2
* SD Memory Card emulation as defined in the "SD Memory Card Physical
3
* layer specification, Version 1.10."
5
* Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6
* Copyright (c) 2007 CodeSourcery
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions
12
* 1. Redistributions of source code must retain the above copyright
13
* notice, this list of conditions and the following disclaimer.
14
* 2. Redistributions in binary form must reproduce the above copyright
15
* notice, this list of conditions and the following disclaimer in
16
* the documentation and/or other materials provided with the
19
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39
#define DPRINTF(fmt, args...) \
40
do { printf("SD: " fmt , ##args); } while (0)
42
#define DPRINTF(fmt, args...) do {} while(0)
46
sd_r0 = 0, /* no response */
47
sd_r1, /* normal response command */
48
sd_r2_i, /* CID register */
49
sd_r2_s, /* CSD register */
50
sd_r3, /* OCR register */
51
sd_r6 = 6, /* Published RCA response */
52
sd_r7, /* Operating voltage */
59
sd_card_identification_mode,
60
sd_data_transfer_mode,
63
sd_inactive_state = -1,
66
sd_identification_state,
70
sd_receivingdata_state,
80
uint8_t sd_status[64];
90
int function_group[6];
100
BlockDriverState *bdrv;
104
static void sd_set_status(SDState *sd)
107
case sd_inactive_state:
108
sd->mode = sd_inactive;
113
case sd_identification_state:
114
sd->mode = sd_card_identification_mode;
117
case sd_standby_state:
118
case sd_transfer_state:
119
case sd_sendingdata_state:
120
case sd_receivingdata_state:
121
case sd_programming_state:
122
case sd_disconnect_state:
123
sd->mode = sd_data_transfer_mode;
127
sd->card_status &= ~CURRENT_STATE;
128
sd->card_status |= sd->state << 9;
131
static const sd_cmd_type_t sd_cmd_type[64] = {
132
sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
133
sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
134
sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
135
sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
136
sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
137
sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
138
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
139
sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142
static const sd_cmd_type_t sd_acmd_type[64] = {
143
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
144
sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
145
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
146
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
147
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
148
sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
149
sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
150
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
153
static const int sd_cmd_class[64] = {
154
0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
155
2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
156
5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
157
7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
160
static uint8_t sd_crc7(void *message, size_t width)
163
uint8_t shift_reg = 0x00;
164
uint8_t *msg = (uint8_t *) message;
166
for (i = 0; i < width; i ++, msg ++)
167
for (bit = 7; bit >= 0; bit --) {
169
if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
176
static uint16_t sd_crc16(void *message, size_t width)
179
uint16_t shift_reg = 0x0000;
180
uint16_t *msg = (uint16_t *) message;
183
for (i = 0; i < width; i ++, msg ++)
184
for (bit = 15; bit >= 0; bit --) {
186
if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
193
static void sd_set_ocr(SDState *sd)
195
/* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
196
sd->ocr = 0x80ffff80;
199
static void sd_set_scr(SDState *sd)
201
sd->scr[0] = 0x00; /* SCR Structure */
202
sd->scr[1] = 0x2f; /* SD Security Support */
218
static void sd_set_cid(SDState *sd)
220
sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
221
sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223
sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
228
sd->cid[8] = PRV; /* Fake product revision (PRV) */
229
sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233
sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
234
((MDT_YR - 2000) / 10);
235
sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
236
sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
239
#define HWBLOCK_SHIFT 9 /* 512 bytes */
240
#define SECTOR_SHIFT 5 /* 16 kilobytes */
241
#define WPGROUP_SHIFT 7 /* 2 megs */
242
#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
243
#define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
244
#define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
245
#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247
static const uint8_t sd_csd_rw_mask[16] = {
248
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252
static void sd_set_csd(SDState *sd, uint32_t size)
254
uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255
uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256
uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258
sd->csd[0] = 0x00; /* CSD structure */
259
sd->csd[1] = 0x26; /* Data read access-time-1 */
260
sd->csd[2] = 0x00; /* Data read access-time-2 */
261
sd->csd[3] = 0x5a; /* Max. data transfer rate */
262
sd->csd[4] = 0x5f; /* Card Command Classes */
263
sd->csd[5] = 0x50 | /* Max. read data block length */
265
sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266
((csize >> 10) & 0x03);
267
sd->csd[7] = 0x00 | /* Device size */
268
((csize >> 2) & 0xff);
269
sd->csd[8] = 0x3f | /* Max. read current */
270
((csize << 6) & 0xc0);
271
sd->csd[9] = 0xfc | /* Max. write current */
272
((CMULT_SHIFT - 2) >> 1);
273
sd->csd[10] = 0x40 | /* Erase sector size */
274
(((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275
sd->csd[11] = 0x00 | /* Write protect group size */
276
((sectsize << 7) & 0x80) | wpsize;
277
sd->csd[12] = 0x90 | /* Write speed factor */
278
(HWBLOCK_SHIFT >> 2);
279
sd->csd[13] = 0x20 | /* Max. write data block length */
280
((HWBLOCK_SHIFT << 6) & 0xc0);
281
sd->csd[14] = 0x00; /* File format group */
282
sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285
static void sd_set_rca(SDState *sd)
290
#define CARD_STATUS_A 0x02004100
291
#define CARD_STATUS_B 0x00c01e00
292
#define CARD_STATUS_C 0xfd39a028
294
static void sd_set_cardstatus(SDState *sd)
296
sd->card_status = 0x00000100;
299
static void sd_set_sdstatus(SDState *sd)
301
memset(sd->sd_status, 0, 64);
304
static int sd_req_crc_validate(struct sd_request_s *req)
307
buffer[0] = 0x40 | req->cmd;
308
buffer[1] = (req->arg >> 24) & 0xff;
309
buffer[2] = (req->arg >> 16) & 0xff;
310
buffer[3] = (req->arg >> 8) & 0xff;
311
buffer[4] = (req->arg >> 0) & 0xff;
313
return sd_crc7(buffer, 5) != req->crc; /* TODO */
316
static void sd_response_r1_make(SDState *sd,
317
uint8_t *response, uint32_t last_status)
319
uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
322
status = (sd->card_status & ~mask) | (last_status & mask);
323
sd->card_status &= ~CARD_STATUS_C | APP_CMD;
325
response[0] = (status >> 24) & 0xff;
326
response[1] = (status >> 16) & 0xff;
327
response[2] = (status >> 8) & 0xff;
328
response[3] = (status >> 0) & 0xff;
331
static void sd_response_r3_make(SDState *sd, uint8_t *response)
333
response[0] = (sd->ocr >> 24) & 0xff;
334
response[1] = (sd->ocr >> 16) & 0xff;
335
response[2] = (sd->ocr >> 8) & 0xff;
336
response[3] = (sd->ocr >> 0) & 0xff;
339
static void sd_response_r6_make(SDState *sd, uint8_t *response)
345
status = ((sd->card_status >> 8) & 0xc000) |
346
((sd->card_status >> 6) & 0x2000) |
347
(sd->card_status & 0x1fff);
349
response[0] = (arg >> 8) & 0xff;
350
response[1] = arg & 0xff;
351
response[2] = (status >> 8) & 0xff;
352
response[3] = status & 0xff;
355
static void sd_response_r7_make(SDState *sd, uint8_t *response)
357
response[0] = (sd->vhs >> 24) & 0xff;
358
response[1] = (sd->vhs >> 16) & 0xff;
359
response[2] = (sd->vhs >> 8) & 0xff;
360
response[3] = (sd->vhs >> 0) & 0xff;
363
static void sd_reset(SDState *sd, BlockDriverState *bdrv)
368
bdrv_get_geometry(bdrv, §);
371
if (sect > 0x40000000)
372
size = 0x40000000; /* 1 gig */
376
sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
378
sd->state = sd_idle_state;
383
sd_set_csd(sd, size);
384
sd_set_cardstatus(sd);
390
qemu_free(sd->wp_groups);
391
sd->wp_switch = bdrv_is_read_only(bdrv);
392
sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
393
memset(sd->function_group, 0, sizeof(int) * 6);
401
static void sd_cardchange(void *opaque)
403
SDState *sd = opaque;
404
qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
405
if (bdrv_is_inserted(sd->bdrv)) {
406
sd_reset(sd, sd->bdrv);
407
qemu_set_irq(sd->readonly_cb, sd->wp_switch);
411
/* We do not model the chip select pin, so allow the board to select
412
whether card should be in SSI or MMC/SD mode. It is also up to the
413
board to ensure that ssi transfers only occur when the chip select
415
SDState *sd_init(BlockDriverState *bs, int is_spi)
419
sd = (SDState *) qemu_mallocz(sizeof(SDState));
420
sd->buf = qemu_memalign(512, 512);
423
bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
427
void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
429
sd->readonly_cb = readonly;
430
sd->inserted_cb = insert;
431
qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
432
qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
435
static void sd_erase(SDState *sd)
438
if (!sd->erase_start || !sd->erase_end) {
439
sd->card_status |= ERASE_SEQ_ERROR;
443
start = sd->erase_start >>
444
(HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
445
end = sd->erase_end >>
446
(HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
451
for (i = start; i <= end; i ++)
452
if (sd->wp_groups[i])
453
sd->card_status |= WP_ERASE_SKIP;
456
static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
461
wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
463
for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
464
if (addr < sd->size && sd->wp_groups[wpnum])
470
static void sd_function_switch(SDState *sd, uint32_t arg)
472
int i, mode, new_func, crc;
473
mode = !!(arg & 0x80000000);
475
sd->data[0] = 0x00; /* Maximum current consumption */
477
sd->data[2] = 0x80; /* Supported group 6 functions */
479
sd->data[4] = 0x80; /* Supported group 5 functions */
481
sd->data[6] = 0x80; /* Supported group 4 functions */
483
sd->data[8] = 0x80; /* Supported group 3 functions */
485
sd->data[10] = 0x80; /* Supported group 2 functions */
487
sd->data[12] = 0x80; /* Supported group 1 functions */
489
for (i = 0; i < 6; i ++) {
490
new_func = (arg >> (i * 4)) & 0x0f;
491
if (mode && new_func != 0x0f)
492
sd->function_group[i] = new_func;
493
sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
495
memset(&sd->data[17], 0, 47);
496
crc = sd_crc16(sd->data, 64);
497
sd->data[65] = crc >> 8;
498
sd->data[66] = crc & 0xff;
501
static inline int sd_wp_addr(SDState *sd, uint32_t addr)
503
return sd->wp_groups[addr >>
504
(HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
507
static void sd_lock_command(SDState *sd)
509
int erase, lock, clr_pwd, set_pwd, pwd_len;
510
erase = !!(sd->data[0] & 0x08);
511
lock = sd->data[0] & 0x04;
512
clr_pwd = sd->data[0] & 0x02;
513
set_pwd = sd->data[0] & 0x01;
516
pwd_len = sd->data[1];
521
if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
522
set_pwd || clr_pwd || lock || sd->wp_switch ||
523
(sd->csd[14] & 0x20)) {
524
sd->card_status |= LOCK_UNLOCK_FAILED;
527
memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
528
(HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
529
sd->csd[14] &= ~0x10;
530
sd->card_status &= ~CARD_IS_LOCKED;
532
/* Erasing the entire card here! */
533
printf("SD: Card force-erased by CMD42\n");
537
if (sd->blk_len < 2 + pwd_len ||
538
pwd_len <= sd->pwd_len ||
539
pwd_len > sd->pwd_len + 16) {
540
sd->card_status |= LOCK_UNLOCK_FAILED;
544
if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
545
sd->card_status |= LOCK_UNLOCK_FAILED;
549
pwd_len -= sd->pwd_len;
550
if ((pwd_len && !set_pwd) ||
551
(clr_pwd && (set_pwd || lock)) ||
552
(lock && !sd->pwd_len && !set_pwd) ||
553
(!set_pwd && !clr_pwd &&
554
(((sd->card_status & CARD_IS_LOCKED) && lock) ||
555
(!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
556
sd->card_status |= LOCK_UNLOCK_FAILED;
561
memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
562
sd->pwd_len = pwd_len;
570
sd->card_status |= CARD_IS_LOCKED;
572
sd->card_status &= ~CARD_IS_LOCKED;
575
static sd_rsp_type_t sd_normal_command(SDState *sd,
576
struct sd_request_s req)
578
uint32_t rca = 0x0000;
580
if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
583
DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
585
/* Basic commands (Class 0 and Class 1) */
586
case 0: /* CMD0: GO_IDLE_STATE */
588
case sd_inactive_state:
589
return sd->spi ? sd_r1 : sd_r0;
592
sd->state = sd_idle_state;
593
sd_reset(sd, sd->bdrv);
594
return sd->spi ? sd_r1 : sd_r0;
598
case 1: /* CMD1: SEND_OP_CMD */
602
sd->state = sd_transfer_state;
605
case 2: /* CMD2: ALL_SEND_CID */
610
sd->state = sd_identification_state;
618
case 3: /* CMD3: SEND_RELATIVE_ADDR */
622
case sd_identification_state:
623
case sd_standby_state:
624
sd->state = sd_standby_state;
633
case 4: /* CMD4: SEND_DSR */
637
case sd_standby_state:
645
case 6: /* CMD6: SWITCH_FUNCTION */
649
case sd_data_transfer_mode:
650
sd_function_switch(sd, req.arg);
651
sd->state = sd_sendingdata_state;
661
case 7: /* CMD7: SELECT/DESELECT_CARD */
665
case sd_standby_state:
669
sd->state = sd_transfer_state;
672
case sd_transfer_state:
673
case sd_sendingdata_state:
677
sd->state = sd_standby_state;
680
case sd_disconnect_state:
684
sd->state = sd_programming_state;
687
case sd_programming_state:
691
sd->state = sd_disconnect_state;
699
case 8: /* CMD8: SEND_IF_COND */
700
/* Physical Layer Specification Version 2.00 command */
705
/* No response if not exactly one VHS bit is set. */
706
if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
707
return sd->spi ? sd_r7 : sd_r0;
718
case 9: /* CMD9: SEND_CSD */
720
case sd_standby_state:
726
case sd_transfer_state:
729
sd->state = sd_sendingdata_state;
730
memcpy(sd->data, sd->csd, 16);
731
sd->data_start = req.arg;
740
case 10: /* CMD10: SEND_CID */
742
case sd_standby_state:
748
case sd_transfer_state:
751
sd->state = sd_sendingdata_state;
752
memcpy(sd->data, sd->cid, 16);
753
sd->data_start = req.arg;
762
case 11: /* CMD11: READ_DAT_UNTIL_STOP */
766
case sd_transfer_state:
767
sd->state = sd_sendingdata_state;
768
sd->data_start = req.arg;
771
if (sd->data_start + sd->blk_len > sd->size)
772
sd->card_status |= ADDRESS_ERROR;
780
case 12: /* CMD12: STOP_TRANSMISSION */
782
case sd_sendingdata_state:
783
sd->state = sd_transfer_state;
786
case sd_receivingdata_state:
787
sd->state = sd_programming_state;
788
/* Bzzzzzzztt .... Operation complete. */
789
sd->state = sd_transfer_state;
797
case 13: /* CMD13: SEND_STATUS */
799
case sd_data_transfer_mode:
810
case 15: /* CMD15: GO_INACTIVE_STATE */
814
case sd_data_transfer_mode:
818
sd->state = sd_inactive_state;
826
/* Block read commands (Classs 2) */
827
case 16: /* CMD16: SET_BLOCKLEN */
829
case sd_transfer_state:
830
if (req.arg > (1 << HWBLOCK_SHIFT))
831
sd->card_status |= BLOCK_LEN_ERROR;
833
sd->blk_len = req.arg;
842
case 17: /* CMD17: READ_SINGLE_BLOCK */
844
case sd_transfer_state:
845
sd->state = sd_sendingdata_state;
846
sd->data_start = req.arg;
849
if (sd->data_start + sd->blk_len > sd->size)
850
sd->card_status |= ADDRESS_ERROR;
858
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
860
case sd_transfer_state:
861
sd->state = sd_sendingdata_state;
862
sd->data_start = req.arg;
865
if (sd->data_start + sd->blk_len > sd->size)
866
sd->card_status |= ADDRESS_ERROR;
874
/* Block write commands (Class 4) */
875
case 24: /* CMD24: WRITE_SINGLE_BLOCK */
877
goto unimplemented_cmd;
879
case sd_transfer_state:
880
/* Writing in SPI mode not implemented. */
883
sd->state = sd_receivingdata_state;
884
sd->data_start = req.arg;
888
if (sd->data_start + sd->blk_len > sd->size)
889
sd->card_status |= ADDRESS_ERROR;
890
if (sd_wp_addr(sd, sd->data_start))
891
sd->card_status |= WP_VIOLATION;
892
if (sd->csd[14] & 0x30)
893
sd->card_status |= WP_VIOLATION;
901
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
903
goto unimplemented_cmd;
905
case sd_transfer_state:
906
/* Writing in SPI mode not implemented. */
909
sd->state = sd_receivingdata_state;
910
sd->data_start = req.arg;
914
if (sd->data_start + sd->blk_len > sd->size)
915
sd->card_status |= ADDRESS_ERROR;
916
if (sd_wp_addr(sd, sd->data_start))
917
sd->card_status |= WP_VIOLATION;
918
if (sd->csd[14] & 0x30)
919
sd->card_status |= WP_VIOLATION;
927
case 26: /* CMD26: PROGRAM_CID */
931
case sd_transfer_state:
932
sd->state = sd_receivingdata_state;
942
case 27: /* CMD27: PROGRAM_CSD */
944
goto unimplemented_cmd;
946
case sd_transfer_state:
947
sd->state = sd_receivingdata_state;
957
/* Write protection (Class 6) */
958
case 28: /* CMD28: SET_WRITE_PROT */
960
case sd_transfer_state:
961
if (req.arg >= sd->size) {
962
sd->card_status = ADDRESS_ERROR;
966
sd->state = sd_programming_state;
967
sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
968
SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
969
/* Bzzzzzzztt .... Operation complete. */
970
sd->state = sd_transfer_state;
978
case 29: /* CMD29: CLR_WRITE_PROT */
980
case sd_transfer_state:
981
if (req.arg >= sd->size) {
982
sd->card_status = ADDRESS_ERROR;
986
sd->state = sd_programming_state;
987
sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
988
SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
989
/* Bzzzzzzztt .... Operation complete. */
990
sd->state = sd_transfer_state;
998
case 30: /* CMD30: SEND_WRITE_PROT */
1000
case sd_transfer_state:
1001
sd->state = sd_sendingdata_state;
1002
*(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1003
sd->data_start = req.arg;
1004
sd->data_offset = 0;
1012
/* Erase commands (Class 5) */
1013
case 32: /* CMD32: ERASE_WR_BLK_START */
1014
switch (sd->state) {
1015
case sd_transfer_state:
1016
sd->erase_start = req.arg;
1024
case 33: /* CMD33: ERASE_WR_BLK_END */
1025
switch (sd->state) {
1026
case sd_transfer_state:
1027
sd->erase_end = req.arg;
1035
case 38: /* CMD38: ERASE */
1036
switch (sd->state) {
1037
case sd_transfer_state:
1038
if (sd->csd[14] & 0x30) {
1039
sd->card_status |= WP_VIOLATION;
1043
sd->state = sd_programming_state;
1045
/* Bzzzzzzztt .... Operation complete. */
1046
sd->state = sd_transfer_state;
1054
/* Lock card commands (Class 7) */
1055
case 42: /* CMD42: LOCK_UNLOCK */
1057
goto unimplemented_cmd;
1058
switch (sd->state) {
1059
case sd_transfer_state:
1060
sd->state = sd_receivingdata_state;
1062
sd->data_offset = 0;
1070
/* Application specific commands (Class 8) */
1071
case 55: /* CMD55: APP_CMD */
1075
sd->card_status |= APP_CMD;
1078
case 56: /* CMD56: GEN_CMD */
1079
printf("SD: GEN_CMD 0x%08x\n", req.arg);
1081
switch (sd->state) {
1082
case sd_transfer_state:
1083
sd->data_offset = 0;
1085
sd->state = sd_sendingdata_state;
1087
sd->state = sd_receivingdata_state;
1097
sd->card_status |= ILLEGAL_COMMAND;
1099
printf("SD: Unknown CMD%i\n", req.cmd);
1103
/* Commands that are recognised but not yet implemented in SPI mode. */
1104
sd->card_status |= ILLEGAL_COMMAND;
1105
printf ("SD: CMD%i not implemented in SPI mode\n", req.cmd);
1109
sd->card_status |= ILLEGAL_COMMAND;
1110
printf("SD: CMD%i in a wrong state\n", req.cmd);
1114
static sd_rsp_type_t sd_app_command(SDState *sd,
1115
struct sd_request_s req) {
1118
if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1119
rca = req.arg >> 16;
1121
DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1123
case 6: /* ACMD6: SET_BUS_WIDTH */
1124
switch (sd->state) {
1125
case sd_transfer_state:
1126
sd->sd_status[0] &= 0x3f;
1127
sd->sd_status[0] |= (req.arg & 0x03) << 6;
1135
case 13: /* ACMD13: SD_STATUS */
1136
switch (sd->state) {
1137
case sd_transfer_state:
1139
sd->data_offset = 0;
1147
case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1148
switch (sd->state) {
1149
case sd_transfer_state:
1150
*(uint32_t *) sd->data = sd->blk_written;
1153
sd->data_offset = 0;
1161
case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1162
switch (sd->state) {
1163
case sd_transfer_state:
1171
case 41: /* ACMD41: SD_APP_OP_COND */
1174
sd->state = sd_transfer_state;
1177
switch (sd->state) {
1179
/* We accept any voltage. 10000 V is nothing. */
1181
sd->state = sd_ready_state;
1190
case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1191
switch (sd->state) {
1192
case sd_transfer_state:
1193
/* Bringing in the 50KOhm pull-up resistor... Done. */
1201
case 51: /* ACMD51: SEND_SCR */
1202
switch (sd->state) {
1203
case sd_transfer_state:
1204
sd->state = sd_sendingdata_state;
1206
sd->data_offset = 0;
1215
/* Fall back to standard commands. */
1216
sd->card_status &= ~APP_CMD;
1217
return sd_normal_command(sd, req);
1220
printf("SD: ACMD%i in a wrong state\n", req.cmd);
1224
int sd_do_command(SDState *sd, struct sd_request_s *req,
1225
uint8_t *response) {
1226
uint32_t last_status = sd->card_status;
1227
sd_rsp_type_t rtype;
1230
if (!bdrv_is_inserted(sd->bdrv)) {
1234
if (sd_req_crc_validate(req)) {
1235
sd->card_status &= ~COM_CRC_ERROR;
1239
sd->card_status &= ~CARD_STATUS_B;
1242
if (last_status & CARD_IS_LOCKED)
1243
if (((last_status & APP_CMD) &&
1245
(!(last_status & APP_CMD) &&
1246
(sd_cmd_class[req->cmd] == 0 ||
1247
sd_cmd_class[req->cmd] == 7 ||
1248
req->cmd == 16 || req->cmd == 55))) {
1249
sd->card_status |= ILLEGAL_COMMAND;
1250
printf("SD: Card is locked\n");
1254
if (last_status & APP_CMD) {
1255
rtype = sd_app_command(sd, *req);
1256
sd->card_status &= ~APP_CMD;
1258
rtype = sd_normal_command(sd, *req);
1260
sd->current_cmd = req->cmd;
1265
sd_response_r1_make(sd, response, last_status);
1270
memcpy(response, sd->cid, sizeof(sd->cid));
1275
memcpy(response, sd->csd, sizeof(sd->csd));
1280
sd_response_r3_make(sd, response);
1285
sd_response_r6_make(sd, response);
1290
sd_response_r7_make(sd, response);
1300
if (sd->card_status & ILLEGAL_COMMAND)
1306
DPRINTF("Response:");
1307
for (i = 0; i < rsplen; i++)
1308
printf(" %02x", response[i]);
1309
printf(" state %d\n", sd->state);
1311
DPRINTF("No response %d\n", sd->state);
1318
/* No real need for 64 bit addresses here */
1319
static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
1321
uint32_t end = addr + len;
1323
if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1324
printf("sd_blk_read: read error on host side\n");
1328
if (end > (addr & ~511) + 512) {
1329
memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1331
if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1332
printf("sd_blk_read: read error on host side\n");
1335
memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1337
memcpy(sd->data, sd->buf + (addr & 511), len);
1340
static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
1342
uint32_t end = addr + len;
1344
if ((addr & 511) || len < 512)
1345
if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1346
printf("sd_blk_write: read error on host side\n");
1350
if (end > (addr & ~511) + 512) {
1351
memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1352
if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1353
printf("sd_blk_write: write error on host side\n");
1357
if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1358
printf("sd_blk_write: read error on host side\n");
1361
memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1362
if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1363
printf("sd_blk_write: write error on host side\n");
1365
memcpy(sd->buf + (addr & 511), sd->data, len);
1366
if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1367
printf("sd_blk_write: write error on host side\n");
1371
#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1372
#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1373
#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1374
#define APP_WRITE_BLOCK(a, len)
1376
void sd_write_data(SDState *sd, uint8_t value)
1380
if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1383
if (sd->state != sd_receivingdata_state) {
1384
printf("sd_write_data: not in Receiving-Data state\n");
1388
if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1391
switch (sd->current_cmd) {
1392
case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1393
sd->data[sd->data_offset ++] = value;
1394
if (sd->data_offset >= sd->blk_len) {
1395
/* TODO: Check CRC before committing */
1396
sd->state = sd_programming_state;
1397
BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1399
sd->csd[14] |= 0x40;
1400
/* Bzzzzzzztt .... Operation complete. */
1401
sd->state = sd_transfer_state;
1405
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1406
sd->data[sd->data_offset ++] = value;
1407
if (sd->data_offset >= sd->blk_len) {
1408
/* TODO: Check CRC before committing */
1409
sd->state = sd_programming_state;
1410
BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1412
sd->data_start += sd->blk_len;
1413
sd->data_offset = 0;
1414
if (sd->data_start + sd->blk_len > sd->size) {
1415
sd->card_status |= ADDRESS_ERROR;
1418
if (sd_wp_addr(sd, sd->data_start)) {
1419
sd->card_status |= WP_VIOLATION;
1422
sd->csd[14] |= 0x40;
1424
/* Bzzzzzzztt .... Operation complete. */
1425
sd->state = sd_receivingdata_state;
1429
case 26: /* CMD26: PROGRAM_CID */
1430
sd->data[sd->data_offset ++] = value;
1431
if (sd->data_offset >= sizeof(sd->cid)) {
1432
/* TODO: Check CRC before committing */
1433
sd->state = sd_programming_state;
1434
for (i = 0; i < sizeof(sd->cid); i ++)
1435
if ((sd->cid[i] | 0x00) != sd->data[i])
1436
sd->card_status |= CID_CSD_OVERWRITE;
1438
if (!(sd->card_status & CID_CSD_OVERWRITE))
1439
for (i = 0; i < sizeof(sd->cid); i ++) {
1441
sd->cid[i] &= sd->data[i];
1443
/* Bzzzzzzztt .... Operation complete. */
1444
sd->state = sd_transfer_state;
1448
case 27: /* CMD27: PROGRAM_CSD */
1449
sd->data[sd->data_offset ++] = value;
1450
if (sd->data_offset >= sizeof(sd->csd)) {
1451
/* TODO: Check CRC before committing */
1452
sd->state = sd_programming_state;
1453
for (i = 0; i < sizeof(sd->csd); i ++)
1454
if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1455
(sd->data[i] | sd_csd_rw_mask[i]))
1456
sd->card_status |= CID_CSD_OVERWRITE;
1458
/* Copy flag (OTP) & Permanent write protect */
1459
if (sd->csd[14] & ~sd->data[14] & 0x60)
1460
sd->card_status |= CID_CSD_OVERWRITE;
1462
if (!(sd->card_status & CID_CSD_OVERWRITE))
1463
for (i = 0; i < sizeof(sd->csd); i ++) {
1464
sd->csd[i] |= sd_csd_rw_mask[i];
1465
sd->csd[i] &= sd->data[i];
1467
/* Bzzzzzzztt .... Operation complete. */
1468
sd->state = sd_transfer_state;
1472
case 42: /* CMD42: LOCK_UNLOCK */
1473
sd->data[sd->data_offset ++] = value;
1474
if (sd->data_offset >= sd->blk_len) {
1475
/* TODO: Check CRC before committing */
1476
sd->state = sd_programming_state;
1477
sd_lock_command(sd);
1478
/* Bzzzzzzztt .... Operation complete. */
1479
sd->state = sd_transfer_state;
1483
case 56: /* CMD56: GEN_CMD */
1484
sd->data[sd->data_offset ++] = value;
1485
if (sd->data_offset >= sd->blk_len) {
1486
APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1487
sd->state = sd_transfer_state;
1492
printf("sd_write_data: unknown command\n");
1497
uint8_t sd_read_data(SDState *sd)
1499
/* TODO: Append CRCs */
1502
if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1505
if (sd->state != sd_sendingdata_state) {
1506
printf("sd_read_data: not in Sending-Data state\n");
1510
if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1513
switch (sd->current_cmd) {
1514
case 6: /* CMD6: SWITCH_FUNCTION */
1515
ret = sd->data[sd->data_offset ++];
1517
if (sd->data_offset >= 64)
1518
sd->state = sd_transfer_state;
1521
case 9: /* CMD9: SEND_CSD */
1522
case 10: /* CMD10: SEND_CID */
1523
ret = sd->data[sd->data_offset ++];
1525
if (sd->data_offset >= 16)
1526
sd->state = sd_transfer_state;
1529
case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1530
if (sd->data_offset == 0)
1531
BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1532
ret = sd->data[sd->data_offset ++];
1534
if (sd->data_offset >= sd->blk_len) {
1535
sd->data_start += sd->blk_len;
1536
sd->data_offset = 0;
1537
if (sd->data_start + sd->blk_len > sd->size) {
1538
sd->card_status |= ADDRESS_ERROR;
1544
case 13: /* ACMD13: SD_STATUS */
1545
ret = sd->sd_status[sd->data_offset ++];
1547
if (sd->data_offset >= sizeof(sd->sd_status))
1548
sd->state = sd_transfer_state;
1551
case 17: /* CMD17: READ_SINGLE_BLOCK */
1552
if (sd->data_offset == 0)
1553
BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1554
ret = sd->data[sd->data_offset ++];
1556
if (sd->data_offset >= sd->blk_len)
1557
sd->state = sd_transfer_state;
1560
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1561
if (sd->data_offset == 0)
1562
BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1563
ret = sd->data[sd->data_offset ++];
1565
if (sd->data_offset >= sd->blk_len) {
1566
sd->data_start += sd->blk_len;
1567
sd->data_offset = 0;
1568
if (sd->data_start + sd->blk_len > sd->size) {
1569
sd->card_status |= ADDRESS_ERROR;
1575
case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1576
ret = sd->data[sd->data_offset ++];
1578
if (sd->data_offset >= 4)
1579
sd->state = sd_transfer_state;
1582
case 30: /* CMD30: SEND_WRITE_PROT */
1583
ret = sd->data[sd->data_offset ++];
1585
if (sd->data_offset >= 4)
1586
sd->state = sd_transfer_state;
1589
case 51: /* ACMD51: SEND_SCR */
1590
ret = sd->scr[sd->data_offset ++];
1592
if (sd->data_offset >= sizeof(sd->scr))
1593
sd->state = sd_transfer_state;
1596
case 56: /* CMD56: GEN_CMD */
1597
if (sd->data_offset == 0)
1598
APP_READ_BLOCK(sd->data_start, sd->blk_len);
1599
ret = sd->data[sd->data_offset ++];
1601
if (sd->data_offset >= sd->blk_len)
1602
sd->state = sd_transfer_state;
1606
printf("sd_read_data: unknown command\n");
1613
int sd_data_ready(SDState *sd)
1615
return sd->state == sd_sendingdata_state;