2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0
= 0, /* no response */
47 sd_r1
, /* normal response command */
48 sd_r2_i
, /* CID register */
49 sd_r2_s
, /* CSD register */
50 sd_r3
, /* OCR register */
51 sd_r6
= 6, /* Published RCA response */
52 sd_r7
, /* Operating voltage */
59 sd_card_identification_mode
,
60 sd_data_transfer_mode
,
63 sd_inactive_state
= -1,
66 sd_identification_state
,
70 sd_receivingdata_state
,
80 uint8_t sd_status
[64];
90 int function_group
[6];
100 BlockDriverState
*bdrv
;
106 static void sd_set_status(SDState
*sd
)
109 case sd_inactive_state
:
110 sd
->mode
= sd_inactive
;
115 case sd_identification_state
:
116 sd
->mode
= sd_card_identification_mode
;
119 case sd_standby_state
:
120 case sd_transfer_state
:
121 case sd_sendingdata_state
:
122 case sd_receivingdata_state
:
123 case sd_programming_state
:
124 case sd_disconnect_state
:
125 sd
->mode
= sd_data_transfer_mode
;
129 sd
->card_status
&= ~CURRENT_STATE
;
130 sd
->card_status
|= sd
->state
<< 9;
133 static const sd_cmd_type_t sd_cmd_type
[64] = {
134 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
135 sd_bcr
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
136 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
137 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
138 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
139 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
140 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
141 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
144 static const sd_cmd_type_t sd_acmd_type
[64] = {
145 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
146 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
147 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
148 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
149 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
150 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
151 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
152 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
155 static const int sd_cmd_class
[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message
, size_t width
)
165 uint8_t shift_reg
= 0x00;
166 uint8_t *msg
= (uint8_t *) message
;
168 for (i
= 0; i
< width
; i
++, msg
++)
169 for (bit
= 7; bit
>= 0; bit
--) {
171 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
178 static uint16_t sd_crc16(void *message
, size_t width
)
181 uint16_t shift_reg
= 0x0000;
182 uint16_t *msg
= (uint16_t *) message
;
185 for (i
= 0; i
< width
; i
++, msg
++)
186 for (bit
= 15; bit
>= 0; bit
--) {
188 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
195 static void sd_set_ocr(SDState
*sd
)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd
->ocr
= 0x80ffff00;
201 static void sd_set_scr(SDState
*sd
)
203 sd
->scr
[0] = 0x00; /* SCR Structure */
204 sd
->scr
[1] = 0x2f; /* SD Security Support */
220 static void sd_set_cid(SDState
*sd
)
222 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
223 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
225 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
230 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
231 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
235 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR
- 2000) / 10);
237 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
238 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask
[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState
*sd
, uint64_t size
)
254 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
255 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
256 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
258 if (size
<= 0x40000000) { /* Standard Capacity SD */
259 sd
->csd
[0] = 0x00; /* CSD structure */
260 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
261 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
262 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
263 sd
->csd
[4] = 0x5f; /* Card Command Classes */
264 sd
->csd
[5] = 0x50 | /* Max. read data block length */
266 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize
>> 10) & 0x03);
268 sd
->csd
[7] = 0x00 | /* Device size */
269 ((csize
>> 2) & 0xff);
270 sd
->csd
[8] = 0x3f | /* Max. read current */
271 ((csize
<< 6) & 0xc0);
272 sd
->csd
[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT
- 2) >> 1);
274 sd
->csd
[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
276 sd
->csd
[11] = 0x00 | /* Write protect group size */
277 ((sectsize
<< 7) & 0x80) | wpsize
;
278 sd
->csd
[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT
>> 2);
280 sd
->csd
[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
282 sd
->csd
[14] = 0x00; /* File format group */
283 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
294 sd
->csd
[7] = (size
>> 16) & 0xff;
295 sd
->csd
[8] = (size
>> 8) & 0xff;
296 sd
->csd
[9] = (size
& 0xff);
303 sd
->ocr
|= 1 << 30; /* High Capacity SD Memort Card */
307 static void sd_set_rca(SDState
*sd
)
312 #define CARD_STATUS_A 0x02004100
313 #define CARD_STATUS_B 0x00c01e00
314 #define CARD_STATUS_C 0xfd39a028
316 static void sd_set_cardstatus(SDState
*sd
)
318 sd
->card_status
= 0x00000100;
321 static void sd_set_sdstatus(SDState
*sd
)
323 memset(sd
->sd_status
, 0, 64);
326 static int sd_req_crc_validate(SDRequest
*req
)
329 buffer
[0] = 0x40 | req
->cmd
;
330 buffer
[1] = (req
->arg
>> 24) & 0xff;
331 buffer
[2] = (req
->arg
>> 16) & 0xff;
332 buffer
[3] = (req
->arg
>> 8) & 0xff;
333 buffer
[4] = (req
->arg
>> 0) & 0xff;
335 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
338 static void sd_response_r1_make(SDState
*sd
,
339 uint8_t *response
, uint32_t last_status
)
341 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
344 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
345 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
347 response
[0] = (status
>> 24) & 0xff;
348 response
[1] = (status
>> 16) & 0xff;
349 response
[2] = (status
>> 8) & 0xff;
350 response
[3] = (status
>> 0) & 0xff;
353 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
355 response
[0] = (sd
->ocr
>> 24) & 0xff;
356 response
[1] = (sd
->ocr
>> 16) & 0xff;
357 response
[2] = (sd
->ocr
>> 8) & 0xff;
358 response
[3] = (sd
->ocr
>> 0) & 0xff;
361 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
367 status
= ((sd
->card_status
>> 8) & 0xc000) |
368 ((sd
->card_status
>> 6) & 0x2000) |
369 (sd
->card_status
& 0x1fff);
371 response
[0] = (arg
>> 8) & 0xff;
372 response
[1] = arg
& 0xff;
373 response
[2] = (status
>> 8) & 0xff;
374 response
[3] = status
& 0xff;
377 static void sd_response_r7_make(SDState
*sd
, uint8_t *response
)
379 response
[0] = (sd
->vhs
>> 24) & 0xff;
380 response
[1] = (sd
->vhs
>> 16) & 0xff;
381 response
[2] = (sd
->vhs
>> 8) & 0xff;
382 response
[3] = (sd
->vhs
>> 0) & 0xff;
385 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
391 bdrv_get_geometry(bdrv
, §
);
399 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
401 sd
->state
= sd_idle_state
;
406 sd_set_csd(sd
, size
);
407 sd_set_cardstatus(sd
);
413 qemu_free(sd
->wp_groups
);
414 sd
->wp_switch
= bdrv
? bdrv_is_read_only(bdrv
) : 0;
415 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
416 memset(sd
->function_group
, 0, sizeof(int) * 6);
424 static void sd_cardchange(void *opaque
)
426 SDState
*sd
= opaque
;
427 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
428 if (bdrv_is_inserted(sd
->bdrv
)) {
429 sd_reset(sd
, sd
->bdrv
);
430 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
434 /* We do not model the chip select pin, so allow the board to select
435 whether card should be in SSI or MMC/SD mode. It is also up to the
436 board to ensure that ssi transfers only occur when the chip select
438 SDState
*sd_init(BlockDriverState
*bs
, int is_spi
)
442 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
443 sd
->buf
= qemu_memalign(512, 512);
448 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
453 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
455 sd
->readonly_cb
= readonly
;
456 sd
->inserted_cb
= insert
;
457 qemu_set_irq(readonly
, bdrv_is_read_only(sd
->bdrv
));
458 qemu_set_irq(insert
, bdrv_is_inserted(sd
->bdrv
));
461 static void sd_erase(SDState
*sd
)
464 if (!sd
->erase_start
|| !sd
->erase_end
) {
465 sd
->card_status
|= ERASE_SEQ_ERROR
;
469 start
= sd
->erase_start
>>
470 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
471 end
= sd
->erase_end
>>
472 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
477 for (i
= start
; i
<= end
; i
++)
478 if (sd
->wp_groups
[i
])
479 sd
->card_status
|= WP_ERASE_SKIP
;
482 static uint32_t sd_wpbits(SDState
*sd
, uint64_t addr
)
487 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
489 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
490 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
496 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
498 int i
, mode
, new_func
, crc
;
499 mode
= !!(arg
& 0x80000000);
501 sd
->data
[0] = 0x00; /* Maximum current consumption */
503 sd
->data
[2] = 0x80; /* Supported group 6 functions */
505 sd
->data
[4] = 0x80; /* Supported group 5 functions */
507 sd
->data
[6] = 0x80; /* Supported group 4 functions */
509 sd
->data
[8] = 0x80; /* Supported group 3 functions */
511 sd
->data
[10] = 0x80; /* Supported group 2 functions */
513 sd
->data
[12] = 0x80; /* Supported group 1 functions */
515 for (i
= 0; i
< 6; i
++) {
516 new_func
= (arg
>> (i
* 4)) & 0x0f;
517 if (mode
&& new_func
!= 0x0f)
518 sd
->function_group
[i
] = new_func
;
519 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
521 memset(&sd
->data
[17], 0, 47);
522 crc
= sd_crc16(sd
->data
, 64);
523 sd
->data
[65] = crc
>> 8;
524 sd
->data
[66] = crc
& 0xff;
527 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
529 return sd
->wp_groups
[addr
>>
530 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
533 static void sd_lock_command(SDState
*sd
)
535 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
536 erase
= !!(sd
->data
[0] & 0x08);
537 lock
= sd
->data
[0] & 0x04;
538 clr_pwd
= sd
->data
[0] & 0x02;
539 set_pwd
= sd
->data
[0] & 0x01;
542 pwd_len
= sd
->data
[1];
547 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
548 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
549 (sd
->csd
[14] & 0x20)) {
550 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
553 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
554 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
555 sd
->csd
[14] &= ~0x10;
556 sd
->card_status
&= ~CARD_IS_LOCKED
;
558 /* Erasing the entire card here! */
559 fprintf(stderr
, "SD: Card force-erased by CMD42\n");
563 if (sd
->blk_len
< 2 + pwd_len
||
564 pwd_len
<= sd
->pwd_len
||
565 pwd_len
> sd
->pwd_len
+ 16) {
566 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
570 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
571 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
575 pwd_len
-= sd
->pwd_len
;
576 if ((pwd_len
&& !set_pwd
) ||
577 (clr_pwd
&& (set_pwd
|| lock
)) ||
578 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
579 (!set_pwd
&& !clr_pwd
&&
580 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
581 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
582 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
587 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
588 sd
->pwd_len
= pwd_len
;
596 sd
->card_status
|= CARD_IS_LOCKED
;
598 sd
->card_status
&= ~CARD_IS_LOCKED
;
601 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
604 uint32_t rca
= 0x0000;
605 uint64_t addr
= (sd
->ocr
& (1 << 30)) ? (uint64_t) req
.arg
<< 9 : req
.arg
;
607 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
610 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
612 /* Basic commands (Class 0 and Class 1) */
613 case 0: /* CMD0: GO_IDLE_STATE */
615 case sd_inactive_state
:
616 return sd
->spi
? sd_r1
: sd_r0
;
619 sd
->state
= sd_idle_state
;
620 sd_reset(sd
, sd
->bdrv
);
621 return sd
->spi
? sd_r1
: sd_r0
;
625 case 1: /* CMD1: SEND_OP_CMD */
629 sd
->state
= sd_transfer_state
;
632 case 2: /* CMD2: ALL_SEND_CID */
637 sd
->state
= sd_identification_state
;
645 case 3: /* CMD3: SEND_RELATIVE_ADDR */
649 case sd_identification_state
:
650 case sd_standby_state
:
651 sd
->state
= sd_standby_state
;
660 case 4: /* CMD4: SEND_DSR */
664 case sd_standby_state
:
672 case 6: /* CMD6: SWITCH_FUNCTION */
676 case sd_data_transfer_mode
:
677 sd_function_switch(sd
, req
.arg
);
678 sd
->state
= sd_sendingdata_state
;
688 case 7: /* CMD7: SELECT/DESELECT_CARD */
692 case sd_standby_state
:
696 sd
->state
= sd_transfer_state
;
699 case sd_transfer_state
:
700 case sd_sendingdata_state
:
704 sd
->state
= sd_standby_state
;
707 case sd_disconnect_state
:
711 sd
->state
= sd_programming_state
;
714 case sd_programming_state
:
718 sd
->state
= sd_disconnect_state
;
726 case 8: /* CMD8: SEND_IF_COND */
727 /* Physical Layer Specification Version 2.00 command */
732 /* No response if not exactly one VHS bit is set. */
733 if (!(req
.arg
>> 8) || (req
.arg
>> ffs(req
.arg
& ~0xff)))
734 return sd
->spi
? sd_r7
: sd_r0
;
745 case 9: /* CMD9: SEND_CSD */
747 case sd_standby_state
:
753 case sd_transfer_state
:
756 sd
->state
= sd_sendingdata_state
;
757 memcpy(sd
->data
, sd
->csd
, 16);
758 sd
->data_start
= addr
;
767 case 10: /* CMD10: SEND_CID */
769 case sd_standby_state
:
775 case sd_transfer_state
:
778 sd
->state
= sd_sendingdata_state
;
779 memcpy(sd
->data
, sd
->cid
, 16);
780 sd
->data_start
= addr
;
789 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
793 case sd_transfer_state
:
794 sd
->state
= sd_sendingdata_state
;
795 sd
->data_start
= req
.arg
;
798 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
799 sd
->card_status
|= ADDRESS_ERROR
;
807 case 12: /* CMD12: STOP_TRANSMISSION */
809 case sd_sendingdata_state
:
810 sd
->state
= sd_transfer_state
;
813 case sd_receivingdata_state
:
814 sd
->state
= sd_programming_state
;
815 /* Bzzzzzzztt .... Operation complete. */
816 sd
->state
= sd_transfer_state
;
824 case 13: /* CMD13: SEND_STATUS */
826 case sd_data_transfer_mode
:
837 case 15: /* CMD15: GO_INACTIVE_STATE */
841 case sd_data_transfer_mode
:
845 sd
->state
= sd_inactive_state
;
853 /* Block read commands (Classs 2) */
854 case 16: /* CMD16: SET_BLOCKLEN */
856 case sd_transfer_state
:
857 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
858 sd
->card_status
|= BLOCK_LEN_ERROR
;
860 sd
->blk_len
= req
.arg
;
869 case 17: /* CMD17: READ_SINGLE_BLOCK */
871 case sd_transfer_state
:
872 sd
->state
= sd_sendingdata_state
;
873 sd
->data_start
= addr
;
876 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
877 sd
->card_status
|= ADDRESS_ERROR
;
885 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
887 case sd_transfer_state
:
888 sd
->state
= sd_sendingdata_state
;
889 sd
->data_start
= addr
;
892 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
893 sd
->card_status
|= ADDRESS_ERROR
;
901 /* Block write commands (Class 4) */
902 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
904 goto unimplemented_cmd
;
906 case sd_transfer_state
:
907 /* Writing in SPI mode not implemented. */
910 sd
->state
= sd_receivingdata_state
;
911 sd
->data_start
= addr
;
915 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
916 sd
->card_status
|= ADDRESS_ERROR
;
917 if (sd_wp_addr(sd
, sd
->data_start
))
918 sd
->card_status
|= WP_VIOLATION
;
919 if (sd
->csd
[14] & 0x30)
920 sd
->card_status
|= WP_VIOLATION
;
928 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
930 goto unimplemented_cmd
;
932 case sd_transfer_state
:
933 /* Writing in SPI mode not implemented. */
936 sd
->state
= sd_receivingdata_state
;
937 sd
->data_start
= addr
;
941 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
942 sd
->card_status
|= ADDRESS_ERROR
;
943 if (sd_wp_addr(sd
, sd
->data_start
))
944 sd
->card_status
|= WP_VIOLATION
;
945 if (sd
->csd
[14] & 0x30)
946 sd
->card_status
|= WP_VIOLATION
;
954 case 26: /* CMD26: PROGRAM_CID */
958 case sd_transfer_state
:
959 sd
->state
= sd_receivingdata_state
;
969 case 27: /* CMD27: PROGRAM_CSD */
971 goto unimplemented_cmd
;
973 case sd_transfer_state
:
974 sd
->state
= sd_receivingdata_state
;
984 /* Write protection (Class 6) */
985 case 28: /* CMD28: SET_WRITE_PROT */
987 case sd_transfer_state
:
988 if (addr
>= sd
->size
) {
989 sd
->card_status
= ADDRESS_ERROR
;
993 sd
->state
= sd_programming_state
;
994 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
995 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
996 /* Bzzzzzzztt .... Operation complete. */
997 sd
->state
= sd_transfer_state
;
1005 case 29: /* CMD29: CLR_WRITE_PROT */
1006 switch (sd
->state
) {
1007 case sd_transfer_state
:
1008 if (addr
>= sd
->size
) {
1009 sd
->card_status
= ADDRESS_ERROR
;
1013 sd
->state
= sd_programming_state
;
1014 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
1015 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
1016 /* Bzzzzzzztt .... Operation complete. */
1017 sd
->state
= sd_transfer_state
;
1025 case 30: /* CMD30: SEND_WRITE_PROT */
1026 switch (sd
->state
) {
1027 case sd_transfer_state
:
1028 sd
->state
= sd_sendingdata_state
;
1029 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
1030 sd
->data_start
= addr
;
1031 sd
->data_offset
= 0;
1039 /* Erase commands (Class 5) */
1040 case 32: /* CMD32: ERASE_WR_BLK_START */
1041 switch (sd
->state
) {
1042 case sd_transfer_state
:
1043 sd
->erase_start
= req
.arg
;
1051 case 33: /* CMD33: ERASE_WR_BLK_END */
1052 switch (sd
->state
) {
1053 case sd_transfer_state
:
1054 sd
->erase_end
= req
.arg
;
1062 case 38: /* CMD38: ERASE */
1063 switch (sd
->state
) {
1064 case sd_transfer_state
:
1065 if (sd
->csd
[14] & 0x30) {
1066 sd
->card_status
|= WP_VIOLATION
;
1070 sd
->state
= sd_programming_state
;
1072 /* Bzzzzzzztt .... Operation complete. */
1073 sd
->state
= sd_transfer_state
;
1081 /* Lock card commands (Class 7) */
1082 case 42: /* CMD42: LOCK_UNLOCK */
1084 goto unimplemented_cmd
;
1085 switch (sd
->state
) {
1086 case sd_transfer_state
:
1087 sd
->state
= sd_receivingdata_state
;
1089 sd
->data_offset
= 0;
1097 /* Application specific commands (Class 8) */
1098 case 55: /* CMD55: APP_CMD */
1102 sd
->card_status
|= APP_CMD
;
1105 case 56: /* CMD56: GEN_CMD */
1106 fprintf(stderr
, "SD: GEN_CMD 0x%08x\n", req
.arg
);
1108 switch (sd
->state
) {
1109 case sd_transfer_state
:
1110 sd
->data_offset
= 0;
1112 sd
->state
= sd_sendingdata_state
;
1114 sd
->state
= sd_receivingdata_state
;
1124 sd
->card_status
|= ILLEGAL_COMMAND
;
1126 fprintf(stderr
, "SD: Unknown CMD%i\n", req
.cmd
);
1130 /* Commands that are recognised but not yet implemented in SPI mode. */
1131 sd
->card_status
|= ILLEGAL_COMMAND
;
1132 fprintf(stderr
, "SD: CMD%i not implemented in SPI mode\n", req
.cmd
);
1136 sd
->card_status
|= ILLEGAL_COMMAND
;
1137 fprintf(stderr
, "SD: CMD%i in a wrong state\n", req
.cmd
);
1141 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1145 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
1146 rca
= req
.arg
>> 16;
1148 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1150 case 6: /* ACMD6: SET_BUS_WIDTH */
1151 switch (sd
->state
) {
1152 case sd_transfer_state
:
1153 sd
->sd_status
[0] &= 0x3f;
1154 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1162 case 13: /* ACMD13: SD_STATUS */
1163 switch (sd
->state
) {
1164 case sd_transfer_state
:
1166 sd
->data_offset
= 0;
1174 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1175 switch (sd
->state
) {
1176 case sd_transfer_state
:
1177 *(uint32_t *) sd
->data
= sd
->blk_written
;
1180 sd
->data_offset
= 0;
1188 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1189 switch (sd
->state
) {
1190 case sd_transfer_state
:
1198 case 41: /* ACMD41: SD_APP_OP_COND */
1201 sd
->state
= sd_transfer_state
;
1204 switch (sd
->state
) {
1206 /* We accept any voltage. 10000 V is nothing. */
1208 sd
->state
= sd_ready_state
;
1217 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1218 switch (sd
->state
) {
1219 case sd_transfer_state
:
1220 /* Bringing in the 50KOhm pull-up resistor... Done. */
1228 case 51: /* ACMD51: SEND_SCR */
1229 switch (sd
->state
) {
1230 case sd_transfer_state
:
1231 sd
->state
= sd_sendingdata_state
;
1233 sd
->data_offset
= 0;
1242 /* Fall back to standard commands. */
1243 sd
->card_status
&= ~APP_CMD
;
1244 return sd_normal_command(sd
, req
);
1247 fprintf(stderr
, "SD: ACMD%i in a wrong state\n", req
.cmd
);
1251 int sd_do_command(SDState
*sd
, SDRequest
*req
,
1252 uint8_t *response
) {
1253 uint32_t last_status
= sd
->card_status
;
1254 sd_rsp_type_t rtype
;
1257 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
) {
1261 if (sd_req_crc_validate(req
)) {
1262 sd
->card_status
&= ~COM_CRC_ERROR
;
1266 sd
->card_status
&= ~CARD_STATUS_B
;
1269 if (last_status
& CARD_IS_LOCKED
)
1270 if (((last_status
& APP_CMD
) &&
1272 (!(last_status
& APP_CMD
) &&
1273 (sd_cmd_class
[req
->cmd
] == 0 ||
1274 sd_cmd_class
[req
->cmd
] == 7 ||
1275 req
->cmd
== 16 || req
->cmd
== 55))) {
1276 sd
->card_status
|= ILLEGAL_COMMAND
;
1277 fprintf(stderr
, "SD: Card is locked\n");
1281 if (last_status
& APP_CMD
) {
1282 rtype
= sd_app_command(sd
, *req
);
1283 sd
->card_status
&= ~APP_CMD
;
1285 rtype
= sd_normal_command(sd
, *req
);
1287 sd
->current_cmd
= req
->cmd
;
1292 sd_response_r1_make(sd
, response
, last_status
);
1297 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1302 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1307 sd_response_r3_make(sd
, response
);
1312 sd_response_r6_make(sd
, response
);
1317 sd_response_r7_make(sd
, response
);
1327 if (sd
->card_status
& ILLEGAL_COMMAND
)
1333 DPRINTF("Response:");
1334 for (i
= 0; i
< rsplen
; i
++)
1335 printf(" %02x", response
[i
]);
1336 printf(" state %d\n", sd
->state
);
1338 DPRINTF("No response %d\n", sd
->state
);
1345 static void sd_blk_read(SDState
*sd
, uint64_t addr
, uint32_t len
)
1347 uint64_t end
= addr
+ len
;
1349 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1350 (unsigned long long) addr
, len
);
1351 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1352 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1356 if (end
> (addr
& ~511) + 512) {
1357 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), 512 - (addr
& 511));
1359 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1360 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1363 memcpy(sd
->data
+ 512 - (addr
& 511), sd
->buf
, end
& 511);
1365 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), len
);
1368 static void sd_blk_write(SDState
*sd
, uint64_t addr
, uint32_t len
)
1370 uint64_t end
= addr
+ len
;
1372 if ((addr
& 511) || len
< 512)
1373 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1374 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1378 if (end
> (addr
& ~511) + 512) {
1379 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, 512 - (addr
& 511));
1380 if (bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1381 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1385 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1386 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1389 memcpy(sd
->buf
, sd
->data
+ 512 - (addr
& 511), end
& 511);
1390 if (bdrv_write(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1)
1391 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1393 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, len
);
1394 if (!sd
->bdrv
|| bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1)
1395 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1399 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1400 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1401 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1402 #define APP_WRITE_BLOCK(a, len)
1404 void sd_write_data(SDState
*sd
, uint8_t value
)
1408 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1411 if (sd
->state
!= sd_receivingdata_state
) {
1412 fprintf(stderr
, "sd_write_data: not in Receiving-Data state\n");
1416 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1419 switch (sd
->current_cmd
) {
1420 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1421 sd
->data
[sd
->data_offset
++] = value
;
1422 if (sd
->data_offset
>= sd
->blk_len
) {
1423 /* TODO: Check CRC before committing */
1424 sd
->state
= sd_programming_state
;
1425 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1427 sd
->csd
[14] |= 0x40;
1428 /* Bzzzzzzztt .... Operation complete. */
1429 sd
->state
= sd_transfer_state
;
1433 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1434 sd
->data
[sd
->data_offset
++] = value
;
1435 if (sd
->data_offset
>= sd
->blk_len
) {
1436 /* TODO: Check CRC before committing */
1437 sd
->state
= sd_programming_state
;
1438 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1440 sd
->data_start
+= sd
->blk_len
;
1441 sd
->data_offset
= 0;
1442 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1443 sd
->card_status
|= ADDRESS_ERROR
;
1446 if (sd_wp_addr(sd
, sd
->data_start
)) {
1447 sd
->card_status
|= WP_VIOLATION
;
1450 sd
->csd
[14] |= 0x40;
1452 /* Bzzzzzzztt .... Operation complete. */
1453 sd
->state
= sd_receivingdata_state
;
1457 case 26: /* CMD26: PROGRAM_CID */
1458 sd
->data
[sd
->data_offset
++] = value
;
1459 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1460 /* TODO: Check CRC before committing */
1461 sd
->state
= sd_programming_state
;
1462 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1463 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1464 sd
->card_status
|= CID_CSD_OVERWRITE
;
1466 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1467 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1469 sd
->cid
[i
] &= sd
->data
[i
];
1471 /* Bzzzzzzztt .... Operation complete. */
1472 sd
->state
= sd_transfer_state
;
1476 case 27: /* CMD27: PROGRAM_CSD */
1477 sd
->data
[sd
->data_offset
++] = value
;
1478 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1479 /* TODO: Check CRC before committing */
1480 sd
->state
= sd_programming_state
;
1481 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1482 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1483 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1484 sd
->card_status
|= CID_CSD_OVERWRITE
;
1486 /* Copy flag (OTP) & Permanent write protect */
1487 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1488 sd
->card_status
|= CID_CSD_OVERWRITE
;
1490 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1491 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1492 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1493 sd
->csd
[i
] &= sd
->data
[i
];
1495 /* Bzzzzzzztt .... Operation complete. */
1496 sd
->state
= sd_transfer_state
;
1500 case 42: /* CMD42: LOCK_UNLOCK */
1501 sd
->data
[sd
->data_offset
++] = value
;
1502 if (sd
->data_offset
>= sd
->blk_len
) {
1503 /* TODO: Check CRC before committing */
1504 sd
->state
= sd_programming_state
;
1505 sd_lock_command(sd
);
1506 /* Bzzzzzzztt .... Operation complete. */
1507 sd
->state
= sd_transfer_state
;
1511 case 56: /* CMD56: GEN_CMD */
1512 sd
->data
[sd
->data_offset
++] = value
;
1513 if (sd
->data_offset
>= sd
->blk_len
) {
1514 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1515 sd
->state
= sd_transfer_state
;
1520 fprintf(stderr
, "sd_write_data: unknown command\n");
1525 uint8_t sd_read_data(SDState
*sd
)
1527 /* TODO: Append CRCs */
1531 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1534 if (sd
->state
!= sd_sendingdata_state
) {
1535 fprintf(stderr
, "sd_read_data: not in Sending-Data state\n");
1539 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1542 io_len
= (sd
->ocr
& (1 << 30)) ? 512 : sd
->blk_len
;
1544 switch (sd
->current_cmd
) {
1545 case 6: /* CMD6: SWITCH_FUNCTION */
1546 ret
= sd
->data
[sd
->data_offset
++];
1548 if (sd
->data_offset
>= 64)
1549 sd
->state
= sd_transfer_state
;
1552 case 9: /* CMD9: SEND_CSD */
1553 case 10: /* CMD10: SEND_CID */
1554 ret
= sd
->data
[sd
->data_offset
++];
1556 if (sd
->data_offset
>= 16)
1557 sd
->state
= sd_transfer_state
;
1560 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1561 if (sd
->data_offset
== 0)
1562 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1563 ret
= sd
->data
[sd
->data_offset
++];
1565 if (sd
->data_offset
>= io_len
) {
1566 sd
->data_start
+= io_len
;
1567 sd
->data_offset
= 0;
1568 if (sd
->data_start
+ io_len
> sd
->size
) {
1569 sd
->card_status
|= ADDRESS_ERROR
;
1575 case 13: /* ACMD13: SD_STATUS */
1576 ret
= sd
->sd_status
[sd
->data_offset
++];
1578 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1579 sd
->state
= sd_transfer_state
;
1582 case 17: /* CMD17: READ_SINGLE_BLOCK */
1583 if (sd
->data_offset
== 0)
1584 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1585 ret
= sd
->data
[sd
->data_offset
++];
1587 if (sd
->data_offset
>= io_len
)
1588 sd
->state
= sd_transfer_state
;
1591 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1592 if (sd
->data_offset
== 0)
1593 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1594 ret
= sd
->data
[sd
->data_offset
++];
1596 if (sd
->data_offset
>= io_len
) {
1597 sd
->data_start
+= io_len
;
1598 sd
->data_offset
= 0;
1599 if (sd
->data_start
+ io_len
> sd
->size
) {
1600 sd
->card_status
|= ADDRESS_ERROR
;
1606 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1607 ret
= sd
->data
[sd
->data_offset
++];
1609 if (sd
->data_offset
>= 4)
1610 sd
->state
= sd_transfer_state
;
1613 case 30: /* CMD30: SEND_WRITE_PROT */
1614 ret
= sd
->data
[sd
->data_offset
++];
1616 if (sd
->data_offset
>= 4)
1617 sd
->state
= sd_transfer_state
;
1620 case 51: /* ACMD51: SEND_SCR */
1621 ret
= sd
->scr
[sd
->data_offset
++];
1623 if (sd
->data_offset
>= sizeof(sd
->scr
))
1624 sd
->state
= sd_transfer_state
;
1627 case 56: /* CMD56: GEN_CMD */
1628 if (sd
->data_offset
== 0)
1629 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1630 ret
= sd
->data
[sd
->data_offset
++];
1632 if (sd
->data_offset
>= sd
->blk_len
)
1633 sd
->state
= sd_transfer_state
;
1637 fprintf(stderr
, "sd_read_data: unknown command\n");
1644 int sd_data_ready(SDState
*sd
)
1646 return sd
->state
== sd_sendingdata_state
;
1649 void sd_enable(SDState
*sd
, int enable
)
1651 sd
->enable
= enable
;