2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, args...) \
40 do { printf("SD: " fmt , ##args); } while (0)
42 #define DPRINTF(fmt, args...) do {} while(0)
46 sd_r0
= 0, /* no response */
47 sd_r1
, /* normal response command */
48 sd_r2_i
, /* CID register */
49 sd_r2_s
, /* CSD register */
50 sd_r3
, /* OCR register */
51 sd_r6
= 6, /* Published RCA response */
58 sd_card_identification_mode
,
59 sd_data_transfer_mode
,
62 sd_inactive_state
= -1,
65 sd_identification_state
,
69 sd_receivingdata_state
,
79 uint8_t sd_status
[64];
88 int function_group
[6];
97 BlockDriverState
*bdrv
;
100 static void sd_set_status(SDState
*sd
)
103 case sd_inactive_state
:
104 sd
->mode
= sd_inactive
;
109 case sd_identification_state
:
110 sd
->mode
= sd_card_identification_mode
;
113 case sd_standby_state
:
114 case sd_transfer_state
:
115 case sd_sendingdata_state
:
116 case sd_receivingdata_state
:
117 case sd_programming_state
:
118 case sd_disconnect_state
:
119 sd
->mode
= sd_data_transfer_mode
;
123 sd
->card_status
&= ~CURRENT_STATE
;
124 sd
->card_status
|= sd
->state
<< 9;
127 const sd_cmd_type_t sd_cmd_type
[64] = {
128 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
129 sd_none
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
130 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
131 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
132 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
133 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
134 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
135 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
138 const sd_cmd_type_t sd_acmd_type
[64] = {
139 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
140 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
142 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
143 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
144 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
145 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
146 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
149 static const int sd_cmd_class
[64] = {
150 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
151 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
152 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
153 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
156 static uint8_t sd_crc7(void *message
, size_t width
)
159 uint8_t shift_reg
= 0x00;
160 uint8_t *msg
= (uint8_t *) message
;
162 for (i
= 0; i
< width
; i
++, msg
++)
163 for (bit
= 7; bit
>= 0; bit
--) {
165 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
172 static uint16_t sd_crc16(void *message
, size_t width
)
175 uint16_t shift_reg
= 0x0000;
176 uint16_t *msg
= (uint16_t *) message
;
179 for (i
= 0; i
< width
; i
++, msg
++)
180 for (bit
= 15; bit
>= 0; bit
--) {
182 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
189 static void sd_set_ocr(SDState
*sd
)
191 sd
->ocr
= 0x80fffff0;
194 static void sd_set_scr(SDState
*sd
)
196 sd
->scr
[0] = 0x00; /* SCR Structure */
197 sd
->scr
[1] = 0x2f; /* SD Security Support */
213 static void sd_set_cid(SDState
*sd
)
215 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
216 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
218 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
223 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
224 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
228 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
229 ((MDT_YR
- 2000) / 10);
230 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
231 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
234 #define HWBLOCK_SHIFT 9 /* 512 bytes */
235 #define SECTOR_SHIFT 5 /* 16 kilobytes */
236 #define WPGROUP_SHIFT 7 /* 2 megs */
237 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
238 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
239 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
240 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
242 static const uint8_t sd_csd_rw_mask
[16] = {
243 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
244 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
247 static void sd_set_csd(SDState
*sd
, uint32_t size
)
249 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
250 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
251 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
253 sd
->csd
[0] = 0x00; /* CSD structure */
254 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
255 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
256 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
257 sd
->csd
[4] = 0x5f; /* Card Command Classes */
258 sd
->csd
[5] = 0x50 | /* Max. read data block length */
260 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
261 ((csize
>> 10) & 0x03);
262 sd
->csd
[7] = 0x00 | /* Device size */
263 ((csize
>> 2) & 0xff);
264 sd
->csd
[8] = 0x3f | /* Max. read current */
265 ((csize
<< 6) & 0xc0);
266 sd
->csd
[9] = 0xfc | /* Max. write current */
267 ((CMULT_SHIFT
- 2) >> 1);
268 sd
->csd
[10] = 0x40 | /* Erase sector size */
269 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
270 sd
->csd
[11] = 0x00 | /* Write protect group size */
271 ((sectsize
<< 7) & 0x80) | wpsize
;
272 sd
->csd
[12] = 0x90 | /* Write speed factor */
273 (HWBLOCK_SHIFT
>> 2);
274 sd
->csd
[13] = 0x20 | /* Max. write data block length */
275 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
276 sd
->csd
[14] = 0x00; /* File format group */
277 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
280 static void sd_set_rca(SDState
*sd
)
285 #define CARD_STATUS_A 0x02004100
286 #define CARD_STATUS_B 0x00c01e00
287 #define CARD_STATUS_C 0xfd39a028
289 static void sd_set_cardstatus(SDState
*sd
)
291 sd
->card_status
= 0x00000100;
294 static void sd_set_sdstatus(SDState
*sd
)
296 memset(sd
->sd_status
, 0, 64);
299 static int sd_req_crc_validate(struct sd_request_s
*req
)
302 buffer
[0] = 0x40 | req
->cmd
;
303 buffer
[1] = (req
->arg
>> 24) & 0xff;
304 buffer
[2] = (req
->arg
>> 16) & 0xff;
305 buffer
[3] = (req
->arg
>> 8) & 0xff;
306 buffer
[4] = (req
->arg
>> 0) & 0xff;
308 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
311 void sd_response_r1_make(SDState
*sd
,
312 uint8_t *response
, uint32_t last_status
)
314 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
317 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
318 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
320 response
[0] = (status
>> 24) & 0xff;
321 response
[1] = (status
>> 16) & 0xff;
322 response
[2] = (status
>> 8) & 0xff;
323 response
[3] = (status
>> 0) & 0xff;
326 void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
328 response
[0] = (sd
->ocr
>> 24) & 0xff;
329 response
[1] = (sd
->ocr
>> 16) & 0xff;
330 response
[2] = (sd
->ocr
>> 8) & 0xff;
331 response
[3] = (sd
->ocr
>> 0) & 0xff;
334 void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
340 status
= ((sd
->card_status
>> 8) & 0xc000) |
341 ((sd
->card_status
>> 6) & 0x2000) |
342 (sd
->card_status
& 0x1fff);
344 response
[0] = (arg
>> 8) & 0xff;
345 response
[1] = arg
& 0xff;
346 response
[2] = (status
>> 8) & 0xff;
347 response
[3] = status
& 0xff;
350 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
355 bdrv_get_geometry(bdrv
, §
);
358 if (sect
> 0x40000000)
359 size
= 0x40000000; /* 1 gig */
363 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
365 sd
->state
= sd_idle_state
;
370 sd_set_csd(sd
, size
);
371 sd_set_cardstatus(sd
);
377 qemu_free(sd
->wp_groups
);
378 sd
->wp_switch
= bdrv_is_read_only(bdrv
);
379 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
380 memset(sd
->function_group
, 0, sizeof(int) * 6);
388 static void sd_cardchange(void *opaque
)
390 SDState
*sd
= opaque
;
391 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
392 if (bdrv_is_inserted(sd
->bdrv
)) {
393 sd_reset(sd
, sd
->bdrv
);
394 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
398 SDState
*sd_init(BlockDriverState
*bs
)
402 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
404 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
408 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
410 sd
->readonly_cb
= readonly
;
411 sd
->inserted_cb
= insert
;
412 qemu_set_irq(readonly
, bdrv_is_read_only(sd
->bdrv
));
413 qemu_set_irq(insert
, bdrv_is_inserted(sd
->bdrv
));
416 static void sd_erase(SDState
*sd
)
419 if (!sd
->erase_start
|| !sd
->erase_end
) {
420 sd
->card_status
|= ERASE_SEQ_ERROR
;
424 start
= sd
->erase_start
>>
425 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
426 end
= sd
->erase_end
>>
427 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
432 for (i
= start
; i
<= end
; i
++)
433 if (sd
->wp_groups
[i
])
434 sd
->card_status
|= WP_ERASE_SKIP
;
437 static uint32_t sd_wpbits(SDState
*sd
, uint32_t addr
)
442 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
444 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
445 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
451 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
453 int i
, mode
, new_func
, crc
;
454 mode
= !!(arg
& 0x80000000);
456 sd
->data
[0] = 0x00; /* Maximum current consumption */
458 sd
->data
[2] = 0x80; /* Supported group 6 functions */
460 sd
->data
[4] = 0x80; /* Supported group 5 functions */
462 sd
->data
[6] = 0x80; /* Supported group 4 functions */
464 sd
->data
[8] = 0x80; /* Supported group 3 functions */
466 sd
->data
[10] = 0x80; /* Supported group 2 functions */
468 sd
->data
[12] = 0x80; /* Supported group 1 functions */
470 for (i
= 0; i
< 6; i
++) {
471 new_func
= (arg
>> (i
* 4)) & 0x0f;
472 if (mode
&& new_func
!= 0x0f)
473 sd
->function_group
[i
] = new_func
;
474 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
476 memset(&sd
->data
[17], 0, 47);
477 crc
= sd_crc16(sd
->data
, 64);
478 sd
->data
[65] = crc
>> 8;
479 sd
->data
[66] = crc
& 0xff;
482 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
484 return sd
->wp_groups
[addr
>>
485 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
488 static void sd_lock_command(SDState
*sd
)
490 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
491 erase
= !!(sd
->data
[0] & 0x08);
492 lock
= sd
->data
[0] & 0x04;
493 clr_pwd
= sd
->data
[0] & 0x02;
494 set_pwd
= sd
->data
[0] & 0x01;
497 pwd_len
= sd
->data
[1];
502 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
503 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
504 (sd
->csd
[14] & 0x20)) {
505 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
508 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
509 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
510 sd
->csd
[14] &= ~0x10;
511 sd
->card_status
&= ~CARD_IS_LOCKED
;
513 /* Erasing the entire card here! */
514 printf("SD: Card force-erased by CMD42\n");
518 if (sd
->blk_len
< 2 + pwd_len
||
519 pwd_len
<= sd
->pwd_len
||
520 pwd_len
> sd
->pwd_len
+ 16) {
521 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
525 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
526 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
530 pwd_len
-= sd
->pwd_len
;
531 if ((pwd_len
&& !set_pwd
) ||
532 (clr_pwd
&& (set_pwd
|| lock
)) ||
533 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
534 (!set_pwd
&& !clr_pwd
&&
535 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
536 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
537 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
542 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
543 sd
->pwd_len
= pwd_len
;
551 sd
->card_status
|= CARD_IS_LOCKED
;
553 sd
->card_status
&= ~CARD_IS_LOCKED
;
556 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
557 struct sd_request_s req
)
559 uint32_t rca
= 0x0000;
561 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
564 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
566 /* Basic commands (Class 0 and Class 1) */
567 case 0: /* CMD0: GO_IDLE_STATE */
569 case sd_inactive_state
:
573 sd
->state
= sd_idle_state
;
574 sd_reset(sd
, sd
->bdrv
);
579 case 2: /* CMD2: ALL_SEND_CID */
582 sd
->state
= sd_identification_state
;
590 case 3: /* CMD3: SEND_RELATIVE_ADDR */
592 case sd_identification_state
:
593 case sd_standby_state
:
594 sd
->state
= sd_standby_state
;
603 case 4: /* CMD4: SEND_DSR */
605 case sd_standby_state
:
613 case 6: /* CMD6: SWITCH_FUNCTION */
615 case sd_data_transfer_mode
:
616 sd_function_switch(sd
, req
.arg
);
617 sd
->state
= sd_sendingdata_state
;
627 case 7: /* CMD7: SELECT/DESELECT_CARD */
629 case sd_standby_state
:
633 sd
->state
= sd_transfer_state
;
636 case sd_transfer_state
:
637 case sd_sendingdata_state
:
641 sd
->state
= sd_standby_state
;
644 case sd_disconnect_state
:
648 sd
->state
= sd_programming_state
;
651 case sd_programming_state
:
655 sd
->state
= sd_disconnect_state
;
663 case 9: /* CMD9: SEND_CSD */
665 case sd_standby_state
:
676 case 10: /* CMD10: SEND_CID */
678 case sd_standby_state
:
689 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
691 case sd_transfer_state
:
692 sd
->state
= sd_sendingdata_state
;
693 sd
->data_start
= req
.arg
;
696 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
697 sd
->card_status
|= ADDRESS_ERROR
;
705 case 12: /* CMD12: STOP_TRANSMISSION */
707 case sd_sendingdata_state
:
708 sd
->state
= sd_transfer_state
;
711 case sd_receivingdata_state
:
712 sd
->state
= sd_programming_state
;
713 /* Bzzzzzzztt .... Operation complete. */
714 sd
->state
= sd_transfer_state
;
722 case 13: /* CMD13: SEND_STATUS */
724 case sd_data_transfer_mode
:
735 case 15: /* CMD15: GO_INACTIVE_STATE */
737 case sd_data_transfer_mode
:
741 sd
->state
= sd_inactive_state
;
749 /* Block read commands (Classs 2) */
750 case 16: /* CMD16: SET_BLOCKLEN */
752 case sd_transfer_state
:
753 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
754 sd
->card_status
|= BLOCK_LEN_ERROR
;
756 sd
->blk_len
= req
.arg
;
765 case 17: /* CMD17: READ_SINGLE_BLOCK */
767 case sd_transfer_state
:
768 sd
->state
= sd_sendingdata_state
;
769 sd
->data_start
= req
.arg
;
772 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
773 sd
->card_status
|= ADDRESS_ERROR
;
781 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
783 case sd_transfer_state
:
784 sd
->state
= sd_sendingdata_state
;
785 sd
->data_start
= req
.arg
;
788 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
789 sd
->card_status
|= ADDRESS_ERROR
;
797 /* Block write commands (Class 4) */
798 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
800 case sd_transfer_state
:
801 sd
->state
= sd_receivingdata_state
;
802 sd
->data_start
= req
.arg
;
806 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
807 sd
->card_status
|= ADDRESS_ERROR
;
808 if (sd_wp_addr(sd
, sd
->data_start
))
809 sd
->card_status
|= WP_VIOLATION
;
810 if (sd
->csd
[14] & 0x30)
811 sd
->card_status
|= WP_VIOLATION
;
819 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
821 case sd_transfer_state
:
822 sd
->state
= sd_receivingdata_state
;
823 sd
->data_start
= req
.arg
;
827 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
828 sd
->card_status
|= ADDRESS_ERROR
;
829 if (sd_wp_addr(sd
, sd
->data_start
))
830 sd
->card_status
|= WP_VIOLATION
;
831 if (sd
->csd
[14] & 0x30)
832 sd
->card_status
|= WP_VIOLATION
;
840 case 26: /* CMD26: PROGRAM_CID */
842 case sd_transfer_state
:
843 sd
->state
= sd_receivingdata_state
;
853 case 27: /* CMD27: PROGRAM_CSD */
855 case sd_transfer_state
:
856 sd
->state
= sd_receivingdata_state
;
866 /* Write protection (Class 6) */
867 case 28: /* CMD28: SET_WRITE_PROT */
869 case sd_transfer_state
:
870 if (req
.arg
>= sd
->size
) {
871 sd
->card_status
= ADDRESS_ERROR
;
875 sd
->state
= sd_programming_state
;
876 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
877 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
878 /* Bzzzzzzztt .... Operation complete. */
879 sd
->state
= sd_transfer_state
;
887 case 29: /* CMD29: CLR_WRITE_PROT */
889 case sd_transfer_state
:
890 if (req
.arg
>= sd
->size
) {
891 sd
->card_status
= ADDRESS_ERROR
;
895 sd
->state
= sd_programming_state
;
896 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
897 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
898 /* Bzzzzzzztt .... Operation complete. */
899 sd
->state
= sd_transfer_state
;
907 case 30: /* CMD30: SEND_WRITE_PROT */
909 case sd_transfer_state
:
910 sd
->state
= sd_sendingdata_state
;
911 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
912 sd
->data_start
= req
.arg
;
921 /* Erase commands (Class 5) */
922 case 32: /* CMD32: ERASE_WR_BLK_START */
924 case sd_transfer_state
:
925 sd
->erase_start
= req
.arg
;
933 case 33: /* CMD33: ERASE_WR_BLK_END */
935 case sd_transfer_state
:
936 sd
->erase_end
= req
.arg
;
944 case 38: /* CMD38: ERASE */
946 case sd_transfer_state
:
947 if (sd
->csd
[14] & 0x30) {
948 sd
->card_status
|= WP_VIOLATION
;
952 sd
->state
= sd_programming_state
;
954 /* Bzzzzzzztt .... Operation complete. */
955 sd
->state
= sd_transfer_state
;
963 /* Lock card commands (Class 7) */
964 case 42: /* CMD42: LOCK_UNLOCK */
966 case sd_transfer_state
:
967 sd
->state
= sd_receivingdata_state
;
977 /* Application specific commands (Class 8) */
978 case 55: /* CMD55: APP_CMD */
982 sd
->card_status
|= APP_CMD
;
985 case 56: /* CMD56: GEN_CMD */
986 printf("SD: GEN_CMD 0x%08x\n", req
.arg
);
989 case sd_transfer_state
:
992 sd
->state
= sd_sendingdata_state
;
994 sd
->state
= sd_receivingdata_state
;
1003 sd
->card_status
|= ILLEGAL_COMMAND
;
1005 printf("SD: Unknown CMD%i\n", req
.cmd
);
1009 sd
->card_status
|= ILLEGAL_COMMAND
;
1010 printf("SD: CMD%i in a wrong state\n", req
.cmd
);
1014 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1015 struct sd_request_s req
) {
1018 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
1019 rca
= req
.arg
>> 16;
1021 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1023 case 6: /* ACMD6: SET_BUS_WIDTH */
1024 switch (sd
->state
) {
1025 case sd_transfer_state
:
1026 sd
->sd_status
[0] &= 0x3f;
1027 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1035 case 13: /* ACMD13: SD_STATUS */
1036 switch (sd
->state
) {
1037 case sd_transfer_state
:
1039 sd
->data_offset
= 0;
1047 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1048 switch (sd
->state
) {
1049 case sd_transfer_state
:
1050 *(uint32_t *) sd
->data
= sd
->blk_written
;
1053 sd
->data_offset
= 0;
1061 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1062 switch (sd
->state
) {
1063 case sd_transfer_state
:
1071 case 41: /* ACMD41: SD_APP_OP_COND */
1072 switch (sd
->state
) {
1074 /* We accept any voltage. 10000 V is nothing. */
1076 sd
->state
= sd_ready_state
;
1085 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1086 switch (sd
->state
) {
1087 case sd_transfer_state
:
1088 /* Bringing in the 50KOhm pull-up resistor... Done. */
1096 case 51: /* ACMD51: SEND_SCR */
1097 switch (sd
->state
) {
1098 case sd_transfer_state
:
1099 sd
->state
= sd_sendingdata_state
;
1101 sd
->data_offset
= 0;
1110 /* Fall back to standard commands. */
1111 sd
->card_status
&= ~APP_CMD
;
1112 return sd_normal_command(sd
, req
);
1115 printf("SD: ACMD%i in a wrong state\n", req
.cmd
);
1119 int sd_do_command(SDState
*sd
, struct sd_request_s
*req
,
1120 uint8_t *response
) {
1121 uint32_t last_status
= sd
->card_status
;
1122 sd_rsp_type_t rtype
;
1125 if (!bdrv_is_inserted(sd
->bdrv
)) {
1129 if (sd_req_crc_validate(req
)) {
1130 sd
->card_status
&= ~COM_CRC_ERROR
;
1134 sd
->card_status
&= ~CARD_STATUS_B
;
1137 if (last_status
& CARD_IS_LOCKED
)
1138 if (((last_status
& APP_CMD
) &&
1140 (!(last_status
& APP_CMD
) &&
1141 (sd_cmd_class
[req
->cmd
] == 0 ||
1142 sd_cmd_class
[req
->cmd
] == 7 ||
1143 req
->cmd
== 16 || req
->cmd
== 55))) {
1144 sd
->card_status
|= ILLEGAL_COMMAND
;
1145 printf("SD: Card is locked\n");
1149 if (last_status
& APP_CMD
) {
1150 rtype
= sd_app_command(sd
, *req
);
1151 sd
->card_status
&= ~APP_CMD
;
1153 rtype
= sd_normal_command(sd
, *req
);
1155 sd
->current_cmd
= req
->cmd
;
1160 sd_response_r1_make(sd
, response
, last_status
);
1165 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1171 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1177 sd_response_r3_make(sd
, response
);
1182 sd_response_r6_make(sd
, response
);
1192 if (sd
->card_status
& ILLEGAL_COMMAND
)
1198 DPRINTF("Response:");
1199 for (i
= 0; i
< rsplen
; i
++)
1200 printf(" %02x", response
[i
]);
1201 printf(" state %d\n", sd
->state
);
1203 DPRINTF("No response %d\n", sd
->state
);
1210 /* No real need for 64 bit addresses here */
1211 static void sd_blk_read(BlockDriverState
*bdrv
,
1212 void *data
, uint32_t addr
, uint32_t len
)
1215 uint32_t end
= addr
+ len
;
1217 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1218 printf("sd_blk_read: read error on host side\n");
1222 if (end
> (addr
& ~511) + 512) {
1223 memcpy(data
, buf
+ (addr
& 511), 512 - (addr
& 511));
1225 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1226 printf("sd_blk_read: read error on host side\n");
1229 memcpy(data
+ 512 - (addr
& 511), buf
, end
& 511);
1231 memcpy(data
, buf
+ (addr
& 511), len
);
1234 static void sd_blk_write(BlockDriverState
*bdrv
,
1235 void *data
, uint32_t addr
, uint32_t len
)
1238 uint32_t end
= addr
+ len
;
1240 if ((addr
& 511) || len
< 512)
1241 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1242 printf("sd_blk_write: read error on host side\n");
1246 if (end
> (addr
& ~511) + 512) {
1247 memcpy(buf
+ (addr
& 511), data
, 512 - (addr
& 511));
1248 if (bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1) {
1249 printf("sd_blk_write: write error on host side\n");
1253 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1254 printf("sd_blk_write: read error on host side\n");
1257 memcpy(buf
, data
+ 512 - (addr
& 511), end
& 511);
1258 if (bdrv_write(bdrv
, end
>> 9, buf
, 1) == -1)
1259 printf("sd_blk_write: write error on host side\n");
1261 memcpy(buf
+ (addr
& 511), data
, len
);
1262 if (!bdrv
|| bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1)
1263 printf("sd_blk_write: write error on host side\n");
1267 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd->bdrv, sd->data, a, len)
1268 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd->bdrv, sd->data, a, len)
1269 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1270 #define APP_WRITE_BLOCK(a, len)
1272 void sd_write_data(SDState
*sd
, uint8_t value
)
1276 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1279 if (sd
->state
!= sd_receivingdata_state
) {
1280 printf("sd_write_data: not in Receiving-Data state\n");
1284 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1287 switch (sd
->current_cmd
) {
1288 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1289 sd
->data
[sd
->data_offset
++] = value
;
1290 if (sd
->data_offset
>= sd
->blk_len
) {
1291 /* TODO: Check CRC before committing */
1292 sd
->state
= sd_programming_state
;
1293 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1295 sd
->csd
[14] |= 0x40;
1296 /* Bzzzzzzztt .... Operation complete. */
1297 sd
->state
= sd_transfer_state
;
1301 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1302 sd
->data
[sd
->data_offset
++] = value
;
1303 if (sd
->data_offset
>= sd
->blk_len
) {
1304 /* TODO: Check CRC before committing */
1305 sd
->state
= sd_programming_state
;
1306 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1308 sd
->data_start
+= sd
->blk_len
;
1309 sd
->data_offset
= 0;
1310 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1311 sd
->card_status
|= ADDRESS_ERROR
;
1314 if (sd_wp_addr(sd
, sd
->data_start
)) {
1315 sd
->card_status
|= WP_VIOLATION
;
1318 sd
->csd
[14] |= 0x40;
1320 /* Bzzzzzzztt .... Operation complete. */
1321 sd
->state
= sd_receivingdata_state
;
1325 case 26: /* CMD26: PROGRAM_CID */
1326 sd
->data
[sd
->data_offset
++] = value
;
1327 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1328 /* TODO: Check CRC before committing */
1329 sd
->state
= sd_programming_state
;
1330 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1331 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1332 sd
->card_status
|= CID_CSD_OVERWRITE
;
1334 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1335 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1337 sd
->cid
[i
] &= sd
->data
[i
];
1339 /* Bzzzzzzztt .... Operation complete. */
1340 sd
->state
= sd_transfer_state
;
1344 case 27: /* CMD27: PROGRAM_CSD */
1345 sd
->data
[sd
->data_offset
++] = value
;
1346 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1347 /* TODO: Check CRC before committing */
1348 sd
->state
= sd_programming_state
;
1349 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1350 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1351 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1352 sd
->card_status
|= CID_CSD_OVERWRITE
;
1354 /* Copy flag (OTP) & Permanent write protect */
1355 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1356 sd
->card_status
|= CID_CSD_OVERWRITE
;
1358 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1359 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1360 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1361 sd
->csd
[i
] &= sd
->data
[i
];
1363 /* Bzzzzzzztt .... Operation complete. */
1364 sd
->state
= sd_transfer_state
;
1368 case 42: /* CMD42: LOCK_UNLOCK */
1369 sd
->data
[sd
->data_offset
++] = value
;
1370 if (sd
->data_offset
>= sd
->blk_len
) {
1371 /* TODO: Check CRC before committing */
1372 sd
->state
= sd_programming_state
;
1373 sd_lock_command(sd
);
1374 /* Bzzzzzzztt .... Operation complete. */
1375 sd
->state
= sd_transfer_state
;
1379 case 56: /* CMD56: GEN_CMD */
1380 sd
->data
[sd
->data_offset
++] = value
;
1381 if (sd
->data_offset
>= sd
->blk_len
) {
1382 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1383 sd
->state
= sd_transfer_state
;
1388 printf("sd_write_data: unknown command\n");
1393 uint8_t sd_read_data(SDState
*sd
)
1395 /* TODO: Append CRCs */
1398 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1401 if (sd
->state
!= sd_sendingdata_state
) {
1402 printf("sd_read_data: not in Sending-Data state\n");
1406 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1409 switch (sd
->current_cmd
) {
1410 case 6: /* CMD6: SWITCH_FUNCTION */
1411 ret
= sd
->data
[sd
->data_offset
++];
1413 if (sd
->data_offset
>= 64)
1414 sd
->state
= sd_transfer_state
;
1417 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1418 if (sd
->data_offset
== 0)
1419 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1420 ret
= sd
->data
[sd
->data_offset
++];
1422 if (sd
->data_offset
>= sd
->blk_len
) {
1423 sd
->data_start
+= sd
->blk_len
;
1424 sd
->data_offset
= 0;
1425 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1426 sd
->card_status
|= ADDRESS_ERROR
;
1432 case 13: /* ACMD13: SD_STATUS */
1433 ret
= sd
->sd_status
[sd
->data_offset
++];
1435 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1436 sd
->state
= sd_transfer_state
;
1439 case 17: /* CMD17: READ_SINGLE_BLOCK */
1440 if (sd
->data_offset
== 0)
1441 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1442 ret
= sd
->data
[sd
->data_offset
++];
1444 if (sd
->data_offset
>= sd
->blk_len
)
1445 sd
->state
= sd_transfer_state
;
1448 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1449 if (sd
->data_offset
== 0)
1450 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1451 ret
= sd
->data
[sd
->data_offset
++];
1453 if (sd
->data_offset
>= sd
->blk_len
) {
1454 sd
->data_start
+= sd
->blk_len
;
1455 sd
->data_offset
= 0;
1456 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1457 sd
->card_status
|= ADDRESS_ERROR
;
1463 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1464 ret
= sd
->data
[sd
->data_offset
++];
1466 if (sd
->data_offset
>= 4)
1467 sd
->state
= sd_transfer_state
;
1470 case 30: /* CMD30: SEND_WRITE_PROT */
1471 ret
= sd
->data
[sd
->data_offset
++];
1473 if (sd
->data_offset
>= 4)
1474 sd
->state
= sd_transfer_state
;
1477 case 51: /* ACMD51: SEND_SCR */
1478 ret
= sd
->scr
[sd
->data_offset
++];
1480 if (sd
->data_offset
>= sizeof(sd
->scr
))
1481 sd
->state
= sd_transfer_state
;
1484 case 56: /* CMD56: GEN_CMD */
1485 if (sd
->data_offset
== 0)
1486 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1487 ret
= sd
->data
[sd
->data_offset
++];
1489 if (sd
->data_offset
>= sd
->blk_len
)
1490 sd
->state
= sd_transfer_state
;
1494 printf("sd_read_data: unknown command\n");
1501 int sd_data_ready(SDState
*sd
)
1503 return sd
->state
== sd_sendingdata_state
;