2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #define DPRINTF(fmt, ...) do {} while(0)
46 sd_r0
= 0, /* no response */
47 sd_r1
, /* normal response command */
48 sd_r2_i
, /* CID register */
49 sd_r2_s
, /* CSD register */
50 sd_r3
, /* OCR register */
51 sd_r6
= 6, /* Published RCA response */
52 sd_r7
, /* Operating voltage */
60 sd_card_identification_mode
,
61 sd_data_transfer_mode
,
64 sd_inactive_state
= -1,
67 sd_identification_state
,
71 sd_receivingdata_state
,
81 uint8_t sd_status
[64];
91 int function_group
[6];
100 qemu_irq inserted_cb
;
101 BlockDriverState
*bdrv
;
107 static void sd_set_status(SDState
*sd
)
110 case sd_inactive_state
:
111 sd
->mode
= sd_inactive
;
116 case sd_identification_state
:
117 sd
->mode
= sd_card_identification_mode
;
120 case sd_standby_state
:
121 case sd_transfer_state
:
122 case sd_sendingdata_state
:
123 case sd_receivingdata_state
:
124 case sd_programming_state
:
125 case sd_disconnect_state
:
126 sd
->mode
= sd_data_transfer_mode
;
130 sd
->card_status
&= ~CURRENT_STATE
;
131 sd
->card_status
|= sd
->state
<< 9;
134 static const sd_cmd_type_t sd_cmd_type
[64] = {
135 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
136 sd_bcr
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
137 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
138 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
139 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
140 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
142 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
145 static const sd_cmd_type_t sd_acmd_type
[64] = {
146 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
147 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
148 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
149 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
150 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
151 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
152 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
153 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
156 static const int sd_cmd_class
[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
163 static uint8_t sd_crc7(void *message
, size_t width
)
166 uint8_t shift_reg
= 0x00;
167 uint8_t *msg
= (uint8_t *) message
;
169 for (i
= 0; i
< width
; i
++, msg
++)
170 for (bit
= 7; bit
>= 0; bit
--) {
172 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
179 static uint16_t sd_crc16(void *message
, size_t width
)
182 uint16_t shift_reg
= 0x0000;
183 uint16_t *msg
= (uint16_t *) message
;
186 for (i
= 0; i
< width
; i
++, msg
++)
187 for (bit
= 15; bit
>= 0; bit
--) {
189 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
196 static void sd_set_ocr(SDState
*sd
)
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd
->ocr
= 0x80ffff00;
202 static void sd_set_scr(SDState
*sd
)
204 sd
->scr
[0] = 0x00; /* SCR Structure */
205 sd
->scr
[1] = 0x2f; /* SD Security Support */
221 static void sd_set_cid(SDState
*sd
)
223 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
224 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
226 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
231 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
232 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
236 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR
- 2000) / 10);
238 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
239 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248 static const uint8_t sd_csd_rw_mask
[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
253 static void sd_set_csd(SDState
*sd
, uint64_t size
)
255 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
256 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
257 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
259 if (size
<= 0x40000000) { /* Standard Capacity SD */
260 sd
->csd
[0] = 0x00; /* CSD structure */
261 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
262 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
263 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
264 sd
->csd
[4] = 0x5f; /* Card Command Classes */
265 sd
->csd
[5] = 0x50 | /* Max. read data block length */
267 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize
>> 10) & 0x03);
269 sd
->csd
[7] = 0x00 | /* Device size */
270 ((csize
>> 2) & 0xff);
271 sd
->csd
[8] = 0x3f | /* Max. read current */
272 ((csize
<< 6) & 0xc0);
273 sd
->csd
[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT
- 2) >> 1);
275 sd
->csd
[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
277 sd
->csd
[11] = 0x00 | /* Write protect group size */
278 ((sectsize
<< 7) & 0x80) | wpsize
;
279 sd
->csd
[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT
>> 2);
281 sd
->csd
[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
283 sd
->csd
[14] = 0x00; /* File format group */
284 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
295 sd
->csd
[7] = (size
>> 16) & 0xff;
296 sd
->csd
[8] = (size
>> 8) & 0xff;
297 sd
->csd
[9] = (size
& 0xff);
304 sd
->ocr
|= 1 << 30; /* High Capacity SD Memort Card */
308 static void sd_set_rca(SDState
*sd
)
313 /* Card status bits, split by clear condition:
314 * A : According to the card current state
315 * B : Always related to the previous command
316 * C : Cleared by read
318 #define CARD_STATUS_A 0x02004100
319 #define CARD_STATUS_B 0x00c01e00
320 #define CARD_STATUS_C 0xfd39a028
322 static void sd_set_cardstatus(SDState
*sd
)
324 sd
->card_status
= 0x00000100;
327 static void sd_set_sdstatus(SDState
*sd
)
329 memset(sd
->sd_status
, 0, 64);
332 static int sd_req_crc_validate(SDRequest
*req
)
335 buffer
[0] = 0x40 | req
->cmd
;
336 buffer
[1] = (req
->arg
>> 24) & 0xff;
337 buffer
[2] = (req
->arg
>> 16) & 0xff;
338 buffer
[3] = (req
->arg
>> 8) & 0xff;
339 buffer
[4] = (req
->arg
>> 0) & 0xff;
341 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
344 static void sd_response_r1_make(SDState
*sd
,
345 uint8_t *response
, uint32_t last_status
)
347 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
350 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
351 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
353 response
[0] = (status
>> 24) & 0xff;
354 response
[1] = (status
>> 16) & 0xff;
355 response
[2] = (status
>> 8) & 0xff;
356 response
[3] = (status
>> 0) & 0xff;
359 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
361 response
[0] = (sd
->ocr
>> 24) & 0xff;
362 response
[1] = (sd
->ocr
>> 16) & 0xff;
363 response
[2] = (sd
->ocr
>> 8) & 0xff;
364 response
[3] = (sd
->ocr
>> 0) & 0xff;
367 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
373 status
= ((sd
->card_status
>> 8) & 0xc000) |
374 ((sd
->card_status
>> 6) & 0x2000) |
375 (sd
->card_status
& 0x1fff);
377 response
[0] = (arg
>> 8) & 0xff;
378 response
[1] = arg
& 0xff;
379 response
[2] = (status
>> 8) & 0xff;
380 response
[3] = status
& 0xff;
383 static void sd_response_r7_make(SDState
*sd
, uint8_t *response
)
385 response
[0] = (sd
->vhs
>> 24) & 0xff;
386 response
[1] = (sd
->vhs
>> 16) & 0xff;
387 response
[2] = (sd
->vhs
>> 8) & 0xff;
388 response
[3] = (sd
->vhs
>> 0) & 0xff;
391 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
397 bdrv_get_geometry(bdrv
, §
);
403 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
405 sd
->state
= sd_idle_state
;
410 sd_set_csd(sd
, size
);
411 sd_set_cardstatus(sd
);
417 g_free(sd
->wp_groups
);
418 sd
->wp_switch
= bdrv
? bdrv_is_read_only(bdrv
) : 0;
419 sd
->wp_groups
= (int *) g_malloc0(sizeof(int) * sect
);
420 memset(sd
->function_group
, 0, sizeof(int) * 6);
428 static void sd_cardchange(void *opaque
, bool load
)
430 SDState
*sd
= opaque
;
432 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
433 if (bdrv_is_inserted(sd
->bdrv
)) {
434 sd_reset(sd
, sd
->bdrv
);
435 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
439 static const BlockDevOps sd_block_ops
= {
440 .change_media_cb
= sd_cardchange
,
443 /* We do not model the chip select pin, so allow the board to select
444 whether card should be in SSI or MMC/SD mode. It is also up to the
445 board to ensure that ssi transfers only occur when the chip select
447 SDState
*sd_init(BlockDriverState
*bs
, int is_spi
)
451 sd
= (SDState
*) g_malloc0(sizeof(SDState
));
452 sd
->buf
= qemu_blockalign(bs
, 512);
457 bdrv_attach_dev_nofail(sd
->bdrv
, sd
);
458 bdrv_set_dev_ops(sd
->bdrv
, &sd_block_ops
, sd
);
463 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
465 sd
->readonly_cb
= readonly
;
466 sd
->inserted_cb
= insert
;
467 qemu_set_irq(readonly
, sd
->bdrv
? bdrv_is_read_only(sd
->bdrv
) : 0);
468 qemu_set_irq(insert
, sd
->bdrv
? bdrv_is_inserted(sd
->bdrv
) : 0);
471 static void sd_erase(SDState
*sd
)
474 if (!sd
->erase_start
|| !sd
->erase_end
) {
475 sd
->card_status
|= ERASE_SEQ_ERROR
;
479 start
= sd
->erase_start
>>
480 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
481 end
= sd
->erase_end
>>
482 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
487 for (i
= start
; i
<= end
; i
++)
488 if (sd
->wp_groups
[i
])
489 sd
->card_status
|= WP_ERASE_SKIP
;
492 static uint32_t sd_wpbits(SDState
*sd
, uint64_t addr
)
497 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
499 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
500 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
506 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
508 int i
, mode
, new_func
, crc
;
509 mode
= !!(arg
& 0x80000000);
511 sd
->data
[0] = 0x00; /* Maximum current consumption */
513 sd
->data
[2] = 0x80; /* Supported group 6 functions */
515 sd
->data
[4] = 0x80; /* Supported group 5 functions */
517 sd
->data
[6] = 0x80; /* Supported group 4 functions */
519 sd
->data
[8] = 0x80; /* Supported group 3 functions */
521 sd
->data
[10] = 0x80; /* Supported group 2 functions */
523 sd
->data
[12] = 0x80; /* Supported group 1 functions */
525 for (i
= 0; i
< 6; i
++) {
526 new_func
= (arg
>> (i
* 4)) & 0x0f;
527 if (mode
&& new_func
!= 0x0f)
528 sd
->function_group
[i
] = new_func
;
529 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
531 memset(&sd
->data
[17], 0, 47);
532 crc
= sd_crc16(sd
->data
, 64);
533 sd
->data
[65] = crc
>> 8;
534 sd
->data
[66] = crc
& 0xff;
537 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
539 return sd
->wp_groups
[addr
>>
540 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
543 static void sd_lock_command(SDState
*sd
)
545 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
546 erase
= !!(sd
->data
[0] & 0x08);
547 lock
= sd
->data
[0] & 0x04;
548 clr_pwd
= sd
->data
[0] & 0x02;
549 set_pwd
= sd
->data
[0] & 0x01;
552 pwd_len
= sd
->data
[1];
557 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
558 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
559 (sd
->csd
[14] & 0x20)) {
560 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
563 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
564 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
565 sd
->csd
[14] &= ~0x10;
566 sd
->card_status
&= ~CARD_IS_LOCKED
;
568 /* Erasing the entire card here! */
569 fprintf(stderr
, "SD: Card force-erased by CMD42\n");
573 if (sd
->blk_len
< 2 + pwd_len
||
574 pwd_len
<= sd
->pwd_len
||
575 pwd_len
> sd
->pwd_len
+ 16) {
576 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
580 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
581 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
585 pwd_len
-= sd
->pwd_len
;
586 if ((pwd_len
&& !set_pwd
) ||
587 (clr_pwd
&& (set_pwd
|| lock
)) ||
588 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
589 (!set_pwd
&& !clr_pwd
&&
590 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
591 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
592 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
597 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
598 sd
->pwd_len
= pwd_len
;
606 sd
->card_status
|= CARD_IS_LOCKED
;
608 sd
->card_status
&= ~CARD_IS_LOCKED
;
611 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
614 uint32_t rca
= 0x0000;
615 uint64_t addr
= (sd
->ocr
& (1 << 30)) ? (uint64_t) req
.arg
<< 9 : req
.arg
;
617 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
620 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
622 /* Basic commands (Class 0 and Class 1) */
623 case 0: /* CMD0: GO_IDLE_STATE */
625 case sd_inactive_state
:
626 return sd
->spi
? sd_r1
: sd_r0
;
629 sd
->state
= sd_idle_state
;
630 sd_reset(sd
, sd
->bdrv
);
631 return sd
->spi
? sd_r1
: sd_r0
;
635 case 1: /* CMD1: SEND_OP_CMD */
639 sd
->state
= sd_transfer_state
;
642 case 2: /* CMD2: ALL_SEND_CID */
647 sd
->state
= sd_identification_state
;
655 case 3: /* CMD3: SEND_RELATIVE_ADDR */
659 case sd_identification_state
:
660 case sd_standby_state
:
661 sd
->state
= sd_standby_state
;
670 case 4: /* CMD4: SEND_DSR */
674 case sd_standby_state
:
682 case 5: /* CMD5: reserved for SDIO cards */
685 case 6: /* CMD6: SWITCH_FUNCTION */
689 case sd_data_transfer_mode
:
690 sd_function_switch(sd
, req
.arg
);
691 sd
->state
= sd_sendingdata_state
;
701 case 7: /* CMD7: SELECT/DESELECT_CARD */
705 case sd_standby_state
:
709 sd
->state
= sd_transfer_state
;
712 case sd_transfer_state
:
713 case sd_sendingdata_state
:
717 sd
->state
= sd_standby_state
;
720 case sd_disconnect_state
:
724 sd
->state
= sd_programming_state
;
727 case sd_programming_state
:
731 sd
->state
= sd_disconnect_state
;
739 case 8: /* CMD8: SEND_IF_COND */
740 /* Physical Layer Specification Version 2.00 command */
745 /* No response if not exactly one VHS bit is set. */
746 if (!(req
.arg
>> 8) || (req
.arg
>> ffs(req
.arg
& ~0xff)))
747 return sd
->spi
? sd_r7
: sd_r0
;
758 case 9: /* CMD9: SEND_CSD */
760 case sd_standby_state
:
766 case sd_transfer_state
:
769 sd
->state
= sd_sendingdata_state
;
770 memcpy(sd
->data
, sd
->csd
, 16);
771 sd
->data_start
= addr
;
780 case 10: /* CMD10: SEND_CID */
782 case sd_standby_state
:
788 case sd_transfer_state
:
791 sd
->state
= sd_sendingdata_state
;
792 memcpy(sd
->data
, sd
->cid
, 16);
793 sd
->data_start
= addr
;
802 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
806 case sd_transfer_state
:
807 sd
->state
= sd_sendingdata_state
;
808 sd
->data_start
= req
.arg
;
811 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
812 sd
->card_status
|= ADDRESS_ERROR
;
820 case 12: /* CMD12: STOP_TRANSMISSION */
822 case sd_sendingdata_state
:
823 sd
->state
= sd_transfer_state
;
826 case sd_receivingdata_state
:
827 sd
->state
= sd_programming_state
;
828 /* Bzzzzzzztt .... Operation complete. */
829 sd
->state
= sd_transfer_state
;
837 case 13: /* CMD13: SEND_STATUS */
839 case sd_data_transfer_mode
:
850 case 15: /* CMD15: GO_INACTIVE_STATE */
854 case sd_data_transfer_mode
:
858 sd
->state
= sd_inactive_state
;
866 /* Block read commands (Classs 2) */
867 case 16: /* CMD16: SET_BLOCKLEN */
869 case sd_transfer_state
:
870 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
871 sd
->card_status
|= BLOCK_LEN_ERROR
;
873 sd
->blk_len
= req
.arg
;
882 case 17: /* CMD17: READ_SINGLE_BLOCK */
884 case sd_transfer_state
:
885 sd
->state
= sd_sendingdata_state
;
886 sd
->data_start
= addr
;
889 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
890 sd
->card_status
|= ADDRESS_ERROR
;
898 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
900 case sd_transfer_state
:
901 sd
->state
= sd_sendingdata_state
;
902 sd
->data_start
= addr
;
905 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
906 sd
->card_status
|= ADDRESS_ERROR
;
914 /* Block write commands (Class 4) */
915 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
917 goto unimplemented_cmd
;
919 case sd_transfer_state
:
920 /* Writing in SPI mode not implemented. */
923 sd
->state
= sd_receivingdata_state
;
924 sd
->data_start
= addr
;
928 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
929 sd
->card_status
|= ADDRESS_ERROR
;
930 if (sd_wp_addr(sd
, sd
->data_start
))
931 sd
->card_status
|= WP_VIOLATION
;
932 if (sd
->csd
[14] & 0x30)
933 sd
->card_status
|= WP_VIOLATION
;
941 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
943 goto unimplemented_cmd
;
945 case sd_transfer_state
:
946 /* Writing in SPI mode not implemented. */
949 sd
->state
= sd_receivingdata_state
;
950 sd
->data_start
= addr
;
954 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
955 sd
->card_status
|= ADDRESS_ERROR
;
956 if (sd_wp_addr(sd
, sd
->data_start
))
957 sd
->card_status
|= WP_VIOLATION
;
958 if (sd
->csd
[14] & 0x30)
959 sd
->card_status
|= WP_VIOLATION
;
967 case 26: /* CMD26: PROGRAM_CID */
971 case sd_transfer_state
:
972 sd
->state
= sd_receivingdata_state
;
982 case 27: /* CMD27: PROGRAM_CSD */
984 goto unimplemented_cmd
;
986 case sd_transfer_state
:
987 sd
->state
= sd_receivingdata_state
;
997 /* Write protection (Class 6) */
998 case 28: /* CMD28: SET_WRITE_PROT */
1000 case sd_transfer_state
:
1001 if (addr
>= sd
->size
) {
1002 sd
->card_status
|= ADDRESS_ERROR
;
1006 sd
->state
= sd_programming_state
;
1007 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
1008 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
1009 /* Bzzzzzzztt .... Operation complete. */
1010 sd
->state
= sd_transfer_state
;
1018 case 29: /* CMD29: CLR_WRITE_PROT */
1019 switch (sd
->state
) {
1020 case sd_transfer_state
:
1021 if (addr
>= sd
->size
) {
1022 sd
->card_status
|= ADDRESS_ERROR
;
1026 sd
->state
= sd_programming_state
;
1027 sd
->wp_groups
[addr
>> (HWBLOCK_SHIFT
+
1028 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
1029 /* Bzzzzzzztt .... Operation complete. */
1030 sd
->state
= sd_transfer_state
;
1038 case 30: /* CMD30: SEND_WRITE_PROT */
1039 switch (sd
->state
) {
1040 case sd_transfer_state
:
1041 sd
->state
= sd_sendingdata_state
;
1042 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
1043 sd
->data_start
= addr
;
1044 sd
->data_offset
= 0;
1052 /* Erase commands (Class 5) */
1053 case 32: /* CMD32: ERASE_WR_BLK_START */
1054 switch (sd
->state
) {
1055 case sd_transfer_state
:
1056 sd
->erase_start
= req
.arg
;
1064 case 33: /* CMD33: ERASE_WR_BLK_END */
1065 switch (sd
->state
) {
1066 case sd_transfer_state
:
1067 sd
->erase_end
= req
.arg
;
1075 case 38: /* CMD38: ERASE */
1076 switch (sd
->state
) {
1077 case sd_transfer_state
:
1078 if (sd
->csd
[14] & 0x30) {
1079 sd
->card_status
|= WP_VIOLATION
;
1083 sd
->state
= sd_programming_state
;
1085 /* Bzzzzzzztt .... Operation complete. */
1086 sd
->state
= sd_transfer_state
;
1094 /* Lock card commands (Class 7) */
1095 case 42: /* CMD42: LOCK_UNLOCK */
1097 goto unimplemented_cmd
;
1098 switch (sd
->state
) {
1099 case sd_transfer_state
:
1100 sd
->state
= sd_receivingdata_state
;
1102 sd
->data_offset
= 0;
1112 /* CMD52, CMD53: reserved for SDIO cards
1113 * (see the SDIO Simplified Specification V2.0)
1114 * Handle as illegal command but do not complain
1115 * on stderr, as some OSes may use these in their
1116 * probing for presence of an SDIO card.
1120 /* Application specific commands (Class 8) */
1121 case 55: /* CMD55: APP_CMD */
1125 sd
->card_status
|= APP_CMD
;
1128 case 56: /* CMD56: GEN_CMD */
1129 fprintf(stderr
, "SD: GEN_CMD 0x%08x\n", req
.arg
);
1131 switch (sd
->state
) {
1132 case sd_transfer_state
:
1133 sd
->data_offset
= 0;
1135 sd
->state
= sd_sendingdata_state
;
1137 sd
->state
= sd_receivingdata_state
;
1147 fprintf(stderr
, "SD: Unknown CMD%i\n", req
.cmd
);
1151 /* Commands that are recognised but not yet implemented in SPI mode. */
1152 fprintf(stderr
, "SD: CMD%i not implemented in SPI mode\n", req
.cmd
);
1156 fprintf(stderr
, "SD: CMD%i in a wrong state\n", req
.cmd
);
1160 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1163 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd
->state
) {
1167 case sd_transfer_state
:
1168 sd
->sd_status
[0] &= 0x3f;
1169 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd
->state
) {
1179 case sd_transfer_state
:
1180 sd
->state
= sd_sendingdata_state
;
1182 sd
->data_offset
= 0;
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd
->state
) {
1192 case sd_transfer_state
:
1193 *(uint32_t *) sd
->data
= sd
->blk_written
;
1195 sd
->state
= sd_sendingdata_state
;
1197 sd
->data_offset
= 0;
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd
->state
) {
1207 case sd_transfer_state
:
1215 case 41: /* ACMD41: SD_APP_OP_COND */
1218 sd
->state
= sd_transfer_state
;
1221 switch (sd
->state
) {
1223 /* We accept any voltage. 10000 V is nothing. */
1225 sd
->state
= sd_ready_state
;
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd
->state
) {
1236 case sd_transfer_state
:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd
->state
) {
1247 case sd_transfer_state
:
1248 sd
->state
= sd_sendingdata_state
;
1250 sd
->data_offset
= 0;
1259 /* Fall back to standard commands. */
1260 sd
->card_status
&= ~APP_CMD
;
1261 return sd_normal_command(sd
, req
);
1264 fprintf(stderr
, "SD: ACMD%i in a wrong state\n", req
.cmd
);
1268 static int cmd_valid_while_locked(SDState
*sd
, SDRequest
*req
)
1270 /* Valid commands in locked state:
1272 * lock card class (7)
1274 * implicitly, the ACMD prefix CMD55
1276 * Anything else provokes an "illegal command" response.
1278 if (sd
->card_status
& APP_CMD
) {
1279 return req
->cmd
== 41 || req
->cmd
== 42;
1281 if (req
->cmd
== 16 || req
->cmd
== 55) {
1284 return sd_cmd_class
[req
->cmd
] == 0 || sd_cmd_class
[req
->cmd
] == 7;
1287 int sd_do_command(SDState
*sd
, SDRequest
*req
,
1288 uint8_t *response
) {
1289 uint32_t last_status
= sd
->card_status
;
1290 sd_rsp_type_t rtype
;
1293 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
) {
1297 if (sd_req_crc_validate(req
)) {
1298 sd
->card_status
|= COM_CRC_ERROR
;
1302 sd
->card_status
&= ~CARD_STATUS_B
;
1305 if (last_status
& CARD_IS_LOCKED
) {
1306 if (!cmd_valid_while_locked(sd
, req
)) {
1307 sd
->card_status
|= ILLEGAL_COMMAND
;
1308 fprintf(stderr
, "SD: Card is locked\n");
1313 if (last_status
& APP_CMD
) {
1314 rtype
= sd_app_command(sd
, *req
);
1315 sd
->card_status
&= ~APP_CMD
;
1317 rtype
= sd_normal_command(sd
, *req
);
1319 if (rtype
== sd_illegal
) {
1320 sd
->card_status
|= ILLEGAL_COMMAND
;
1323 sd
->current_cmd
= req
->cmd
;
1328 sd_response_r1_make(sd
, response
, last_status
);
1333 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1338 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1343 sd_response_r3_make(sd
, response
);
1348 sd_response_r6_make(sd
, response
);
1353 sd_response_r7_make(sd
, response
);
1367 DPRINTF("Response:");
1368 for (i
= 0; i
< rsplen
; i
++)
1369 printf(" %02x", response
[i
]);
1370 printf(" state %d\n", sd
->state
);
1372 DPRINTF("No response %d\n", sd
->state
);
1379 static void sd_blk_read(SDState
*sd
, uint64_t addr
, uint32_t len
)
1381 uint64_t end
= addr
+ len
;
1383 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1384 (unsigned long long) addr
, len
);
1385 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1386 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1390 if (end
> (addr
& ~511) + 512) {
1391 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), 512 - (addr
& 511));
1393 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1394 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1397 memcpy(sd
->data
+ 512 - (addr
& 511), sd
->buf
, end
& 511);
1399 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), len
);
1402 static void sd_blk_write(SDState
*sd
, uint64_t addr
, uint32_t len
)
1404 uint64_t end
= addr
+ len
;
1406 if ((addr
& 511) || len
< 512)
1407 if (!sd
->bdrv
|| bdrv_read(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1408 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1412 if (end
> (addr
& ~511) + 512) {
1413 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, 512 - (addr
& 511));
1414 if (bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1) {
1415 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1419 if (bdrv_read(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1) {
1420 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1423 memcpy(sd
->buf
, sd
->data
+ 512 - (addr
& 511), end
& 511);
1424 if (bdrv_write(sd
->bdrv
, end
>> 9, sd
->buf
, 1) == -1)
1425 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1427 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, len
);
1428 if (!sd
->bdrv
|| bdrv_write(sd
->bdrv
, addr
>> 9, sd
->buf
, 1) == -1)
1429 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1433 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1434 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1435 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1436 #define APP_WRITE_BLOCK(a, len)
1438 void sd_write_data(SDState
*sd
, uint8_t value
)
1442 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1445 if (sd
->state
!= sd_receivingdata_state
) {
1446 fprintf(stderr
, "sd_write_data: not in Receiving-Data state\n");
1450 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1453 switch (sd
->current_cmd
) {
1454 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1455 sd
->data
[sd
->data_offset
++] = value
;
1456 if (sd
->data_offset
>= sd
->blk_len
) {
1457 /* TODO: Check CRC before committing */
1458 sd
->state
= sd_programming_state
;
1459 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1461 sd
->csd
[14] |= 0x40;
1462 /* Bzzzzzzztt .... Operation complete. */
1463 sd
->state
= sd_transfer_state
;
1467 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1468 if (sd
->data_offset
== 0) {
1469 /* Start of the block - lets check the address is valid */
1470 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1471 sd
->card_status
|= ADDRESS_ERROR
;
1474 if (sd_wp_addr(sd
, sd
->data_start
)) {
1475 sd
->card_status
|= WP_VIOLATION
;
1479 sd
->data
[sd
->data_offset
++] = value
;
1480 if (sd
->data_offset
>= sd
->blk_len
) {
1481 /* TODO: Check CRC before committing */
1482 sd
->state
= sd_programming_state
;
1483 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1485 sd
->data_start
+= sd
->blk_len
;
1486 sd
->data_offset
= 0;
1487 sd
->csd
[14] |= 0x40;
1489 /* Bzzzzzzztt .... Operation complete. */
1490 sd
->state
= sd_receivingdata_state
;
1494 case 26: /* CMD26: PROGRAM_CID */
1495 sd
->data
[sd
->data_offset
++] = value
;
1496 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1497 /* TODO: Check CRC before committing */
1498 sd
->state
= sd_programming_state
;
1499 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1500 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1501 sd
->card_status
|= CID_CSD_OVERWRITE
;
1503 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1504 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1506 sd
->cid
[i
] &= sd
->data
[i
];
1508 /* Bzzzzzzztt .... Operation complete. */
1509 sd
->state
= sd_transfer_state
;
1513 case 27: /* CMD27: PROGRAM_CSD */
1514 sd
->data
[sd
->data_offset
++] = value
;
1515 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1516 /* TODO: Check CRC before committing */
1517 sd
->state
= sd_programming_state
;
1518 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1519 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1520 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1521 sd
->card_status
|= CID_CSD_OVERWRITE
;
1523 /* Copy flag (OTP) & Permanent write protect */
1524 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1525 sd
->card_status
|= CID_CSD_OVERWRITE
;
1527 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1528 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1529 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1530 sd
->csd
[i
] &= sd
->data
[i
];
1532 /* Bzzzzzzztt .... Operation complete. */
1533 sd
->state
= sd_transfer_state
;
1537 case 42: /* CMD42: LOCK_UNLOCK */
1538 sd
->data
[sd
->data_offset
++] = value
;
1539 if (sd
->data_offset
>= sd
->blk_len
) {
1540 /* TODO: Check CRC before committing */
1541 sd
->state
= sd_programming_state
;
1542 sd_lock_command(sd
);
1543 /* Bzzzzzzztt .... Operation complete. */
1544 sd
->state
= sd_transfer_state
;
1548 case 56: /* CMD56: GEN_CMD */
1549 sd
->data
[sd
->data_offset
++] = value
;
1550 if (sd
->data_offset
>= sd
->blk_len
) {
1551 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1552 sd
->state
= sd_transfer_state
;
1557 fprintf(stderr
, "sd_write_data: unknown command\n");
1562 uint8_t sd_read_data(SDState
*sd
)
1564 /* TODO: Append CRCs */
1568 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
) || !sd
->enable
)
1571 if (sd
->state
!= sd_sendingdata_state
) {
1572 fprintf(stderr
, "sd_read_data: not in Sending-Data state\n");
1576 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1579 io_len
= (sd
->ocr
& (1 << 30)) ? 512 : sd
->blk_len
;
1581 switch (sd
->current_cmd
) {
1582 case 6: /* CMD6: SWITCH_FUNCTION */
1583 ret
= sd
->data
[sd
->data_offset
++];
1585 if (sd
->data_offset
>= 64)
1586 sd
->state
= sd_transfer_state
;
1589 case 9: /* CMD9: SEND_CSD */
1590 case 10: /* CMD10: SEND_CID */
1591 ret
= sd
->data
[sd
->data_offset
++];
1593 if (sd
->data_offset
>= 16)
1594 sd
->state
= sd_transfer_state
;
1597 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1598 if (sd
->data_offset
== 0)
1599 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1600 ret
= sd
->data
[sd
->data_offset
++];
1602 if (sd
->data_offset
>= io_len
) {
1603 sd
->data_start
+= io_len
;
1604 sd
->data_offset
= 0;
1605 if (sd
->data_start
+ io_len
> sd
->size
) {
1606 sd
->card_status
|= ADDRESS_ERROR
;
1612 case 13: /* ACMD13: SD_STATUS */
1613 ret
= sd
->sd_status
[sd
->data_offset
++];
1615 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1616 sd
->state
= sd_transfer_state
;
1619 case 17: /* CMD17: READ_SINGLE_BLOCK */
1620 if (sd
->data_offset
== 0)
1621 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1622 ret
= sd
->data
[sd
->data_offset
++];
1624 if (sd
->data_offset
>= io_len
)
1625 sd
->state
= sd_transfer_state
;
1628 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1629 if (sd
->data_offset
== 0)
1630 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1631 ret
= sd
->data
[sd
->data_offset
++];
1633 if (sd
->data_offset
>= io_len
) {
1634 sd
->data_start
+= io_len
;
1635 sd
->data_offset
= 0;
1636 if (sd
->data_start
+ io_len
> sd
->size
) {
1637 sd
->card_status
|= ADDRESS_ERROR
;
1643 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1644 ret
= sd
->data
[sd
->data_offset
++];
1646 if (sd
->data_offset
>= 4)
1647 sd
->state
= sd_transfer_state
;
1650 case 30: /* CMD30: SEND_WRITE_PROT */
1651 ret
= sd
->data
[sd
->data_offset
++];
1653 if (sd
->data_offset
>= 4)
1654 sd
->state
= sd_transfer_state
;
1657 case 51: /* ACMD51: SEND_SCR */
1658 ret
= sd
->scr
[sd
->data_offset
++];
1660 if (sd
->data_offset
>= sizeof(sd
->scr
))
1661 sd
->state
= sd_transfer_state
;
1664 case 56: /* CMD56: GEN_CMD */
1665 if (sd
->data_offset
== 0)
1666 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1667 ret
= sd
->data
[sd
->data_offset
++];
1669 if (sd
->data_offset
>= sd
->blk_len
)
1670 sd
->state
= sd_transfer_state
;
1674 fprintf(stderr
, "sd_read_data: unknown command\n");
1681 int sd_data_ready(SDState
*sd
)
1683 return sd
->state
== sd_sendingdata_state
;
1686 void sd_enable(SDState
*sd
, int enable
)
1688 sd
->enable
= enable
;