd
->card_status
|= ADDRESS_ERROR
;
798 /* Block write commands (Class 4) */
799 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
801 case sd_transfer_state
:
802 sd
->state
= sd_receivingdata_state
;
803 sd
->data_start
= req
.arg
;
807 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
808 sd
->card_status
|= ADDRESS_ERROR
;
809 if (sd_wp_addr(sd
, sd
->data_start
))
810 sd
->card_status
|= WP_VIOLATION
;
811 if (sd
->csd
[14] & 0x30)
812 sd
->card_status
|= WP_VIOLATION
;
820 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
822 case sd_transfer_state
:
823 sd
->state
= sd_receivingdata_state
;
824 sd
->data_start
= req
.arg
;
828 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
829 sd
->card_status
|= ADDRESS_ERROR
;
830 if (sd_wp_addr(sd
, sd
->data_start
))
831 sd
->card_status
|= WP_VIOLATION
;
832 if (sd
->csd
[14] & 0x30)
833 sd
->card_status
|= WP_VIOLATION
;
841 case 26: /* CMD26: PROGRAM_CID */
843 case sd_transfer_state
:
844 sd
->state
= sd_receivingdata_state
;
854 case 27: /* CMD27: PROGRAM_CSD */
856 case sd_transfer_state
:
857 sd
->state
= sd_receivingdata_state
;
867 /* Write protection (Class 6) */
868 case 28: /* CMD28: SET_WRITE_PROT */
870 case sd_transfer_state
:
871 if (req
.arg
>= sd
->size
) {
872 sd
->card_status
= ADDRESS_ERROR
;
876 sd
->state
= sd_programming_state
;
877 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
878 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
879 /* Bzzzzzzztt .... Operation complete. */
880 sd
->state
= sd_transfer_state
;
888 case 29: /* CMD29: CLR_WRITE_PROT */
890 case sd_transfer_state
:
891 if (req
.arg
>= sd
->size
) {
892 sd
->card_status
= ADDRESS_ERROR
;
896 sd
->state
= sd_programming_state
;
897 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
898 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
899 /* Bzzzzzzztt .... Operation complete. */
900 sd
->state
= sd_transfer_state
;
908 case 30: /* CMD30: SEND_WRITE_PROT */
910 case sd_transfer_state
:
911 sd
->state
= sd_sendingdata_state
;
912 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
913 sd
->data_start
= req
.arg
;
922 /* Erase commands (Class 5) */
923 case 32: /* CMD32: ERASE_WR_BLK_START */
925 case sd_transfer_state
:
926 sd
->erase_start
= req
.arg
;
934 case 33: /* CMD33: ERASE_WR_BLK_END */
936 case sd_transfer_state
:
937 sd
->erase_end
= req
.arg
;
945 case 38: /* CMD38: ERASE */
947 case sd_transfer_state
:
948 if (sd
->csd
[14] & 0x30) {
949 sd
->card_status
|= WP_VIOLATION
;
953 sd
->state
= sd_programming_state
;
955 /* Bzzzzzzztt .... Operation complete. */
956 sd
->state
= sd_transfer_state
;
964 /* Lock card commands (Class 7) */
965 case 42: /* CMD42: LOCK_UNLOCK */
967 case sd_transfer_state
:
968 sd
->state
= sd_receivingdata_state
;
978 /* Application specific commands (Class 8) */
979 case 55: /* CMD55: APP_CMD */
983 sd
->card_status
|= APP_CMD
;
986 case 56: /* CMD56: GEN_CMD */
987 printf("SD: GEN_CMD 0x%08x\n", req
.arg
);
990 case sd_transfer_state
:
993 sd
->state
= sd_sendingdata_state
;
995 sd
->state
= sd_receivingdata_state
;
1004 sd
->card_status
|= ILLEGAL_COMMAND
;
1006 printf("SD: Unknown CMD%i\n", req
.cmd
);
1010 sd
->card_status
|= ILLEGAL_COMMAND
;
1011 printf("SD: CMD%i in a wrong state\n", req
.cmd
);
1015 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1016 struct sd_request_s req
) {
1019 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
1020 rca
= req
.arg
>> 16;
1022 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1024 case 6: /* ACMD6: SET_BUS_WIDTH */
1025 switch (sd
->state
) {
1026 case sd_transfer_state
:
1027 sd
->sd_status
[0] &= 0x3f;
1028 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1036 case 13: /* ACMD13: SD_STATUS */
1037 switch (sd
->state
) {
1038 case sd_transfer_state
:
1040 sd
->data_offset
= 0;
1048 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1049 switch (sd
->state
) {
1050 case sd_transfer_state
:
1051 *(uint32_t *) sd
->data
= sd
->blk_written
;
1054 sd
->data_offset
= 0;
1062 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1063 switch (sd
->state
) {
1064 case sd_transfer_state
:
1072 case 41: /* ACMD41: SD_APP_OP_COND */
1073 switch (sd
->state
) {
1075 /* We accept any voltage. 10000 V is nothing. */
1077 sd
->state
= sd_ready_state
;
1086 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1087 switch (sd
->state
) {
1088 case sd_transfer_state
:
1089 /* Bringing in the 50KOhm pull-up resistor... Done. */
1097 case 51: /* ACMD51: SEND_SCR */
1098 switch (sd
->state
) {
1099 case sd_transfer_state
:
1100 sd
->state
= sd_sendingdata_state
;
1102 sd
->data_offset
= 0;
1111 /* Fall back to standard commands. */
1112 sd
->card_status
&= ~APP_CMD
;
1113 return sd_normal_command(sd
, req
);
1116 printf("SD: ACMD%i in a wrong state\n", req
.cmd
);
1120 int sd_do_command(SDState
*sd
, struct sd_request_s
*req
,
1121 uint8_t *response
) {
1122 uint32_t last_status
= sd
->card_status
;
1123 sd_rsp_type_t rtype
;
1126 if (!bdrv_is_inserted(sd
->bdrv
)) {
1130 if (sd_req_crc_validate(req
)) {
1131 sd
->card_status
&= ~COM_CRC_ERROR
;
1135 sd
->card_status
&= ~CARD_STATUS_B
;
1138 if (last_status
& CARD_IS_LOCKED
)
1139 if (((last_status
& APP_CMD
) &&
1141 (!(last_status
& APP_CMD
) &&
1142 (sd_cmd_class
[req
->cmd
] == 0 ||
1143 sd_cmd_class
[req
->cmd
] == 7 ||
1144 req
->cmd
== 16 || req
->cmd
== 55))) {
1145 sd
->card_status
|= ILLEGAL_COMMAND
;
1146 printf("SD: Card is locked\n");
1150 if (last_status
& APP_CMD
) {
1151 rtype
= sd_app_command(sd
, *req
);
1152 sd
->card_status
&= ~APP_CMD
;
1154 rtype
= sd_normal_command(sd
, *req
);
1156 sd
->current_cmd
= req
->cmd
;
1161 sd_response_r1_make(sd
, response
, last_status
);
1166 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1172 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1178 sd_response_r3_make(sd
, response
);
1183 sd_response_r6_make(sd
, response
);
1193 if (sd
->card_status
& ILLEGAL_COMMAND
)
1199 DPRINTF("Response:");
1200 for (i
= 0; i
< rsplen
; i
++)
1201 printf(" %02x", response
[i
]);
1202 printf(" state %d\n", sd
->state
);
1204 DPRINTF("No response %d\n", sd
->state
);
1211 /* No real need for 64 bit addresses here */
1212 static void sd_blk_read(BlockDriverState
*bdrv
,
1213 void *data
, uint32_t addr
, uint32_t len
)
1216 uint32_t end
= addr
+ len
;
1218 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1219 printf("sd_blk_read: read error on host side\n");
1223 if (end
> (addr
& ~511) + 512) {
1224 memcpy(data
, buf
+ (addr
& 511), 512 - (addr
& 511));
1226 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1227 printf("sd_blk_read: read error on host side\n");
1230 memcpy(data
+ 512 - (addr
& 511), buf
, end
& 511);
1232 memcpy(data
, buf
+ (addr
& 511), len
);
1235 static void sd_blk_write(BlockDriverState
*bdrv
,
1236 void *data
, uint32_t addr
, uint32_t len
)
1239 uint32_t end
= addr
+ len
;
1241 if ((addr
& 511) || len
< 512)
1242 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1243 printf("sd_blk_write: read error on host side\n");
1247 if (end
> (addr
& ~511) + 512) {
1248 memcpy(buf
+ (addr
& 511), data
, 512 - (addr
& 511));
1249 if (bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1) {
1250 printf("sd_blk_write: write error on host side\n");
1254 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1255 printf("sd_blk_write: read error on host side\n");
1258 memcpy(buf
, data
+ 512 - (addr
& 511), end
& 511);
1259 if (bdrv_write(bdrv
, end
>> 9, buf
, 1) == -1)
1260 printf("sd_blk_write: write error on host side\n");
1262 memcpy(buf
+ (addr
& 511), data
, len
);
1263 if (!bdrv
|| bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1)
1264 printf("sd_blk_write: write error on host side\n");
1268 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd->bdrv, sd->data, a, len)
1269 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd->bdrv, sd->data, a, len)
1270 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1271 #define APP_WRITE_BLOCK(a, len)
1273 void sd_write_data(SDState
*sd
, uint8_t value
)
1277 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1280 if (sd
->state
!= sd_receivingdata_state
) {
1281 printf("sd_write_data: not in Receiving-Data state\n");
1285 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1288 switch (sd
->current_cmd
) {
1289 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1290 sd
->data
[sd
->data_offset
++] = value
;
1291 if (sd
->data_offset
>= sd
->blk_len
) {
1292 /* TODO: Check CRC before committing */
1293 sd
->state
= sd_programming_state
;
1294 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1296 sd
->csd
[14] |= 0x40;
1297 /* Bzzzzzzztt .... Operation complete. */
1298 sd
->state
= sd_transfer_state
;
1302 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1303 sd
->data
[sd
->data_offset
++] = value
;
1304 if (sd
->data_offset
>= sd
->blk_len
) {
1305 /* TODO: Check CRC before committing */
1306 sd
->state
= sd_programming_state
;
1307 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1309 sd
->data_start
+= sd
->blk_len
;
1310 sd
->data_offset
= 0;
1311 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1312 sd
->card_status
|= ADDRESS_ERROR
;
1315 if (sd_wp_addr(sd
, sd
->data_start
)) {
1316 sd
->card_status
|= WP_VIOLATION
;
1319 sd
->csd
[14] |= 0x40;
1321 /* Bzzzzzzztt .... Operation complete. */
1322 sd
->state
= sd_receivingdata_state
;
1326 case 26: /* CMD26: PROGRAM_CID */
1327 sd
->data
[sd
->data_offset
++] = value
;
1328 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1329 /* TODO: Check CRC before committing */
1330 sd
->state
= sd_programming_state
;
1331 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1332 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1333 sd
->card_status
|= CID_CSD_OVERWRITE
;
1335 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1336 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1338 sd
->cid
[i
] &= sd
->data
[i
];
1340 /* Bzzzzzzztt .... Operation complete. */
1341 sd
->state
= sd_transfer_state
;
1345 case 27: /* CMD27: PROGRAM_CSD */
1346 sd
->data
[sd
->data_offset
++] = value
;
1347 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1348 /* TODO: Check CRC before committing */
1349 sd
->state
= sd_programming_state
;
1350 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1351 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1352 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1353 sd
->card_status
|= CID_CSD_OVERWRITE
;
1355 /* Copy flag (OTP) & Permanent write protect */
1356 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1357 sd
->card_status
|= CID_CSD_OVERWRITE
;
1359 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1360 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1361 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1362 sd
->csd
[i
] &= sd
->data
[i
];
1364 /* Bzzzzzzztt .... Operation complete. */
1365 sd
->state
= sd_transfer_state
;
1369 case 42: /* CMD42: LOCK_UNLOCK */
1370 sd
->data
[sd
->data_offset
++] = value
;
1371 if (sd
->data_offset
>= sd
->blk_len
) {
1372 /* TODO: Check CRC before committing */
1373 sd
->state
= sd_programming_state
;
1374 sd_lock_command(sd
);
1375 /* Bzzzzzzztt .... Operation complete. */
1376 sd
->state
= sd_transfer_state
;
1380 case 56: /* CMD56: GEN_CMD */
1381 sd
->data
[sd
->data_offset
++] = value
;
1382 if (sd
->data_offset
>= sd
->blk_len
) {
1383 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1384 sd
->state
= sd_transfer_state
;
1389 printf("sd_write_data: unknown command\n");
1394 uint8_t sd_read_data(SDState
*sd
)
1396 /* TODO: Append CRCs */
1399 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1402 if (sd
->state
!= sd_sendingdata_state
) {
1403 printf("sd_read_data: not in Sending-Data state\n");
1407 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1410 switch (sd
->current_cmd
) {
1411 case 6: /* CMD6: SWITCH_FUNCTION */
1412 ret
= sd
->data
[sd
->data_offset
++];
1414 if (sd
->data_offset
>= 64)
1415 sd
->state
= sd_transfer_state
;
1418 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1419 if (sd
->data_offset
== 0)
1420 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1421 ret
= sd
->data
[sd
->data_offset
++];
1423 if (sd
->data_offset
>= sd
->blk_len
) {
1424 sd
->data_start
+= sd
->blk_len
;
1425 sd
->data_offset
= 0;
1426 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1427 sd
->card_status
|= ADDRESS_ERROR
;
1433 case 13: /* ACMD13: SD_STATUS */
1434 ret
= sd
->sd_status
[sd
->data_offset
++];
1436 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1437 sd
->state
= sd_transfer_state
;
1440 case 17: /* CMD17: READ_SINGLE_BLOCK */
1441 if (sd
->data_offset
== 0)
1442 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1443 ret
= sd
->data
[sd
->data_offset
++];
1445 if (sd
->data_offset
>= sd
->blk_len
)
1446 sd
->state
= sd_transfer_state
;
1449 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1450 if (sd
->data_offset
== 0)
1451 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1452 ret
= sd
->data
[sd
->data_offset
++];
1454 if (sd
->data_offset
>= sd
->blk_len
) {
1455 sd
->data_start
+= sd
->blk_len
;
1456 sd
->data_offset
= 0;
1457 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1458 sd
->card_status
|= ADDRESS_ERROR
;
1464 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1465 ret
= sd
->data
[sd
->data_offset
++];
1467 if (sd
->data_offset
>= 4)
1468 sd
->state
= sd_transfer_state
;
1471 case 30: /* CMD30: SEND_WRITE_PROT */
1472 ret
= sd
->data
[sd
->data_offset
++];
1474 if (sd
->data_offset
>= 4)
1475 sd
->state
= sd_transfer_state
;
1478 case 51: /* ACMD51: SEND_SCR */
1479 ret
= sd
->scr
[sd
->data_offset
++];
1481 if (sd
->data_offset
>= sizeof(sd
->scr
))
1482 sd
->state
= sd_transfer_state
;
1485 case 56: /* CMD56: GEN_CMD */
1486 if (sd
->data_offset
== 0)
1487 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1488 ret
= sd
->data
[sd
->data_offset
++];
1490 if (sd
->data_offset
>= sd
->blk_len
)
1491 sd
->state
= sd_transfer_state
;
1495 printf("sd_read_data: unknown command\n");
1502 int sd_data_ready(SDState
*sd
)
1504 return sd
->state
== sd_sendingdata_state
;