2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "block_int.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
47 sd_r0
= 0, /* no response */
48 sd_r1
, /* normal response command */
49 sd_r2_i
, /* CID register */
50 sd_r2_s
, /* CSD register */
51 sd_r3
, /* OCR register */
52 sd_r6
= 6, /* Published RCA response */
53 sd_r7
, /* Operating voltage */
60 sd_card_identification_mode
,
61 sd_data_transfer_mode
,
64 sd_inactive_state
= -1,
67 sd_identification_state
,
71 sd_receivingdata_state
,
81 uint8_t sd_status
[64];
91 int function_group
[6];
100 qemu_irq inserted_cb
;
101 BlockDriverState
*bdrv
;
107 static void sd_set_status(SDState
*sd
)
110 case sd_inactive_state
:
111 sd
->mode
= sd_inactive
;
116 case sd_identification_state
:
117 sd
->mode
= sd_card_identification_mode
;
120 case sd_standby_state
:
121 case sd_transfer_state
:
122 case sd_sendingdata_state
:
123 case sd_receivingdata_state
:
124 case sd_programming_state
:
125 case sd_disconnect_state
:
126 sd
->mode
= sd_data_transfer_mode
;
130 sd
->card_status
&= ~CURRENT_STATE
;
131 sd
->card_status
|= sd
->state
<< 9;
134 static const sd_cmd_type_t sd_cmd_type
[64] = {
135 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
136 sd_bcr
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
137 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
138 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
139 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
140 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
142 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
145 static const sd_cmd_type_t sd_acmd_type
[64] = {
146 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
147 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
148 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
149 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
150 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
151 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
152 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
153 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
156 static const int sd_cmd_class
[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
163 static uint8_t sd_crc7(void *message
, size_t width
)
166 uint8_t shift_reg
= 0x00;
167 uint8_t *msg
= (uint8_t *) message
;
169 for (i
= 0; i
< width
; i
++, msg
++)
170 for (bit
= 7; bit
>= 0; bit
--) {
172 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
179 static uint16_t sd_crc16(void *message
, size_t width
)
182 uint16_t shift_reg
= 0x0000;
183 uint16_t *msg
= (uint16_t *) message
;
186 for (i
= 0; i
< width
; i
++, msg
++)
187 for (bit
= 15; bit
>= 0; bit
--) {
189 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
196 static void sd_set_ocr(SDState
*sd
)
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd
->ocr
= 0x80ffff00;
202 static void sd_set_scr(SDState
*sd
)
204 sd
->scr
[0] = 0x00; /* SCR Structure */
205 sd
->scr
[1] = 0x2f; /* SD Security Support */
221 static void sd_set_cid(SDState
*sd
)
223 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
224 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
226 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
231 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
232 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
236 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR
- 2000) / 10);
238 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
239 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248 static const uint8_t sd_csd_rw_mask
[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
253 static void sd_set_csd(SDState
*sd
, uint64_t size
)
255 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
256 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
257 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
259 if (size
<= 0x40000000) { /* Standard Capacity SD */
260 sd
->csd
[0] = 0x00; /* CSD structure */
261 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
262 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
263 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
264 sd
->csd
[4] = 0x5f; /* Card Command Classes */
265 sd
->csd
[5] = 0x50 | /* Max. read data block length */
267 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize
>> 10) & 0x03);
269 sd
->csd
[7] = 0x00 | /* Device size */
270 ((csize
>> 2) & 0xff);
271 sd
->csd
[8] = 0x3f | /* Max. read current */
272 ((csize
<< 6) & 0xc0);
273 sd
->csd
[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT
- 2) >> 1);
275 sd
->csd
[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
277 sd
->csd
[11] = 0x00 | /* Write protect group size */
278 ((sectsize
<< 7) & 0x80) | wpsize
;
279 sd
->csd
[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT
>> 2);
281 sd
->csd
[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
283 sd
->csd
[14] = 0x00; /* File format group */
284 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
295 sd
->csd
[7] = (size
>> 16) & 0xff;
296 sd
->csd
[8] = (size
>> 8) & 0xff;
297 sd
->csd
[9] = (size
& 0xff);
304 sd
->ocr
|= 1 << 30; /* High Capacity SD Memort Card */
308 static void sd_set_rca(SDState
*sd
)
313 #define CARD_STATUS_A 0x02004100
314 #define CARD_STATUS_B 0x00c01e00
315 #define CARD_STATUS_C 0xfd39a028
317 static void sd_set_cardstatus(SDState
*sd
)
319 sd
->card_status
= 0x00000100;
322 static void sd_set_sdstatus(SDState
*sd
)
324 memset(sd
->sd_status
, 0, 64);
327 static int sd_req_crc_validate(SDRequest
*req
)
330 buffer
[0] = 0x40 | req
->cmd
;
331 buffer
[1] = (req
->arg
>> 24) & 0xff;
332 buffer
[2] = (req
->arg
>> 16) & 0xff;
333 buffer
[3] = (req
->arg
>> 8) & 0xff;
334 buffer
[4] = (req
->arg
>> 0) & 0xff;
336 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
339 static void sd_response_r1_make(SDState
*sd
,
340 uint8_t *response
, uint32_t last_status
)
342 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
345 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
346 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
348 response
[0] = (status
>> 24) & 0xff;
349 response
[1] = (status
>> 16) & 0xff;
350 response
[2] = (status
>> 8) & 0xff;
351 response
[3] = (status
>> 0) & 0xff;
354 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
356 response
[0] = (sd
->ocr
>> 24) & 0xff;
357 response
[1] = (sd
->ocr
>> 16) & 0xff;
358 response
[2] = (sd
->ocr
>> 8) & 0xff;
359 response
[3] = (sd
->ocr
>> 0) & 0xff;
362 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
368 status
= ((sd
->card_status
>> 8) & 0xc000) |
369 ((sd
->card_status
>> 6) & 0x2000) |
370 (sd
->card_status
& 0x1fff);
372 response
[0] = (arg
>> 8) & 0xff;
373 response
[1] = arg
& 0xff;
374 response
[2] = (status
>> 8) & 0xff;
375 response
[3] = status
& 0xff;
378 static void sd_response_r7_make(SDState
*sd
, uint8_t *response
)
380 response
[0] = (sd
->vhs
>> 24) & 0xff;
381 response
[1] = (sd
->vhs
>> 16) & 0xff;
382 response
[2] = (sd
->vhs
>> 8) & 0xff;
383 response
[3] = (sd
->vhs
>> 0) & 0xff;
386 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
392 bdrv_get_geometry(bdrv
, §
);
398 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
400 sd
->state
= sd_idle_state
;
405 sd_set_csd(sd
, size
);
406 sd_set_cardstatus(sd
);
412 qemu_free(sd
->wp_groups
);
413 sd
->wp_switch
= bdrv
? bdrv_is_read_only(bdrv
) : 0;
414 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
415 memset(sd
->function_group
, 0, sizeof(int) * 6);
423 static void sd_cardchange(void *opaque
, int reason
)
425 SDState
*sd
= opaque
;
427 if (!(reason
& CHANGE_MEDIA
)) {
431 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
432 if (bdrv_is_inserted(sd
->bdrv
)) {
433 sd_reset(sd
, sd
->bdrv
);
434 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
438 /* We do not model the chip select pin, so allow the board to select
439 whether card should be in SSI or MMC/SD mode. It is also up to the
440 board to ensure that ssi transfers only occur when the chip select
442 SDState
*sd_init(BlockDriverState
*bs
, int is_spi
)
446 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
447 sd
->buf
= qemu_blockalign(bs
, 512);
452 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
457 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
459 sd
->readonly_cb
= readonly
;
460 sd
->inserted_cb
= insert
;
461 qemu_set_irq(readonly
, sd
->bdrv
? bdrv_is_read_only(sd
->bdrv
) : 0);
462 qemu_set_irq(insert
, sd
->bdrv
? bdrv_is_inserted(sd
->bdrv
) : 0);
465 static void sd_erase(SDState
*sd
)
468 if (!sd
->erase_start
|| !sd
->erase_end
) {
469 sd
->card_status
|= ERASE_SEQ_ERROR
;
473 start
= sd
->erase_start
>>
474 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
475 end
= sd
->erase_end
>>
476 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
481 for (i
= start
; i
<= end
; i
++)
482 if (sd
->wp_groups
[i
])
483 sd
->card_status
|= WP_ERASE_SKIP
;
486 static uint32_t sd_wpbits(SDState
*sd
, uint64_t addr
)
491 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
493 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
494 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
500 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
502 int i
, mode
, new_func
, crc
;
503 mode
= !!(arg
& 0x80000000);
505 sd
->data
[0] = 0x00; /* Maximum current consumption */
507 sd
->data
[2] = 0x80; /* Supported group 6 functions */
509 sd
->data
[4] = 0x80; /* Supported group 5 functions */
511 sd
->data
[6] = 0x80; /* Supported group 4 functions */
513 sd
->data
[8] = 0x80; /* Supported group 3 functions */
515 sd
->data
[10] = 0x80; /* Supported group 2 functions */
517 sd
->data
[12] = 0x80; /* Supported group 1 functions */
519 for (i
= 0; i
< 6; i
++) {
520 new_func
= (arg
>> (i
* 4)) & 0x0f;
521 if (mode
&& new_func
!= 0x0f)
522 sd
->function_group
[i
] = new_func
;
523 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
525 memset(&sd
->data
[17], 0, 47);
526 crc
= sd_crc16(sd
->data
, 64);
527 sd
->data
[65] = crc
>> 8;
528 sd
->data
[66] = crc
& 0xff;
531 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
533 return sd
->wp_groups
[addr
>>
534 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
537 static void sd_lock_command(SDState
*sd
)
539 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
540 erase
= !!(sd
->data
[0] & 0x08);
541 lock
= sd
->data
[0] & 0x04;
542 clr_pwd
= sd
->data
[0] & 0x02;
543 set_pwd
= sd
->data
[0] & 0x01;
546 pwd_len
= sd
->data
[1];
551 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
552 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
553 (sd
->csd
[14] & 0x20)) {
554 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
557 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
558 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
559 sd
->csd
[14] &= ~0x10;
560 sd
->card_status
&= ~CARD_IS_LOCKED
;
562 /* Erasing the entire card here! */
563 fprintf(stderr
, "SD: Card force-erased by CMD42\n");
567 if (sd
->blk_len
< 2 + pwd_len
||
568 pwd_len
<= sd
->pwd_len
||
569 pwd_len
> sd
->pwd_len
+ 16) {
570 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
574 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
575 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
579 pwd_len
-= sd
->pwd_len
;
580 if ((pwd_len
&& !set_pwd
) ||
581 (clr_pwd
&& (set_pwd
|| lock
)) ||
582 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
583 (!set_pwd
&& !clr_pwd
&&
584 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
585 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
586 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
591 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
592 sd
->pwd_len
= pwd_len
;
600 sd
->card_status
|= CARD_IS_LOCKED
;
602 sd
->card_status
&= ~CARD_IS_LOCKED
;
605 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
608 uint32_t rca
= 0x0000;
609 uint64_t addr
= (sd
->ocr
& (1 << 30)) ? (uint64_t) req
.arg
<< 9 : req
.arg
;
611 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
614 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
616 /* Basic commands (Class 0 and Class 1) */
617 case 0: /* CMD0: GO_IDLE_STATE */
619 case sd_inactive_state
:
620 return sd
->spi
? sd_r1
: sd_r0
;
623 sd
->state
= sd_idle_state
;
624 sd_reset(sd
, sd
->bdrv
);
625 return sd
->spi
? sd_r1
: sd_r0
;
629 case 1: /* CMD1: SEND_OP_CMD */
633 sd
->state
= sd_transfer_state
;
636 case 2: /* CMD2: ALL_SEND_CID */
641 sd
->state
= sd_identification_state
;
649 case 3: /* CMD3: SEND_RELATIVE_ADDR */
653 case sd_identification_state
:
654 case sd_standby_state
:
655 sd
->state
= sd_standby_state
;
664 case 4: /* CMD4: SEND_DSR */
668 case sd_standby_state
:
676 case 5: /* CMD5: reserved for SDIO cards */
677 sd
->card_status
|= ILLEGAL_COMMAND
;
680 case 6: /* CMD6: SWITCH_FUNCTION */
684 case sd_data_transfer_mode
:
685 sd_function_switch(sd
, req
.arg
);
686 sd
->state
= sd_sendingdata_state
;
696 case 7: /* CMD7: SELECT/DESELECT_CARD */
700 case sd_standby_state
:
704 sd
->state
= sd_transfer_state
;
707 case sd_transfer_state
:
708 case sd_sendingdata_state
:
712 sd
->state
= sd_standby_state
;
715 case sd_disconnect_state
:
719 sd
->state
= sd_programming_state
;
722 case sd_programming_state
:
726 sd
->state
= sd_disconnect_state
;
734 case 8: /* CMD8: SEND_IF_COND */
735 /* Physical Layer Specification Version 2.00 command */
740 /* No response if not exactly one VHS bit is set. */
741 if (!(req
.arg
>> 8) || (req
.arg
>> ffs(req
.arg
& ~0xff)))
742 return sd
->spi
? sd_r7
: sd_r0
;
753 case 9: /* CMD9: SEND_CSD */
755 case sd_standby_state
:
761 case sd_transfer_state
:
764 sd
->state
= sd_sendingdata_state
;
765 memcpy(sd
->data
, sd
->csd
, 16);
766 sd
->data_start
= addr
;
775 case 10: /* CMD10: SEND_CID */
777 case sd_standby_state
:
783 case sd_transfer_state
:
786 sd
->state
= sd_sendingdata_state
;
787 memcpy(sd
->data
, sd
->cid
, 16);
788 sd
->data_start
= addr
;
797 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
801 case sd_transfer_state
:
802 sd
->state
= sd_sendingdata_state
;
803 sd
->data_start
= req
.arg
;
806 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
807 sd
->card_status
|= ADDRESS_ERROR
;
815 case 12: /* CMD12: STOP_TRANSMISSION */
817 case sd_sendingdata_state
:
818 sd
->state
= sd_transfer_state
;
821 case sd_receivingdata_state
:
822 sd
->state
= sd_programming_state
;
823 /* Bzzzzzzztt .... Operation complete. */
824 sd
->state
= sd_transfer_state
;
832 case 13: /* CMD13: SEND_STATUS */
834 case sd_data_transfer_mode
:
845 case 15: /* CMD15: GO_INACTIVE_STATE */
849 case sd_data_transfer_mode
:
853 sd
->state
= sd_inactive_state
;
861 /* Block read commands (Classs 2) */
862 case 16: /* CMD16: SET_BLOCKLEN */
864 case sd_transfer_state
:
865 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
866 sd
->card_status
|= BLOCK_LEN_ERROR
;
868 sd
->blk_len
= req
.arg
;
877 case 17: /* CMD17: READ_SINGLE_BLOCK */
879 case sd_transfer_state
:
880 sd
->state
= sd_sendingdata_state
;
881 sd
->data_start
= addr
;
884 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
885 sd
->card_status
|= ADDRESS_ERROR
;
893 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
895 case sd_transfer_state
:
896 sd
->state
= sd_sendingdata_state
;
897 sd
->data_start
= addr
;
900 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
901 sd
->card_status
|= ADDRESS_ERROR
;
909 /* Block write commands (Class 4) */
910 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
912 goto unimplemented_cmd
;
914 case sd_transfer_state
:
915 /* Writing in SPI mode not implemented. */
918 sd
->state
= sd_receivingdata_state
;
919 sd
->data_start
= addr
;
923 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
924 sd
->card_status
|= ADDRESS_ERROR
;
925 if (sd_wp_addr(sd
, sd
->data_start
))
926 sd
->card_status
|= WP_VIOLATION
;
927 if (sd
->csd
[14] & 0x30)
928 sd
->card_status
|= WP_VIOLATION
;
936 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
938 goto unimplemented_cmd
;
940 case sd_transfer_state
:
941 /* Writing in SPI mode not implemented. */
944 sd
->state
= sd_receivingdata_state
;
945 sd
->data_start
= addr
;
949 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
950 sd
->card_status
|= ADDRESS_ERROR
;
951 if (sd_wp_addr(sd
, sd
->data_start
))
952 sd
->card_status
|= WP_VIOLATION
;
953 if (sd
->csd
[14] & 0x30)
954 sd
->card_status
|= WP_VIOLATION
;
962 case 26: /* CMD26: PROGRAM_CID */
966 case sd_transfer_state
:
967 sd
->state
= sd_receivingdata_state
;
977 case 27: /* CMD27: PROGRAM_CSD */
979 goto unimplemented_cmd
;
981 case sd_transfer_state
:
982 sd
->state
= sd_receivingdata_state
;
992 /* Write protection (Class 6) */
993 case 28: /* CMD28: SET_WRITE_PROT */
995 case sd_transfer_state
:
996 if (addr
>= sd
->size
) {
997 sd
->card_status
= ADDRESS_ERROR
;
1001 sd
->state
= sd_programming_state
;
1002 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
1003 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
1004 /* Bzzzzzzztt .... Operation complete. */
1005 sd
->state
= sd_transfer_state
;
1013 case 29: /* CMD29: CLR_WRITE_PROT */
1014 switch (sd
->state
) {
1015 case sd_transfer_state
:
1016 if (addr
>= sd
->size
) {
1017 sd
->card_status
= ADDRESS_ERROR
;
1021 sd
->state
= sd_programming_state
;
1022 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
1023 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
1024 /* Bzzzzzzztt .... Operation complete. */
1025 sd
->state
= sd_transfer_state
;
1033 case 30: /* CMD30: SEND_WRITE_PROT */
1034 switch (sd
->state
) {
1035 case sd_transfer_state
:
1036 sd
->state
= sd_sendingdata_state
;
1037 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
1038 sd
->data_start
= addr
;
1039 sd
->data_offset
= 0;
1047 /* Erase commands (Class 5) */
1048 case 32: /* CMD32: ERASE_WR_BLK_START */
1049 switch (sd
->state
) {
1050 case sd_transfer_state
:
1051 sd
->erase_start
= req
.arg
;
1059 case 33: /* CMD33: ERASE_WR_BLK_END */
1060 switch (sd
->state
) {
1061 case sd_transfer_state
:
1062 sd
->erase_end
= req
.arg
;
1070 case 38: /* CMD38: ERASE */
1071 switch (sd
->state
) {
1072 case sd_transfer_state
:
1073 if (sd
->csd
[14] & 0x30) {
1074 sd
->card_status
|= WP_VIOLATION
;
1078 sd
->state
= sd_programming_state
;
1080 /* Bzzzzzzztt .... Operation complete. */
1081 sd
->state
= sd_transfer_state
;
1089 /* Lock card commands (Class 7) */
1090 case 42: /* CMD42: LOCK_UNLOCK */
1092 goto unimplemented_cmd
;
1093 switch (sd
->state
) {
1094 case sd_transfer_state
:
1095 sd
->state
= sd_receivingdata_state
;
1097 sd
->data_offset
= 0;
1107 /* CMD52, CMD53: reserved for SDIO cards
1108 * (see the SDIO Simplified Specification V2.0)
1109 * Handle as illegal command but do not complain
1110 * on stderr, as some OSes may use these in their
1111 * probing for presence of an SDIO card.
1113 sd
->card_status
|= ILLEGAL_COMMAND
;
1116 /* Application specific commands (Class 8) */
1117 case 55: /* CMD55: APP_CMD */
1121 sd
->card_status
|= APP_CMD
;
1124 case 56: /* CMD56: GEN_CMD */
1125 fprintf(stderr
, "SD: GEN_CMD 0x%08x\n", req
.arg
);
1127 switch (sd
->state
) {
1128 case sd_transfer_state
:
1129 sd
->data_offset
= 0;
1131 sd
->state
= sd_sendingdata_state
;
1133 sd
->state
= sd_receivingdata_state
;
1143 sd
->card_status
|= ILLEGAL_COMMAND
;
1145 fprintf(stderr
, "SD: Unknown CMD%i\n", req
.cmd
);
1149 /* Commands that are recognised but not yet implemented in SPI mode. */
1150 sd
->card_status
|= ILLEGAL_COMMAND
;
1151 fprintf(stderr
, "SD: CMD%i not implemented in SPI mode\n", req
.cmd
);
1155 sd
->card_status
|= ILLEGAL_COMMAND
;
1156 fprintf(stderr
, "SD: CMD%i in a wrong state\n", req
.cmd
);
1160 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1163 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd
->state
) {
1167 case sd_transfer_state
:
1168 sd
->sd_status
[0] &= 0x3f;
1169 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd
->state
) {
1179 case sd_transfer_state
:
1180 sd
->state
= sd_sendingdata_state
;
1182 sd
->data_offset
= 0;
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd
->state
) {
1192 case sd_transfer_state
:
1193 *(uint32_t *) sd
->data
= sd
->blk_written
;
1195 sd
->state
= sd_sendingdata_state
;
1197 sd
->data_offset
= 0;
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd
->state
) {
1207 case sd_transfer_state
:
1215 case 41: /* ACMD41: SD_APP_OP_COND */
1218 sd
->state
= sd_transfer_state
;
1221 switch (sd
->state
) {
1223 /* We accept any voltage. 10000 V is nothing. */
1225 sd
->state
= sd_ready_state
;
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd
->state
) {
1236 case sd_transfer_state
:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd
->state
) {
1247 case sd_transfer_state
:
1248 sd
->state
= sd_sendingdata_state
;
1250 sd
->data_offset
= 0;
1259 /* Fall back to standard commands. */
1260 sd
->card_status
&= ~APP_CMD
;
1261 return sd_normal_command(sd
, req
);
1264 fprintf(stderr
, "SD: ACMD%i in a wrong state\n", req
.cmd
);
1268 int sd_do_command(SDState
*sd
, SDRequest
*req
,
1269 uint8_t *response
) {
1270 uint32_t last_status
= sd
->card_status
;
1271 sd_rsp_type_t rtype
;
1274 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
) {
1278 if (sd_req_crc_validate(req
)) {
1279 sd
->card_status
&= ~COM_CRC_ERROR
;
1283 sd
->card_status
&= ~CARD_STATUS_B
;
1286 if (last_status
& CARD_IS_LOCKED
)
1287 if (((last_status
& APP_CMD
) &&
1289 (!(last_status
& APP_CMD
) &&
1290 (sd_cmd_class
[req
->cmd
] == 0 ||
1291 sd_cmd_class
[req
->cmd
] == 7 ||
1292 req
->cmd
== 16 || req
->cmd
== 55))) {
1293 sd
->card_status
|= ILLEGAL_COMMAND
;
1294 fprintf(stderr
, "SD: Card is locked\n");
1298 if (last_status
& APP_CMD
) {
1299 rtype
= sd_app_command(sd
, *req
);
1300 sd
->card_status
&= ~APP_CMD
;
1302 rtype
= sd_normal_command(sd
, *req
);
1304 sd
->current_cmd
= req
->cmd
;
1309 sd_response_r1_make(sd
, response
, last_status
);
1314 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1319 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1324 sd_response_r3_make(sd
, response
);
1329 sd_response_r6_make(sd
, response
);
1334 sd_response_r7_make(sd
, response
);
1344 if (sd
->card_status
& ILLEGAL_COMMAND
)
1350 DPRINTF("Response:");
1351 for (i
= 0; i
< rsplen
; i
++)
1352 printf(" %02x", response
[i
]);
1353 printf(" state %d\n", sd
->state
);
1355 DPRINTF("No response %d\n", sd
->state
);
1362 static void sd_blk_read(SDState
*sd
, uint64_t addr
, uint32_t len
)
1364 uint64_t end
= addr
+ len
;
1366 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1367 (unsigned long long) addr
, len
);
1368 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1369 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1373 if (end
> (addr
& ~511) + 512) {
1374 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), 512 - (addr
& 511));
1376 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1377 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1380 memcpy(sd
->data
+ 512 - (addr
& 511), sd
->buf
, end
& 511);
1382 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), len
);
1385 static void sd_blk_write(SDState
*sd
, uint64_t addr
, uint32_t len
)
1387 uint64_t end
= addr
+ len
;
1389 if ((addr
& 511) || len
< 512)
1390 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1391 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1395 if (end
> (addr
& ~511) + 512) {
1396 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, 512 - (addr
& 511));
1397 if (bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1398 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1402 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1403 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1406 memcpy(sd
->buf
, sd
->data
+ 512 - (addr
& 511), end
& 511);
1407 if (bdrv_write(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1)
1408 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1410 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, len
);
1411 if (!sd
->bdrv
|| bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1)
1412 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1416 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1417 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1418 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1419 #define APP_WRITE_BLOCK(a, len)
1421 void sd_write_data(SDState
*sd
, uint8_t value
)
1425 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1428 if (sd
->state
!= sd_receivingdata_state
) {
1429 fprintf(stderr
, "sd_write_data: not in Receiving-Data state\n");
1433 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1436 switch (sd
->current_cmd
) {
1437 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1438 sd
->data
[sd
->data_offset
++] = value
;
1439 if (sd
->data_offset
>= sd
->blk_len
) {
1440 /* TODO: Check CRC before committing */
1441 sd
->state
= sd_programming_state
;
1442 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1444 sd
->csd
[14] |= 0x40;
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd
->state
= sd_transfer_state
;
1450 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1451 if (sd
->data_offset
== 0) {
1452 /* Start of the block - lets check the address is valid */
1453 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1454 sd
->card_status
|= ADDRESS_ERROR
;
1457 if (sd_wp_addr(sd
, sd
->data_start
)) {
1458 sd
->card_status
|= WP_VIOLATION
;
1462 sd
->data
[sd
->data_offset
++] = value
;
1463 if (sd
->data_offset
>= sd
->blk_len
) {
1464 /* TODO: Check CRC before committing */
1465 sd
->state
= sd_programming_state
;
1466 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1468 sd
->data_start
+= sd
->blk_len
;
1469 sd
->data_offset
= 0;
1470 sd
->csd
[14] |= 0x40;
1472 /* Bzzzzzzztt .... Operation complete. */
1473 sd
->state
= sd_receivingdata_state
;
1477 case 26: /* CMD26: PROGRAM_CID */
1478 sd
->data
[sd
->data_offset
++] = value
;
1479 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1480 /* TODO: Check CRC before committing */
1481 sd
->state
= sd_programming_state
;
1482 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1483 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1484 sd
->card_status
|= CID_CSD_OVERWRITE
;
1486 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1487 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1489 sd
->cid
[i
] &= sd
->data
[i
];
1491 /* Bzzzzzzztt .... Operation complete. */
1492 sd
->state
= sd_transfer_state
;
1496 case 27: /* CMD27: PROGRAM_CSD */
1497 sd
->data
[sd
->data_offset
++] = value
;
1498 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1499 /* TODO: Check CRC before committing */
1500 sd
->state
= sd_programming_state
;
1501 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1502 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1503 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1504 sd
->card_status
|= CID_CSD_OVERWRITE
;
1506 /* Copy flag (OTP) & Permanent write protect */
1507 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1508 sd
->card_status
|= CID_CSD_OVERWRITE
;
1510 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1511 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1512 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1513 sd
->csd
[i
] &= sd
->data
[i
];
1515 /* Bzzzzzzztt .... Operation complete. */
1516 sd
->state
= sd_transfer_state
;
1520 case 42: /* CMD42: LOCK_UNLOCK */
1521 sd
->data
[sd
->data_offset
++] = value
;
1522 if (sd
->data_offset
>= sd
->blk_len
) {
1523 /* TODO: Check CRC before committing */
1524 sd
->state
= sd_programming_state
;
1525 sd_lock_command(sd
);
1526 /* Bzzzzzzztt .... Operation complete. */
1527 sd
->state
= sd_transfer_state
;
1531 case 56: /* CMD56: GEN_CMD */
1532 sd
->data
[sd
->data_offset
++] = value
;
1533 if (sd
->data_offset
>= sd
->blk_len
) {
1534 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1535 sd
->state
= sd_transfer_state
;
1540 fprintf(stderr
, "sd_write_data: unknown command\n");
1545 uint8_t sd_read_data(SDState
*sd
)
1547 /* TODO: Append CRCs */
1551 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1554 if (sd
->state
!= sd_sendingdata_state
) {
1555 fprintf(stderr
, "sd_read_data: not in Sending-Data state\n");
1559 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1562 io_len
= (sd
->ocr
& (1 << 30)) ? 512 : sd
->blk_len
;
1564 switch (sd
->current_cmd
) {
1565 case 6: /* CMD6: SWITCH_FUNCTION */
1566 ret
= sd
->data
[sd
->data_offset
++];
1568 if (sd
->data_offset
>= 64)
1569 sd
->state
= sd_transfer_state
;
1572 case 9: /* CMD9: SEND_CSD */
1573 case 10: /* CMD10: SEND_CID */
1574 ret
= sd
->data
[sd
->data_offset
++];
1576 if (sd
->data_offset
>= 16)
1577 sd
->state
= sd_transfer_state
;
1580 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1581 if (sd
->data_offset
== 0)
1582 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1583 ret
= sd
->data
[sd
->data_offset
++];
1585 if (sd
->data_offset
>= io_len
) {
1586 sd
->data_start
+= io_len
;
1587 sd
->data_offset
= 0;
1588 if (sd
->data_start
+ io_len
> sd
->size
) {
1589 sd
->card_status
|= ADDRESS_ERROR
;
1595 case 13: /* ACMD13: SD_STATUS */
1596 ret
= sd
->sd_status
[sd
->data_offset
++];
1598 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1599 sd
->state
= sd_transfer_state
;
1602 case 17: /* CMD17: READ_SINGLE_BLOCK */
1603 if (sd
->data_offset
== 0)
1604 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1605 ret
= sd
->data
[sd
->data_offset
++];
1607 if (sd
->data_offset
>= io_len
)
1608 sd
->state
= sd_transfer_state
;
1611 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1612 if (sd
->data_offset
== 0)
1613 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1614 ret
= sd
->data
[sd
->data_offset
++];
1616 if (sd
->data_offset
>= io_len
) {
1617 sd
->data_start
+= io_len
;
1618 sd
->data_offset
= 0;
1619 if (sd
->data_start
+ io_len
> sd
->size
) {
1620 sd
->card_status
|= ADDRESS_ERROR
;
1626 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1627 ret
= sd
->data
[sd
->data_offset
++];
1629 if (sd
->data_offset
>= 4)
1630 sd
->state
= sd_transfer_state
;
1633 case 30: /* CMD30: SEND_WRITE_PROT */
1634 ret
= sd
->data
[sd
->data_offset
++];
1636 if (sd
->data_offset
>= 4)
1637 sd
->state
= sd_transfer_state
;
1640 case 51: /* ACMD51: SEND_SCR */
1641 ret
= sd
->scr
[sd
->data_offset
++];
1643 if (sd
->data_offset
>= sizeof(sd
->scr
))
1644 sd
->state
= sd_transfer_state
;
1647 case 56: /* CMD56: GEN_CMD */
1648 if (sd
->data_offset
== 0)
1649 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1650 ret
= sd
->data
[sd
->data_offset
++];
1652 if (sd
->data_offset
>= sd
->blk_len
)
1653 sd
->state
= sd_transfer_state
;
1657 fprintf(stderr
, "sd_read_data: unknown command\n");
1664 int sd_data_ready(SDState
*sd
)
1666 return sd
->state
== sd_sendingdata_state
;
1669 void sd_enable(SDState
*sd
, int enable
)
1671 sd
->enable
= enable
;