2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #define DPRINTF(fmt, args...) \
38 do { printf("SD: " fmt , ##args); } while (0)
40 #define DPRINTF(fmt, args...) do {} while(0)
44 sd_r0
= 0, /* no response */
45 sd_r1
, /* normal response command */
46 sd_r2_i
, /* CID register */
47 sd_r2_s
, /* CSD register */
48 sd_r3
, /* OCR register */
49 sd_r6
= 6, /* Published RCA response */
56 sd_card_identification_mode
,
57 sd_data_transfer_mode
,
60 sd_inactive_state
= -1,
63 sd_identification_state
,
67 sd_receivingdata_state
,
77 uint8_t sd_status
[64];
86 int function_group
[6];
95 BlockDriverState
*bdrv
;
98 static void sd_set_status(SDState
*sd
)
101 case sd_inactive_state
:
102 sd
->mode
= sd_inactive
;
107 case sd_identification_state
:
108 sd
->mode
= sd_card_identification_mode
;
111 case sd_standby_state
:
112 case sd_transfer_state
:
113 case sd_sendingdata_state
:
114 case sd_receivingdata_state
:
115 case sd_programming_state
:
116 case sd_disconnect_state
:
117 sd
->mode
= sd_data_transfer_mode
;
121 sd
->card_status
&= ~CURRENT_STATE
;
122 sd
->card_status
|= sd
->state
<< 9;
125 const sd_cmd_type_t sd_cmd_type
[64] = {
126 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
127 sd_none
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
128 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
129 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
130 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
131 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
132 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
133 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
136 const sd_cmd_type_t sd_acmd_type
[64] = {
137 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
138 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
,
139 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_adtc
, sd_ac
,
140 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
141 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
142 sd_none
, sd_bcr
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
143 sd_none
, sd_none
, sd_none
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
,
144 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
147 static const int sd_cmd_class
[64] = {
148 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
149 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
150 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
151 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
154 static uint8_t sd_crc7(void *message
, size_t width
)
157 uint8_t shift_reg
= 0x00;
158 uint8_t *msg
= (uint8_t *) message
;
160 for (i
= 0; i
< width
; i
++, msg
++)
161 for (bit
= 7; bit
>= 0; bit
--) {
163 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
170 static uint16_t sd_crc16(void *message
, size_t width
)
173 uint16_t shift_reg
= 0x0000;
174 uint16_t *msg
= (uint16_t *) message
;
177 for (i
= 0; i
< width
; i
++, msg
++)
178 for (bit
= 15; bit
>= 0; bit
--) {
180 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
187 static void sd_set_ocr(SDState
*sd
)
189 sd
->ocr
= 0x80fffff0;
192 static void sd_set_scr(SDState
*sd
)
194 sd
->scr
[0] = 0x00; /* SCR Structure */
195 sd
->scr
[1] = 0x2f; /* SD Security Support */
211 static void sd_set_cid(SDState
*sd
)
213 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
214 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
216 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
221 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
222 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
226 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
227 ((MDT_YR
- 2000) / 10);
228 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
229 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
232 #define HWBLOCK_SHIFT 9 /* 512 bytes */
233 #define SECTOR_SHIFT 5 /* 16 kilobytes */
234 #define WPGROUP_SHIFT 7 /* 2 megs */
235 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
236 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
237 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
238 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
240 static const uint8_t sd_csd_rw_mask
[16] = {
241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
245 static void sd_set_csd(SDState
*sd
, uint32_t size
)
247 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
248 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
249 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
251 sd
->csd
[0] = 0x00; /* CSD structure */
252 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
253 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
254 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
255 sd
->csd
[4] = 0x5f; /* Card Command Classes */
256 sd
->csd
[5] = 0x50 | /* Max. read data block length */
258 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
259 ((csize
>> 10) & 0x03);
260 sd
->csd
[7] = 0x00 | /* Device size */
261 ((csize
>> 2) & 0xff);
262 sd
->csd
[8] = 0x3f | /* Max. read current */
263 ((csize
<< 6) & 0xc0);
264 sd
->csd
[9] = 0xfc | /* Max. write current */
265 ((CMULT_SHIFT
- 2) >> 1);
266 sd
->csd
[10] = 0x40 | /* Erase sector size */
267 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
268 sd
->csd
[11] = 0x00 | /* Write protect group size */
269 ((sectsize
<< 7) & 0x80) | wpsize
;
270 sd
->csd
[12] = 0x90 | /* Write speed factor */
271 (HWBLOCK_SHIFT
>> 2);
272 sd
->csd
[13] = 0x20 | /* Max. write data block length */
273 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
274 sd
->csd
[14] = 0x00; /* File format group */
275 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
278 static void sd_set_rca(SDState
*sd
)
283 #define CARD_STATUS_A 0x02004100
284 #define CARD_STATUS_B 0x00c01e00
285 #define CARD_STATUS_C 0xfd39a028
287 static void sd_set_cardstatus(SDState
*sd
)
289 sd
->card_status
= 0x00000100;
292 static void sd_set_sdstatus(SDState
*sd
)
294 memset(sd
->sd_status
, 0, 64);
297 static int sd_req_crc_validate(struct sd_request_s
*req
)
300 buffer
[0] = 0x40 | req
->cmd
;
301 buffer
[1] = (req
->arg
>> 24) & 0xff;
302 buffer
[2] = (req
->arg
>> 16) & 0xff;
303 buffer
[3] = (req
->arg
>> 8) & 0xff;
304 buffer
[4] = (req
->arg
>> 0) & 0xff;
306 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
309 void sd_response_r1_make(SDState
*sd
,
310 uint8_t *response
, uint32_t last_status
)
312 uint32_t mask
= CARD_STATUS_B
^ ILLEGAL_COMMAND
;
315 status
= (sd
->card_status
& ~mask
) | (last_status
& mask
);
316 sd
->card_status
&= ~CARD_STATUS_C
| APP_CMD
;
318 response
[0] = (status
>> 24) & 0xff;
319 response
[1] = (status
>> 16) & 0xff;
320 response
[2] = (status
>> 8) & 0xff;
321 response
[3] = (status
>> 0) & 0xff;
324 void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
326 response
[0] = (sd
->ocr
>> 24) & 0xff;
327 response
[1] = (sd
->ocr
>> 16) & 0xff;
328 response
[2] = (sd
->ocr
>> 8) & 0xff;
329 response
[3] = (sd
->ocr
>> 0) & 0xff;
332 void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
338 status
= ((sd
->card_status
>> 8) & 0xc000) |
339 ((sd
->card_status
>> 6) & 0x2000) |
340 (sd
->card_status
& 0x1fff);
342 response
[0] = (arg
>> 8) & 0xff;
343 response
[1] = arg
& 0xff;
344 response
[2] = (status
>> 8) & 0xff;
345 response
[3] = status
& 0xff;
348 static void sd_reset(SDState
*sd
, BlockDriverState
*bdrv
)
353 bdrv_get_geometry(bdrv
, §
);
356 if (sect
> 0x40000000)
357 size
= 0x40000000; /* 1 gig */
361 sect
= (size
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)) + 1;
363 sd
->state
= sd_idle_state
;
368 sd_set_csd(sd
, size
);
369 sd_set_cardstatus(sd
);
375 qemu_free(sd
->wp_groups
);
376 sd
->wp_switch
= bdrv_is_read_only(bdrv
);
377 sd
->wp_groups
= (int *) qemu_mallocz(sizeof(int) * sect
);
378 memset(sd
->wp_groups
, 0, sizeof(int) * sect
);
379 memset(sd
->function_group
, 0, sizeof(int) * 6);
387 static void sd_cardchange(void *opaque
)
389 SDState
*sd
= opaque
;
390 qemu_set_irq(sd
->inserted_cb
, bdrv_is_inserted(sd
->bdrv
));
391 if (bdrv_is_inserted(sd
->bdrv
)) {
392 sd_reset(sd
, sd
->bdrv
);
393 qemu_set_irq(sd
->readonly_cb
, sd
->wp_switch
);
397 SDState
*sd_init(BlockDriverState
*bs
)
401 sd
= (SDState
*) qemu_mallocz(sizeof(SDState
));
403 bdrv_set_change_cb(sd
->bdrv
, sd_cardchange
, sd
);
407 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
409 sd
->readonly_cb
= readonly
;
410 sd
->inserted_cb
= insert
;
411 qemu_set_irq(readonly
, bdrv_is_read_only(sd
->bdrv
));
412 qemu_set_irq(insert
, bdrv_is_inserted(sd
->bdrv
));
415 static void sd_erase(SDState
*sd
)
418 if (!sd
->erase_start
|| !sd
->erase_end
) {
419 sd
->card_status
|= ERASE_SEQ_ERROR
;
423 start
= sd
->erase_start
>>
424 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
425 end
= sd
->erase_end
>>
426 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
431 for (i
= start
; i
<= end
; i
++)
432 if (sd
->wp_groups
[i
])
433 sd
->card_status
|= WP_ERASE_SKIP
;
436 static uint32_t sd_wpbits(SDState
*sd
, uint32_t addr
)
441 wpnum
= addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
443 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
)
444 if (addr
< sd
->size
&& sd
->wp_groups
[wpnum
])
450 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
452 int i
, mode
, new_func
, crc
;
453 mode
= !!(arg
& 0x80000000);
455 sd
->data
[0] = 0x00; /* Maximum current consumption */
457 sd
->data
[2] = 0x80; /* Supported group 6 functions */
459 sd
->data
[4] = 0x80; /* Supported group 5 functions */
461 sd
->data
[6] = 0x80; /* Supported group 4 functions */
463 sd
->data
[8] = 0x80; /* Supported group 3 functions */
465 sd
->data
[10] = 0x80; /* Supported group 2 functions */
467 sd
->data
[12] = 0x80; /* Supported group 1 functions */
469 for (i
= 0; i
< 6; i
++) {
470 new_func
= (arg
>> (i
* 4)) & 0x0f;
471 if (mode
&& new_func
!= 0x0f)
472 sd
->function_group
[i
] = new_func
;
473 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
475 memset(&sd
->data
[17], 0, 47);
476 crc
= sd_crc16(sd
->data
, 64);
477 sd
->data
[65] = crc
>> 8;
478 sd
->data
[66] = crc
& 0xff;
481 static inline int sd_wp_addr(SDState
*sd
, uint32_t addr
)
483 return sd
->wp_groups
[addr
>>
484 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)];
487 static void sd_lock_command(SDState
*sd
)
489 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
490 erase
= !!(sd
->data
[0] & 0x08);
491 lock
= sd
->data
[0] & 0x04;
492 clr_pwd
= sd
->data
[0] & 0x02;
493 set_pwd
= sd
->data
[0] & 0x01;
496 pwd_len
= sd
->data
[1];
501 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
502 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
503 (sd
->csd
[14] & 0x20)) {
504 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
507 memset(sd
->wp_groups
, 0, sizeof(int) * (sd
->size
>>
508 (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
)));
509 sd
->csd
[14] &= ~0x10;
510 sd
->card_status
&= ~CARD_IS_LOCKED
;
512 /* Erasing the entire card here! */
513 printf("SD: Card force-erased by CMD42\n");
517 if (sd
->blk_len
< 2 + pwd_len
||
518 pwd_len
<= sd
->pwd_len
||
519 pwd_len
> sd
->pwd_len
+ 16) {
520 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
524 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
525 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
529 pwd_len
-= sd
->pwd_len
;
530 if ((pwd_len
&& !set_pwd
) ||
531 (clr_pwd
&& (set_pwd
|| lock
)) ||
532 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
533 (!set_pwd
&& !clr_pwd
&&
534 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
535 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
536 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
541 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
542 sd
->pwd_len
= pwd_len
;
550 sd
->card_status
|= CARD_IS_LOCKED
;
552 sd
->card_status
&= ~CARD_IS_LOCKED
;
555 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
556 struct sd_request_s req
)
558 uint32_t rca
= 0x0000;
560 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
563 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
565 /* Basic commands (Class 0 and Class 1) */
566 case 0: /* CMD0: GO_IDLE_STATE */
568 case sd_inactive_state
:
572 sd
->state
= sd_idle_state
;
573 sd_reset(sd
, sd
->bdrv
);
578 case 2: /* CMD2: ALL_SEND_CID */
581 sd
->state
= sd_identification_state
;
589 case 3: /* CMD3: SEND_RELATIVE_ADDR */
591 case sd_identification_state
:
592 case sd_standby_state
:
593 sd
->state
= sd_standby_state
;
602 case 4: /* CMD4: SEND_DSR */
604 case sd_standby_state
:
612 case 6: /* CMD6: SWITCH_FUNCTION */
614 case sd_data_transfer_mode
:
615 sd_function_switch(sd
, req
.arg
);
616 sd
->state
= sd_sendingdata_state
;
626 case 7: /* CMD7: SELECT/DESELECT_CARD */
628 case sd_standby_state
:
632 sd
->state
= sd_transfer_state
;
635 case sd_transfer_state
:
636 case sd_sendingdata_state
:
640 sd
->state
= sd_standby_state
;
643 case sd_disconnect_state
:
647 sd
->state
= sd_programming_state
;
650 case sd_programming_state
:
654 sd
->state
= sd_disconnect_state
;
662 case 9: /* CMD9: SEND_CSD */
664 case sd_standby_state
:
675 case 10: /* CMD10: SEND_CID */
677 case sd_standby_state
:
688 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
690 case sd_transfer_state
:
691 sd
->state
= sd_sendingdata_state
;
692 sd
->data_start
= req
.arg
;
695 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
696 sd
->card_status
|= ADDRESS_ERROR
;
704 case 12: /* CMD12: STOP_TRANSMISSION */
706 case sd_sendingdata_state
:
707 sd
->state
= sd_transfer_state
;
710 case sd_receivingdata_state
:
711 sd
->state
= sd_programming_state
;
712 /* Bzzzzzzztt .... Operation complete. */
713 sd
->state
= sd_transfer_state
;
721 case 13: /* CMD13: SEND_STATUS */
723 case sd_data_transfer_mode
:
734 case 15: /* CMD15: GO_INACTIVE_STATE */
736 case sd_data_transfer_mode
:
740 sd
->state
= sd_inactive_state
;
748 /* Block read commands (Classs 2) */
749 case 16: /* CMD16: SET_BLOCKLEN */
751 case sd_transfer_state
:
752 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
753 sd
->card_status
|= BLOCK_LEN_ERROR
;
755 sd
->blk_len
= req
.arg
;
764 case 17: /* CMD17: READ_SINGLE_BLOCK */
766 case sd_transfer_state
:
767 sd
->state
= sd_sendingdata_state
;
768 sd
->data_start
= req
.arg
;
771 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
772 sd
->card_status
|= ADDRESS_ERROR
;
780 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
782 case sd_transfer_state
:
783 sd
->state
= sd_sendingdata_state
;
784 sd
->data_start
= req
.arg
;
787 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
788 sd
->card_status
|= ADDRESS_ERROR
;
796 /* Block write commands (Class 4) */
797 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
799 case sd_transfer_state
:
800 sd
->state
= sd_receivingdata_state
;
801 sd
->data_start
= req
.arg
;
805 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
806 sd
->card_status
|= ADDRESS_ERROR
;
807 if (sd_wp_addr(sd
, sd
->data_start
))
808 sd
->card_status
|= WP_VIOLATION
;
809 if (sd
->csd
[14] & 0x30)
810 sd
->card_status
|= WP_VIOLATION
;
818 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
820 case sd_transfer_state
:
821 sd
->state
= sd_receivingdata_state
;
822 sd
->data_start
= req
.arg
;
826 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
827 sd
->card_status
|= ADDRESS_ERROR
;
828 if (sd_wp_addr(sd
, sd
->data_start
))
829 sd
->card_status
|= WP_VIOLATION
;
830 if (sd
->csd
[14] & 0x30)
831 sd
->card_status
|= WP_VIOLATION
;
839 case 26: /* CMD26: PROGRAM_CID */
841 case sd_transfer_state
:
842 sd
->state
= sd_receivingdata_state
;
852 case 27: /* CMD27: PROGRAM_CSD */
854 case sd_transfer_state
:
855 sd
->state
= sd_receivingdata_state
;
865 /* Write protection (Class 6) */
866 case 28: /* CMD28: SET_WRITE_PROT */
868 case sd_transfer_state
:
869 if (req
.arg
>= sd
->size
) {
870 sd
->card_status
= ADDRESS_ERROR
;
874 sd
->state
= sd_programming_state
;
875 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
876 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 1;
877 /* Bzzzzzzztt .... Operation complete. */
878 sd
->state
= sd_transfer_state
;
886 case 29: /* CMD29: CLR_WRITE_PROT */
888 case sd_transfer_state
:
889 if (req
.arg
>= sd
->size
) {
890 sd
->card_status
= ADDRESS_ERROR
;
894 sd
->state
= sd_programming_state
;
895 sd
->wp_groups
[req
.arg
>> (HWBLOCK_SHIFT
+
896 SECTOR_SHIFT
+ WPGROUP_SHIFT
)] = 0;
897 /* Bzzzzzzztt .... Operation complete. */
898 sd
->state
= sd_transfer_state
;
906 case 30: /* CMD30: SEND_WRITE_PROT */
908 case sd_transfer_state
:
909 sd
->state
= sd_sendingdata_state
;
910 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
911 sd
->data_start
= req
.arg
;
920 /* Erase commands (Class 5) */
921 case 32: /* CMD32: ERASE_WR_BLK_START */
923 case sd_transfer_state
:
924 sd
->erase_start
= req
.arg
;
932 case 33: /* CMD33: ERASE_WR_BLK_END */
934 case sd_transfer_state
:
935 sd
->erase_end
= req
.arg
;
943 case 38: /* CMD38: ERASE */
945 case sd_transfer_state
:
946 if (sd
->csd
[14] & 0x30) {
947 sd
->card_status
|= WP_VIOLATION
;
951 sd
->state
= sd_programming_state
;
953 /* Bzzzzzzztt .... Operation complete. */
954 sd
->state
= sd_transfer_state
;
962 /* Lock card commands (Class 7) */
963 case 42: /* CMD42: LOCK_UNLOCK */
965 case sd_transfer_state
:
966 sd
->state
= sd_receivingdata_state
;
976 /* Application specific commands (Class 8) */
977 case 55: /* CMD55: APP_CMD */
981 sd
->card_status
|= APP_CMD
;
984 case 56: /* CMD56: GEN_CMD */
985 printf("SD: GEN_CMD 0x%08x\n", req
.arg
);
988 case sd_transfer_state
:
991 sd
->state
= sd_sendingdata_state
;
993 sd
->state
= sd_receivingdata_state
;
1002 sd
->card_status
|= ILLEGAL_COMMAND
;
1004 printf("SD: Unknown CMD%i\n", req
.cmd
);
1008 sd
->card_status
|= ILLEGAL_COMMAND
;
1009 printf("SD: CMD%i in a wrong state\n", req
.cmd
);
1013 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1014 struct sd_request_s req
) {
1017 if (sd_cmd_type
[req
.cmd
] == sd_ac
|| sd_cmd_type
[req
.cmd
] == sd_adtc
)
1018 rca
= req
.arg
>> 16;
1020 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1022 case 6: /* ACMD6: SET_BUS_WIDTH */
1023 switch (sd
->state
) {
1024 case sd_transfer_state
:
1025 sd
->sd_status
[0] &= 0x3f;
1026 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1034 case 13: /* ACMD13: SD_STATUS */
1035 switch (sd
->state
) {
1036 case sd_transfer_state
:
1038 sd
->data_offset
= 0;
1046 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1047 switch (sd
->state
) {
1048 case sd_transfer_state
:
1049 *(uint32_t *) sd
->data
= sd
->blk_written
;
1052 sd
->data_offset
= 0;
1060 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1061 switch (sd
->state
) {
1062 case sd_transfer_state
:
1070 case 41: /* ACMD41: SD_APP_OP_COND */
1071 switch (sd
->state
) {
1073 /* We accept any voltage. 10000 V is nothing. */
1075 sd
->state
= sd_ready_state
;
1084 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1085 switch (sd
->state
) {
1086 case sd_transfer_state
:
1087 /* Bringing in the 50KOhm pull-up resistor... Done. */
1095 case 51: /* ACMD51: SEND_SCR */
1096 switch (sd
->state
) {
1097 case sd_transfer_state
:
1098 sd
->state
= sd_sendingdata_state
;
1100 sd
->data_offset
= 0;
1109 /* Fall back to standard commands. */
1110 sd
->card_status
&= ~APP_CMD
;
1111 return sd_normal_command(sd
, req
);
1114 printf("SD: ACMD%i in a wrong state\n", req
.cmd
);
1118 int sd_do_command(SDState
*sd
, struct sd_request_s
*req
,
1119 uint8_t *response
) {
1120 uint32_t last_status
= sd
->card_status
;
1121 sd_rsp_type_t rtype
;
1124 if (!bdrv_is_inserted(sd
->bdrv
)) {
1128 if (sd_req_crc_validate(req
)) {
1129 sd
->card_status
&= ~COM_CRC_ERROR
;
1133 sd
->card_status
&= ~CARD_STATUS_B
;
1136 if (last_status
& CARD_IS_LOCKED
)
1137 if (((last_status
& APP_CMD
) &&
1139 (!(last_status
& APP_CMD
) &&
1140 (sd_cmd_class
[req
->cmd
] == 0 ||
1141 sd_cmd_class
[req
->cmd
] == 7 ||
1142 req
->cmd
== 16 || req
->cmd
== 55))) {
1143 sd
->card_status
|= ILLEGAL_COMMAND
;
1144 printf("SD: Card is locked\n");
1148 if (last_status
& APP_CMD
) {
1149 rtype
= sd_app_command(sd
, *req
);
1150 sd
->card_status
&= ~APP_CMD
;
1152 rtype
= sd_normal_command(sd
, *req
);
1154 sd
->current_cmd
= req
->cmd
;
1159 sd_response_r1_make(sd
, response
, last_status
);
1164 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1170 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1176 sd_response_r3_make(sd
, response
);
1181 sd_response_r6_make(sd
, response
);
1191 if (sd
->card_status
& ILLEGAL_COMMAND
)
1197 DPRINTF("Response:");
1198 for (i
= 0; i
< rsplen
; i
++)
1199 printf(" %02x", response
[i
]);
1200 printf(" state %d\n", sd
->state
);
1202 DPRINTF("No response %d\n", sd
->state
);
1209 /* No real need for 64 bit addresses here */
1210 static void sd_blk_read(BlockDriverState
*bdrv
,
1211 void *data
, uint32_t addr
, uint32_t len
)
1214 uint32_t end
= addr
+ len
;
1216 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1217 printf("sd_blk_read: read error on host side\n");
1221 if (end
> (addr
& ~511) + 512) {
1222 memcpy(data
, buf
+ (addr
& 511), 512 - (addr
& 511));
1224 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1225 printf("sd_blk_read: read error on host side\n");
1228 memcpy(data
+ 512 - (addr
& 511), buf
, end
& 511);
1230 memcpy(data
, buf
+ (addr
& 511), len
);
1233 static void sd_blk_write(BlockDriverState
*bdrv
,
1234 void *data
, uint32_t addr
, uint32_t len
)
1237 uint32_t end
= addr
+ len
;
1239 if ((addr
& 511) || len
< 512)
1240 if (!bdrv
|| bdrv_read(bdrv
, addr
>> 9, buf
, 1) == -1) {
1241 printf("sd_blk_write: read error on host side\n");
1245 if (end
> (addr
& ~511) + 512) {
1246 memcpy(buf
+ (addr
& 511), data
, 512 - (addr
& 511));
1247 if (bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1) {
1248 printf("sd_blk_write: write error on host side\n");
1252 if (bdrv_read(bdrv
, end
>> 9, buf
, 1) == -1) {
1253 printf("sd_blk_write: read error on host side\n");
1256 memcpy(buf
, data
+ 512 - (addr
& 511), end
& 511);
1257 if (bdrv_write(bdrv
, end
>> 9, buf
, 1) == -1)
1258 printf("sd_blk_write: write error on host side\n");
1260 memcpy(buf
+ (addr
& 511), data
, len
);
1261 if (!bdrv
|| bdrv_write(bdrv
, addr
>> 9, buf
, 1) == -1)
1262 printf("sd_blk_write: write error on host side\n");
1266 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd->bdrv, sd->data, a, len)
1267 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd->bdrv, sd->data, a, len)
1268 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1269 #define APP_WRITE_BLOCK(a, len)
1271 void sd_write_data(SDState
*sd
, uint8_t value
)
1275 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1278 if (sd
->state
!= sd_receivingdata_state
) {
1279 printf("sd_write_data: not in Receiving-Data state\n");
1283 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1286 switch (sd
->current_cmd
) {
1287 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1288 sd
->data
[sd
->data_offset
++] = value
;
1289 if (sd
->data_offset
>= sd
->blk_len
) {
1290 /* TODO: Check CRC before committing */
1291 sd
->state
= sd_programming_state
;
1292 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1294 sd
->csd
[14] |= 0x40;
1295 /* Bzzzzzzztt .... Operation complete. */
1296 sd
->state
= sd_transfer_state
;
1300 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1301 sd
->data
[sd
->data_offset
++] = value
;
1302 if (sd
->data_offset
>= sd
->blk_len
) {
1303 /* TODO: Check CRC before committing */
1304 sd
->state
= sd_programming_state
;
1305 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1307 sd
->data_start
+= sd
->blk_len
;
1308 sd
->data_offset
= 0;
1309 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1310 sd
->card_status
|= ADDRESS_ERROR
;
1313 if (sd_wp_addr(sd
, sd
->data_start
)) {
1314 sd
->card_status
|= WP_VIOLATION
;
1317 sd
->csd
[14] |= 0x40;
1319 /* Bzzzzzzztt .... Operation complete. */
1320 sd
->state
= sd_receivingdata_state
;
1324 case 26: /* CMD26: PROGRAM_CID */
1325 sd
->data
[sd
->data_offset
++] = value
;
1326 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1327 /* TODO: Check CRC before committing */
1328 sd
->state
= sd_programming_state
;
1329 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1330 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1331 sd
->card_status
|= CID_CSD_OVERWRITE
;
1333 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1334 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1336 sd
->cid
[i
] &= sd
->data
[i
];
1338 /* Bzzzzzzztt .... Operation complete. */
1339 sd
->state
= sd_transfer_state
;
1343 case 27: /* CMD27: PROGRAM_CSD */
1344 sd
->data
[sd
->data_offset
++] = value
;
1345 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1346 /* TODO: Check CRC before committing */
1347 sd
->state
= sd_programming_state
;
1348 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1349 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1350 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1351 sd
->card_status
|= CID_CSD_OVERWRITE
;
1353 /* Copy flag (OTP) & Permanent write protect */
1354 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1355 sd
->card_status
|= CID_CSD_OVERWRITE
;
1357 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1358 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1359 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1360 sd
->csd
[i
] &= sd
->data
[i
];
1362 /* Bzzzzzzztt .... Operation complete. */
1363 sd
->state
= sd_transfer_state
;
1367 case 42: /* CMD42: LOCK_UNLOCK */
1368 sd
->data
[sd
->data_offset
++] = value
;
1369 if (sd
->data_offset
>= sd
->blk_len
) {
1370 /* TODO: Check CRC before committing */
1371 sd
->state
= sd_programming_state
;
1372 sd_lock_command(sd
);
1373 /* Bzzzzzzztt .... Operation complete. */
1374 sd
->state
= sd_transfer_state
;
1378 case 56: /* CMD56: GEN_CMD */
1379 sd
->data
[sd
->data_offset
++] = value
;
1380 if (sd
->data_offset
>= sd
->blk_len
) {
1381 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1382 sd
->state
= sd_transfer_state
;
1387 printf("sd_write_data: unknown command\n");
1392 uint8_t sd_read_data(SDState
*sd
)
1394 /* TODO: Append CRCs */
1397 if (!sd
->bdrv
|| !bdrv_is_inserted(sd
->bdrv
))
1400 if (sd
->state
!= sd_sendingdata_state
) {
1401 printf("sd_read_data: not in Sending-Data state\n");
1405 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1408 switch (sd
->current_cmd
) {
1409 case 6: /* CMD6: SWITCH_FUNCTION */
1410 ret
= sd
->data
[sd
->data_offset
++];
1412 if (sd
->data_offset
>= 64)
1413 sd
->state
= sd_transfer_state
;
1416 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1417 if (sd
->data_offset
== 0)
1418 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1419 ret
= sd
->data
[sd
->data_offset
++];
1421 if (sd
->data_offset
>= sd
->blk_len
) {
1422 sd
->data_start
+= sd
->blk_len
;
1423 sd
->data_offset
= 0;
1424 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1425 sd
->card_status
|= ADDRESS_ERROR
;
1431 case 13: /* ACMD13: SD_STATUS */
1432 ret
= sd
->sd_status
[sd
->data_offset
++];
1434 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1435 sd
->state
= sd_transfer_state
;
1438 case 17: /* CMD17: READ_SINGLE_BLOCK */
1439 if (sd
->data_offset
== 0)
1440 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1441 ret
= sd
->data
[sd
->data_offset
++];
1443 if (sd
->data_offset
>= sd
->blk_len
)
1444 sd
->state
= sd_transfer_state
;
1447 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1448 if (sd
->data_offset
== 0)
1449 BLK_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1450 ret
= sd
->data
[sd
->data_offset
++];
1452 if (sd
->data_offset
>= sd
->blk_len
) {
1453 sd
->data_start
+= sd
->blk_len
;
1454 sd
->data_offset
= 0;
1455 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1456 sd
->card_status
|= ADDRESS_ERROR
;
1462 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1463 ret
= sd
->data
[sd
->data_offset
++];
1465 if (sd
->data_offset
>= 4)
1466 sd
->state
= sd_transfer_state
;
1469 case 30: /* CMD30: SEND_WRITE_PROT */
1470 ret
= sd
->data
[sd
->data_offset
++];
1472 if (sd
->data_offset
>= 4)
1473 sd
->state
= sd_transfer_state
;
1476 case 51: /* ACMD51: SEND_SCR */
1477 ret
= sd
->scr
[sd
->data_offset
++];
1479 if (sd
->data_offset
>= sizeof(sd
->scr
))
1480 sd
->state
= sd_transfer_state
;
1483 case 56: /* CMD56: GEN_CMD */
1484 if (sd
->data_offset
== 0)
1485 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1486 ret
= sd
->data
[sd
->data_offset
++];
1488 if (sd
->data_offset
>= sd
->blk_len
)
1489 sd
->state
= sd_transfer_state
;
1493 printf("sd_read_data: unknown command\n");
1500 int sd_data_ready(SDState
*sd
)
1502 return sd
->state
== sd_sendingdata_state
;