2
* SD Memory Card emulation as defined in the "SD Memory Card Physical
3
* layer specification, Version 1.10."
5
* Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6
* Copyright (c) 2007 CodeSourcery
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions
12
* 1. Redistributions of source code must retain the above copyright
13
* notice, this list of conditions and the following disclaimer.
14
* 2. Redistributions in binary form must reproduce the above copyright
15
* notice, this list of conditions and the following disclaimer in
16
* the documentation and/or other materials provided with the
19
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33
#include "block/block.h"
35
#include "qemu/bitmap.h"
40
#define DPRINTF(fmt, ...) \
41
do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43
#define DPRINTF(fmt, ...) do {} while(0)
47
sd_r0 = 0, /* no response */
48
sd_r1, /* normal response command */
49
sd_r2_i, /* CID register */
50
sd_r2_s, /* CSD register */
51
sd_r3, /* OCR register */
52
sd_r6 = 6, /* Published RCA response */
53
sd_r7, /* Operating voltage */
60
sd_card_identification_mode,
61
sd_data_transfer_mode,
65
sd_inactive_state = -1,
68
sd_identification_state,
72
sd_receivingdata_state,
78
uint32_t mode; /* current card mode, one of SDCardModes */
79
int32_t state; /* current card state, one of SDCardStates */
86
uint8_t sd_status[64];
89
unsigned long *wp_groups;
97
uint8_t function_group[6];
101
/* True if we will handle the next command as an ACMD. Note that this does
102
* *not* track the APP_CMD status bit!
105
uint32_t blk_written;
107
uint32_t data_offset;
109
qemu_irq readonly_cb;
110
qemu_irq inserted_cb;
111
BlockDriverState *bdrv;
117
static void sd_set_mode(SDState *sd)
120
case sd_inactive_state:
121
sd->mode = sd_inactive;
126
case sd_identification_state:
127
sd->mode = sd_card_identification_mode;
130
case sd_standby_state:
131
case sd_transfer_state:
132
case sd_sendingdata_state:
133
case sd_receivingdata_state:
134
case sd_programming_state:
135
case sd_disconnect_state:
136
sd->mode = sd_data_transfer_mode;
141
static const sd_cmd_type_t sd_cmd_type[64] = {
142
sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
143
sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
144
sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
145
sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
146
sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147
sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
148
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
149
sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152
static const sd_cmd_type_t sd_acmd_type[64] = {
153
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
154
sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
155
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
156
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
157
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
158
sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
159
sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
160
sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
163
static const int sd_cmd_class[64] = {
164
0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
165
2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
166
5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
167
7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
170
static uint8_t sd_crc7(void *message, size_t width)
173
uint8_t shift_reg = 0x00;
174
uint8_t *msg = (uint8_t *) message;
176
for (i = 0; i < width; i ++, msg ++)
177
for (bit = 7; bit >= 0; bit --) {
179
if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
186
static uint16_t sd_crc16(void *message, size_t width)
189
uint16_t shift_reg = 0x0000;
190
uint16_t *msg = (uint16_t *) message;
193
for (i = 0; i < width; i ++, msg ++)
194
for (bit = 15; bit >= 0; bit --) {
196
if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
203
static void sd_set_ocr(SDState *sd)
205
/* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
206
sd->ocr = 0x80ffff00;
209
static void sd_set_scr(SDState *sd)
211
sd->scr[0] = 0x00; /* SCR Structure */
212
sd->scr[1] = 0x2f; /* SD Security Support */
228
static void sd_set_cid(SDState *sd)
230
sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
231
sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
233
sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
238
sd->cid[8] = PRV; /* Fake product revision (PRV) */
239
sd->cid[9] = 0xde; /* Fake serial number (PSN) */
243
sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
244
((MDT_YR - 2000) / 10);
245
sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
246
sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
249
#define HWBLOCK_SHIFT 9 /* 512 bytes */
250
#define SECTOR_SHIFT 5 /* 16 kilobytes */
251
#define WPGROUP_SHIFT 7 /* 2 megs */
252
#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
253
#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
255
static const uint8_t sd_csd_rw_mask[16] = {
256
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
257
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
260
static void sd_set_csd(SDState *sd, uint64_t size)
262
uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
263
uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
264
uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
266
if (size <= 0x40000000) { /* Standard Capacity SD */
267
sd->csd[0] = 0x00; /* CSD structure */
268
sd->csd[1] = 0x26; /* Data read access-time-1 */
269
sd->csd[2] = 0x00; /* Data read access-time-2 */
270
sd->csd[3] = 0x5a; /* Max. data transfer rate */
271
sd->csd[4] = 0x5f; /* Card Command Classes */
272
sd->csd[5] = 0x50 | /* Max. read data block length */
274
sd->csd[6] = 0xe0 | /* Partial block for read allowed */
275
((csize >> 10) & 0x03);
276
sd->csd[7] = 0x00 | /* Device size */
277
((csize >> 2) & 0xff);
278
sd->csd[8] = 0x3f | /* Max. read current */
279
((csize << 6) & 0xc0);
280
sd->csd[9] = 0xfc | /* Max. write current */
281
((CMULT_SHIFT - 2) >> 1);
282
sd->csd[10] = 0x40 | /* Erase sector size */
283
(((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
284
sd->csd[11] = 0x00 | /* Write protect group size */
285
((sectsize << 7) & 0x80) | wpsize;
286
sd->csd[12] = 0x90 | /* Write speed factor */
287
(HWBLOCK_SHIFT >> 2);
288
sd->csd[13] = 0x20 | /* Max. write data block length */
289
((HWBLOCK_SHIFT << 6) & 0xc0);
290
sd->csd[14] = 0x00; /* File format group */
291
sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
302
sd->csd[7] = (size >> 16) & 0xff;
303
sd->csd[8] = (size >> 8) & 0xff;
304
sd->csd[9] = (size & 0xff);
311
sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
315
static void sd_set_rca(SDState *sd)
320
/* Card status bits, split by clear condition:
321
* A : According to the card current state
322
* B : Always related to the previous command
323
* C : Cleared by read
325
#define CARD_STATUS_A 0x02004100
326
#define CARD_STATUS_B 0x00c01e00
327
#define CARD_STATUS_C 0xfd39a028
329
static void sd_set_cardstatus(SDState *sd)
331
sd->card_status = 0x00000100;
334
static void sd_set_sdstatus(SDState *sd)
336
memset(sd->sd_status, 0, 64);
339
static int sd_req_crc_validate(SDRequest *req)
342
buffer[0] = 0x40 | req->cmd;
343
buffer[1] = (req->arg >> 24) & 0xff;
344
buffer[2] = (req->arg >> 16) & 0xff;
345
buffer[3] = (req->arg >> 8) & 0xff;
346
buffer[4] = (req->arg >> 0) & 0xff;
348
return sd_crc7(buffer, 5) != req->crc; /* TODO */
351
static void sd_response_r1_make(SDState *sd, uint8_t *response)
353
uint32_t status = sd->card_status;
354
/* Clear the "clear on read" status bits */
355
sd->card_status &= ~CARD_STATUS_C;
357
response[0] = (status >> 24) & 0xff;
358
response[1] = (status >> 16) & 0xff;
359
response[2] = (status >> 8) & 0xff;
360
response[3] = (status >> 0) & 0xff;
363
static void sd_response_r3_make(SDState *sd, uint8_t *response)
365
response[0] = (sd->ocr >> 24) & 0xff;
366
response[1] = (sd->ocr >> 16) & 0xff;
367
response[2] = (sd->ocr >> 8) & 0xff;
368
response[3] = (sd->ocr >> 0) & 0xff;
371
static void sd_response_r6_make(SDState *sd, uint8_t *response)
377
status = ((sd->card_status >> 8) & 0xc000) |
378
((sd->card_status >> 6) & 0x2000) |
379
(sd->card_status & 0x1fff);
380
sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
382
response[0] = (arg >> 8) & 0xff;
383
response[1] = arg & 0xff;
384
response[2] = (status >> 8) & 0xff;
385
response[3] = status & 0xff;
388
static void sd_response_r7_make(SDState *sd, uint8_t *response)
390
response[0] = (sd->vhs >> 24) & 0xff;
391
response[1] = (sd->vhs >> 16) & 0xff;
392
response[2] = (sd->vhs >> 8) & 0xff;
393
response[3] = (sd->vhs >> 0) & 0xff;
396
static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
398
return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
401
void sd_reset(SDState *sd)
407
bdrv_get_geometry(sd->bdrv, §);
413
sect = sd_addr_to_wpnum(size) + 1;
415
sd->state = sd_idle_state;
420
sd_set_csd(sd, size);
421
sd_set_cardstatus(sd);
425
g_free(sd->wp_groups);
426
sd->wp_switch = sd->bdrv ? bdrv_is_read_only(sd->bdrv) : false;
427
sd->wpgrps_size = sect;
428
sd->wp_groups = bitmap_new(sd->wpgrps_size);
429
memset(sd->function_group, 0, sizeof(sd->function_group));
435
sd->expecting_acmd = false;
438
static void sd_cardchange(void *opaque, bool load)
440
SDState *sd = opaque;
442
qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
443
if (bdrv_is_inserted(sd->bdrv)) {
445
qemu_set_irq(sd->readonly_cb, sd->wp_switch);
449
static const BlockDevOps sd_block_ops = {
450
.change_media_cb = sd_cardchange,
453
static const VMStateDescription sd_vmstate = {
456
.minimum_version_id = 1,
457
.fields = (VMStateField[]) {
458
VMSTATE_UINT32(mode, SDState),
459
VMSTATE_INT32(state, SDState),
460
VMSTATE_UINT8_ARRAY(cid, SDState, 16),
461
VMSTATE_UINT8_ARRAY(csd, SDState, 16),
462
VMSTATE_UINT16(rca, SDState),
463
VMSTATE_UINT32(card_status, SDState),
464
VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
465
VMSTATE_UINT32(vhs, SDState),
466
VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
467
VMSTATE_UINT32(blk_len, SDState),
468
VMSTATE_UINT32(erase_start, SDState),
469
VMSTATE_UINT32(erase_end, SDState),
470
VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
471
VMSTATE_UINT32(pwd_len, SDState),
472
VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
473
VMSTATE_UINT8(current_cmd, SDState),
474
VMSTATE_BOOL(expecting_acmd, SDState),
475
VMSTATE_UINT32(blk_written, SDState),
476
VMSTATE_UINT64(data_start, SDState),
477
VMSTATE_UINT32(data_offset, SDState),
478
VMSTATE_UINT8_ARRAY(data, SDState, 512),
479
VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
480
VMSTATE_BOOL(enable, SDState),
481
VMSTATE_END_OF_LIST()
485
/* We do not model the chip select pin, so allow the board to select
486
whether card should be in SSI or MMC/SD mode. It is also up to the
487
board to ensure that ssi transfers only occur when the chip select
489
SDState *sd_init(BlockDriverState *bs, bool is_spi, bool is_mmc)
493
sd = (SDState *) g_malloc0(sizeof(SDState));
494
sd->buf = qemu_blockalign(bs, 512);
500
bdrv_attach_dev_nofail(sd->bdrv, sd);
501
bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
503
vmstate_register(NULL, -1, &sd_vmstate, sd);
507
void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
509
sd->readonly_cb = readonly;
510
sd->inserted_cb = insert;
511
qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
512
qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
515
static void sd_erase(SDState *sd)
518
uint64_t erase_start = sd->erase_start;
519
uint64_t erase_end = sd->erase_end;
521
if (!sd->erase_start || !sd->erase_end) {
522
sd->card_status |= ERASE_SEQ_ERROR;
526
if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
527
/* High capacity memory card: erase units are 512 byte blocks */
532
erase_start = sd_addr_to_wpnum(erase_start);
533
erase_end = sd_addr_to_wpnum(erase_end);
538
for (i = erase_start; i <= erase_end; i++) {
539
if (test_bit(i, sd->wp_groups)) {
540
sd->card_status |= WP_ERASE_SKIP;
545
static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
550
wpnum = sd_addr_to_wpnum(addr);
552
for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
553
if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
561
static void sd_function_switch(SDState *sd, uint32_t arg)
563
int i, mode, new_func, crc;
564
mode = !!(arg & 0x80000000);
566
sd->data[0] = 0x00; /* Maximum current consumption */
568
sd->data[2] = 0x80; /* Supported group 6 functions */
570
sd->data[4] = 0x80; /* Supported group 5 functions */
572
sd->data[6] = 0x80; /* Supported group 4 functions */
574
sd->data[8] = 0x80; /* Supported group 3 functions */
576
sd->data[10] = 0x80; /* Supported group 2 functions */
578
sd->data[12] = 0x80; /* Supported group 1 functions */
580
for (i = 0; i < 6; i ++) {
581
new_func = (arg >> (i * 4)) & 0x0f;
582
if (mode && new_func != 0x0f)
583
sd->function_group[i] = new_func;
584
sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
586
memset(&sd->data[17], 0, 47);
587
crc = sd_crc16(sd->data, 64);
588
sd->data[65] = crc >> 8;
589
sd->data[66] = crc & 0xff;
592
static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
594
return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
597
static void sd_lock_command(SDState *sd)
599
int erase, lock, clr_pwd, set_pwd, pwd_len;
600
erase = !!(sd->data[0] & 0x08);
601
lock = sd->data[0] & 0x04;
602
clr_pwd = sd->data[0] & 0x02;
603
set_pwd = sd->data[0] & 0x01;
606
pwd_len = sd->data[1];
611
if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
612
set_pwd || clr_pwd || lock || sd->wp_switch ||
613
(sd->csd[14] & 0x20)) {
614
sd->card_status |= LOCK_UNLOCK_FAILED;
617
bitmap_zero(sd->wp_groups, sd->wpgrps_size);
618
sd->csd[14] &= ~0x10;
619
sd->card_status &= ~CARD_IS_LOCKED;
621
/* Erasing the entire card here! */
622
fprintf(stderr, "SD: Card force-erased by CMD42\n");
626
if (sd->blk_len < 2 + pwd_len ||
627
pwd_len <= sd->pwd_len ||
628
pwd_len > sd->pwd_len + 16) {
629
sd->card_status |= LOCK_UNLOCK_FAILED;
633
if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
634
sd->card_status |= LOCK_UNLOCK_FAILED;
638
pwd_len -= sd->pwd_len;
639
if ((pwd_len && !set_pwd) ||
640
(clr_pwd && (set_pwd || lock)) ||
641
(lock && !sd->pwd_len && !set_pwd) ||
642
(!set_pwd && !clr_pwd &&
643
(((sd->card_status & CARD_IS_LOCKED) && lock) ||
644
(!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
645
sd->card_status |= LOCK_UNLOCK_FAILED;
650
memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
651
sd->pwd_len = pwd_len;
659
sd->card_status |= CARD_IS_LOCKED;
661
sd->card_status &= ~CARD_IS_LOCKED;
664
static sd_rsp_type_t sd_normal_command(SDState *sd,
667
uint32_t rca = 0x0000;
668
uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
670
/* Not interpreting this as an app command */
671
sd->card_status &= ~APP_CMD;
673
if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
676
DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
678
/* Basic commands (Class 0 and Class 1) */
679
case 0: /* CMD0: GO_IDLE_STATE */
681
case sd_inactive_state:
682
return sd->spi ? sd_r1 : sd_r0;
685
sd->state = sd_idle_state;
687
return sd->spi ? sd_r1 : sd_r0;
691
case 1: /* CMD1: SEND_OP_CMD */
695
sd->state = sd_transfer_state;
698
case 2: /* CMD2: ALL_SEND_CID */
703
sd->state = sd_identification_state;
711
case 3: /* CMD3: SEND_RELATIVE_ADDR */
715
case sd_identification_state:
716
case sd_standby_state:
717
sd->state = sd_standby_state;
726
case 4: /* CMD4: SEND_DSR */
730
case sd_standby_state:
738
case 5: /* CMD5: reserved for SDIO cards */
741
case 6: /* CMD6: SWITCH_FUNCTION */
745
case sd_data_transfer_mode:
746
sd_function_switch(sd, req.arg);
747
sd->state = sd_sendingdata_state;
757
case 7: /* CMD7: SELECT/DESELECT_CARD */
761
case sd_standby_state:
765
sd->state = sd_transfer_state;
768
case sd_transfer_state:
769
case sd_sendingdata_state:
773
sd->state = sd_standby_state;
776
case sd_disconnect_state:
780
sd->state = sd_programming_state;
783
case sd_programming_state:
787
sd->state = sd_disconnect_state;
795
case 8: /* CMD8: SEND_IF_COND */
796
/* Physical Layer Specification Version 2.00 command */
801
/* No response if not exactly one VHS bit is set. */
802
if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
803
return sd->spi ? sd_r7 : sd_r0;
814
case 9: /* CMD9: SEND_CSD */
816
case sd_standby_state:
822
case sd_transfer_state:
825
sd->state = sd_sendingdata_state;
826
memcpy(sd->data, sd->csd, 16);
827
sd->data_start = addr;
836
case 10: /* CMD10: SEND_CID */
838
case sd_standby_state:
844
case sd_transfer_state:
847
sd->state = sd_sendingdata_state;
848
memcpy(sd->data, sd->cid, 16);
849
sd->data_start = addr;
858
case 11: /* CMD11: READ_DAT_UNTIL_STOP */
862
case sd_transfer_state:
863
sd->state = sd_sendingdata_state;
864
sd->data_start = req.arg;
867
if (sd->data_start + sd->blk_len > sd->size)
868
sd->card_status |= ADDRESS_ERROR;
876
case 12: /* CMD12: STOP_TRANSMISSION */
878
case sd_sendingdata_state:
879
sd->state = sd_transfer_state;
882
case sd_receivingdata_state:
883
sd->state = sd_programming_state;
884
/* Bzzzzzzztt .... Operation complete. */
885
sd->state = sd_transfer_state;
893
case 13: /* CMD13: SEND_STATUS */
895
case sd_data_transfer_mode:
906
case 15: /* CMD15: GO_INACTIVE_STATE */
910
case sd_data_transfer_mode:
914
sd->state = sd_inactive_state;
922
/* Block read commands (Classs 2) */
923
case 16: /* CMD16: SET_BLOCKLEN */
925
case sd_transfer_state:
926
if (req.arg > (1 << HWBLOCK_SHIFT))
927
sd->card_status |= BLOCK_LEN_ERROR;
929
sd->blk_len = req.arg;
938
case 17: /* CMD17: READ_SINGLE_BLOCK */
940
case sd_transfer_state:
941
sd->state = sd_sendingdata_state;
942
sd->data_start = addr;
945
if (sd->data_start + sd->blk_len > sd->size)
946
sd->card_status |= ADDRESS_ERROR;
954
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
956
case sd_transfer_state:
957
sd->state = sd_sendingdata_state;
958
sd->data_start = addr;
961
if (sd->data_start + sd->blk_len > sd->size)
962
sd->card_status |= ADDRESS_ERROR;
970
/* Block write commands (Class 4) */
971
case 24: /* CMD24: WRITE_SINGLE_BLOCK */
973
goto unimplemented_cmd;
975
case sd_transfer_state:
976
/* Writing in SPI mode not implemented. */
979
sd->state = sd_receivingdata_state;
980
sd->data_start = addr;
984
if (sd->data_start + sd->blk_len > sd->size)
985
sd->card_status |= ADDRESS_ERROR;
986
if (sd_wp_addr(sd, sd->data_start))
987
sd->card_status |= WP_VIOLATION;
988
if (sd->csd[14] & 0x30)
989
sd->card_status |= WP_VIOLATION;
997
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
999
goto unimplemented_cmd;
1000
switch (sd->state) {
1001
case sd_transfer_state:
1002
/* Writing in SPI mode not implemented. */
1005
sd->state = sd_receivingdata_state;
1006
sd->data_start = addr;
1007
sd->data_offset = 0;
1008
sd->blk_written = 0;
1010
if (sd->data_start + sd->blk_len > sd->size)
1011
sd->card_status |= ADDRESS_ERROR;
1012
if (sd_wp_addr(sd, sd->data_start))
1013
sd->card_status |= WP_VIOLATION;
1014
if (sd->csd[14] & 0x30)
1015
sd->card_status |= WP_VIOLATION;
1023
case 26: /* CMD26: PROGRAM_CID */
1026
switch (sd->state) {
1027
case sd_transfer_state:
1028
sd->state = sd_receivingdata_state;
1030
sd->data_offset = 0;
1038
case 27: /* CMD27: PROGRAM_CSD */
1040
goto unimplemented_cmd;
1041
switch (sd->state) {
1042
case sd_transfer_state:
1043
sd->state = sd_receivingdata_state;
1045
sd->data_offset = 0;
1053
/* Write protection (Class 6) */
1054
case 28: /* CMD28: SET_WRITE_PROT */
1055
switch (sd->state) {
1056
case sd_transfer_state:
1057
if (addr >= sd->size) {
1058
sd->card_status |= ADDRESS_ERROR;
1062
sd->state = sd_programming_state;
1063
set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1064
/* Bzzzzzzztt .... Operation complete. */
1065
sd->state = sd_transfer_state;
1073
case 29: /* CMD29: CLR_WRITE_PROT */
1074
switch (sd->state) {
1075
case sd_transfer_state:
1076
if (addr >= sd->size) {
1077
sd->card_status |= ADDRESS_ERROR;
1081
sd->state = sd_programming_state;
1082
clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1083
/* Bzzzzzzztt .... Operation complete. */
1084
sd->state = sd_transfer_state;
1092
case 30: /* CMD30: SEND_WRITE_PROT */
1093
switch (sd->state) {
1094
case sd_transfer_state:
1095
sd->state = sd_sendingdata_state;
1096
*(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1097
sd->data_start = addr;
1098
sd->data_offset = 0;
1106
/* Erase commands (Class 5) */
1107
case 32: /* CMD32: ERASE_WR_BLK_START */
1108
switch (sd->state) {
1109
case sd_transfer_state:
1110
sd->erase_start = req.arg;
1118
case 33: /* CMD33: ERASE_WR_BLK_END */
1119
switch (sd->state) {
1120
case sd_transfer_state:
1121
sd->erase_end = req.arg;
1129
case 38: /* CMD38: ERASE */
1130
switch (sd->state) {
1131
case sd_transfer_state:
1132
if (sd->csd[14] & 0x30) {
1133
sd->card_status |= WP_VIOLATION;
1137
sd->state = sd_programming_state;
1139
/* Bzzzzzzztt .... Operation complete. */
1140
sd->state = sd_transfer_state;
1148
/* Lock card commands (Class 7) */
1149
case 42: /* CMD42: LOCK_UNLOCK */
1151
goto unimplemented_cmd;
1152
switch (sd->state) {
1153
case sd_transfer_state:
1154
sd->state = sd_receivingdata_state;
1156
sd->data_offset = 0;
1166
/* CMD52, CMD53: reserved for SDIO cards
1167
* (see the SDIO Simplified Specification V2.0)
1168
* Handle as illegal command but do not complain
1169
* on stderr, as some OSes may use these in their
1170
* probing for presence of an SDIO card.
1174
/* Application specific commands (Class 8) */
1175
case 55: /* CMD55: APP_CMD */
1179
sd->expecting_acmd = true;
1180
sd->card_status |= APP_CMD;
1183
case 56: /* CMD56: GEN_CMD */
1184
fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1186
switch (sd->state) {
1187
case sd_transfer_state:
1188
sd->data_offset = 0;
1190
sd->state = sd_sendingdata_state;
1192
sd->state = sd_receivingdata_state;
1202
fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1206
/* Commands that are recognised but not yet implemented in SPI mode. */
1207
fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1211
fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1215
static sd_rsp_type_t sd_app_command(SDState *sd,
1218
DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1219
sd->card_status |= APP_CMD;
1221
case 6: /* ACMD6: SET_BUS_WIDTH */
1222
switch (sd->state) {
1223
case sd_transfer_state:
1224
sd->sd_status[0] &= 0x3f;
1225
sd->sd_status[0] |= (req.arg & 0x03) << 6;
1233
case 13: /* ACMD13: SD_STATUS */
1234
switch (sd->state) {
1235
case sd_transfer_state:
1236
sd->state = sd_sendingdata_state;
1238
sd->data_offset = 0;
1246
case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1247
switch (sd->state) {
1248
case sd_transfer_state:
1249
*(uint32_t *) sd->data = sd->blk_written;
1251
sd->state = sd_sendingdata_state;
1253
sd->data_offset = 0;
1261
case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1262
switch (sd->state) {
1263
case sd_transfer_state:
1271
case 41: /* ACMD41: SD_APP_OP_COND */
1274
sd->state = sd_transfer_state;
1277
switch (sd->state) {
1279
/* We accept any voltage. 10000 V is nothing. */
1281
sd->state = sd_ready_state;
1290
case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1291
switch (sd->state) {
1292
case sd_transfer_state:
1293
/* Bringing in the 50KOhm pull-up resistor... Done. */
1301
case 51: /* ACMD51: SEND_SCR */
1302
switch (sd->state) {
1303
case sd_transfer_state:
1304
sd->state = sd_sendingdata_state;
1306
sd->data_offset = 0;
1315
/* Fall back to standard commands. */
1316
return sd_normal_command(sd, req);
1319
fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1323
static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1325
/* Valid commands in locked state:
1327
* lock card class (7)
1329
* implicitly, the ACMD prefix CMD55
1331
* Anything else provokes an "illegal command" response.
1333
if (sd->expecting_acmd) {
1334
return req->cmd == 41 || req->cmd == 42;
1336
if (req->cmd == 16 || req->cmd == 55) {
1339
return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1342
int sd_do_command(SDState *sd, SDRequest *req,
1343
uint8_t *response) {
1345
sd_rsp_type_t rtype;
1348
if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1352
if (sd_req_crc_validate(req)) {
1353
sd->card_status |= COM_CRC_ERROR;
1358
if (sd->card_status & CARD_IS_LOCKED) {
1359
if (!cmd_valid_while_locked(sd, req)) {
1360
sd->card_status |= ILLEGAL_COMMAND;
1361
sd->expecting_acmd = false;
1362
fprintf(stderr, "SD: Card is locked\n");
1368
last_state = sd->state;
1371
if (sd->expecting_acmd) {
1372
sd->expecting_acmd = false;
1373
rtype = sd_app_command(sd, *req);
1375
rtype = sd_normal_command(sd, *req);
1378
if (rtype == sd_illegal) {
1379
sd->card_status |= ILLEGAL_COMMAND;
1381
/* Valid command, we can update the 'state before command' bits.
1382
* (Do this now so they appear in r1 responses.)
1384
sd->current_cmd = req->cmd;
1385
sd->card_status &= ~CURRENT_STATE;
1386
sd->card_status |= (last_state << 9);
1393
sd_response_r1_make(sd, response);
1398
memcpy(response, sd->cid, sizeof(sd->cid));
1403
memcpy(response, sd->csd, sizeof(sd->csd));
1408
sd_response_r3_make(sd, response);
1413
sd_response_r6_make(sd, response);
1418
sd_response_r7_make(sd, response);
1429
if (rtype != sd_illegal) {
1430
/* Clear the "clear on valid command" status bits now we've
1433
sd->card_status &= ~CARD_STATUS_B;
1439
DPRINTF("Response:");
1440
for (i = 0; i < rsplen; i++)
1441
fprintf(stderr, " %02x", response[i]);
1442
fprintf(stderr, " state %d\n", sd->state);
1444
DPRINTF("No response %d\n", sd->state);
1451
static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1453
uint64_t end = addr + len;
1455
DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1456
(unsigned long long) addr, len);
1457
if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1458
fprintf(stderr, "sd_blk_read: read error on host side\n");
1462
if (end > (addr & ~511) + 512) {
1463
memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1465
if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1466
fprintf(stderr, "sd_blk_read: read error on host side\n");
1469
memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1471
memcpy(sd->data, sd->buf + (addr & 511), len);
1474
static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1476
uint64_t end = addr + len;
1478
if ((addr & 511) || len < 512)
1479
if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1480
fprintf(stderr, "sd_blk_write: read error on host side\n");
1484
if (end > (addr & ~511) + 512) {
1485
memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1486
if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1487
fprintf(stderr, "sd_blk_write: write error on host side\n");
1491
if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1492
fprintf(stderr, "sd_blk_write: read error on host side\n");
1495
memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1496
if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1497
fprintf(stderr, "sd_blk_write: write error on host side\n");
1500
memcpy(sd->buf + (addr & 511), sd->data, len);
1501
if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1502
fprintf(stderr, "sd_blk_write: write error on host side\n");
1507
#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1508
#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1509
#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1510
#define APP_WRITE_BLOCK(a, len)
1512
void sd_write_data(SDState *sd, uint8_t value)
1516
if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1519
if (sd->state != sd_receivingdata_state) {
1520
fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1524
if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1527
switch (sd->current_cmd) {
1528
case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1529
sd->data[sd->data_offset ++] = value;
1530
if (sd->data_offset >= sd->blk_len) {
1531
/* TODO: Check CRC before committing */
1532
sd->state = sd_programming_state;
1533
BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535
sd->csd[14] |= 0x40;
1536
/* Bzzzzzzztt .... Operation complete. */
1537
sd->state = sd_transfer_state;
1541
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1542
if (sd->data_offset == 0) {
1543
/* Start of the block - let's check the address is valid */
1544
if (sd->data_start + sd->blk_len > sd->size) {
1545
sd->card_status |= ADDRESS_ERROR;
1548
if (sd_wp_addr(sd, sd->data_start)) {
1549
sd->card_status |= WP_VIOLATION;
1553
sd->data[sd->data_offset++] = value;
1554
if (sd->data_offset >= sd->blk_len) {
1555
/* TODO: Check CRC before committing */
1556
sd->state = sd_programming_state;
1557
BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1559
sd->data_start += sd->blk_len;
1560
sd->data_offset = 0;
1561
sd->csd[14] |= 0x40;
1563
/* Bzzzzzzztt .... Operation complete. */
1564
sd->state = sd_receivingdata_state;
1568
case 26: /* CMD26: PROGRAM_CID */
1569
sd->data[sd->data_offset ++] = value;
1570
if (sd->data_offset >= sizeof(sd->cid)) {
1571
/* TODO: Check CRC before committing */
1572
sd->state = sd_programming_state;
1573
for (i = 0; i < sizeof(sd->cid); i ++)
1574
if ((sd->cid[i] | 0x00) != sd->data[i])
1575
sd->card_status |= CID_CSD_OVERWRITE;
1577
if (!(sd->card_status & CID_CSD_OVERWRITE))
1578
for (i = 0; i < sizeof(sd->cid); i ++) {
1580
sd->cid[i] &= sd->data[i];
1582
/* Bzzzzzzztt .... Operation complete. */
1583
sd->state = sd_transfer_state;
1587
case 27: /* CMD27: PROGRAM_CSD */
1588
sd->data[sd->data_offset ++] = value;
1589
if (sd->data_offset >= sizeof(sd->csd)) {
1590
/* TODO: Check CRC before committing */
1591
sd->state = sd_programming_state;
1592
for (i = 0; i < sizeof(sd->csd); i ++)
1593
if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1594
(sd->data[i] | sd_csd_rw_mask[i]))
1595
sd->card_status |= CID_CSD_OVERWRITE;
1597
/* Copy flag (OTP) & Permanent write protect */
1598
if (sd->csd[14] & ~sd->data[14] & 0x60)
1599
sd->card_status |= CID_CSD_OVERWRITE;
1601
if (!(sd->card_status & CID_CSD_OVERWRITE))
1602
for (i = 0; i < sizeof(sd->csd); i ++) {
1603
sd->csd[i] |= sd_csd_rw_mask[i];
1604
sd->csd[i] &= sd->data[i];
1606
/* Bzzzzzzztt .... Operation complete. */
1607
sd->state = sd_transfer_state;
1611
case 42: /* CMD42: LOCK_UNLOCK */
1612
sd->data[sd->data_offset ++] = value;
1613
if (sd->data_offset >= sd->blk_len) {
1614
/* TODO: Check CRC before committing */
1615
sd->state = sd_programming_state;
1616
sd_lock_command(sd);
1617
/* Bzzzzzzztt .... Operation complete. */
1618
sd->state = sd_transfer_state;
1622
case 56: /* CMD56: GEN_CMD */
1623
sd->data[sd->data_offset ++] = value;
1624
if (sd->data_offset >= sd->blk_len) {
1625
APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1626
sd->state = sd_transfer_state;
1631
fprintf(stderr, "sd_write_data: unknown command\n");
1636
uint8_t sd_read_data(SDState *sd)
1638
/* TODO: Append CRCs */
1642
if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1645
if (sd->state != sd_sendingdata_state) {
1646
fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1650
if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1653
io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1655
switch (sd->current_cmd) {
1656
case 6: /* CMD6: SWITCH_FUNCTION */
1657
ret = sd->data[sd->data_offset ++];
1659
if (sd->data_offset >= 64)
1660
sd->state = sd_transfer_state;
1663
case 9: /* CMD9: SEND_CSD */
1664
case 10: /* CMD10: SEND_CID */
1665
ret = sd->data[sd->data_offset ++];
1667
if (sd->data_offset >= 16)
1668
sd->state = sd_transfer_state;
1671
case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1672
if (sd->data_offset == 0)
1673
BLK_READ_BLOCK(sd->data_start, io_len);
1674
ret = sd->data[sd->data_offset ++];
1676
if (sd->data_offset >= io_len) {
1677
sd->data_start += io_len;
1678
sd->data_offset = 0;
1679
if (sd->data_start + io_len > sd->size) {
1680
sd->card_status |= ADDRESS_ERROR;
1686
case 13: /* ACMD13: SD_STATUS */
1687
ret = sd->sd_status[sd->data_offset ++];
1689
if (sd->data_offset >= sizeof(sd->sd_status))
1690
sd->state = sd_transfer_state;
1693
case 17: /* CMD17: READ_SINGLE_BLOCK */
1694
if (sd->data_offset == 0)
1695
BLK_READ_BLOCK(sd->data_start, io_len);
1696
ret = sd->data[sd->data_offset ++];
1698
if (sd->data_offset >= io_len)
1699
sd->state = sd_transfer_state;
1702
case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1703
if (sd->data_offset == 0)
1704
BLK_READ_BLOCK(sd->data_start, io_len);
1705
ret = sd->data[sd->data_offset ++];
1707
if (sd->data_offset >= io_len) {
1708
sd->data_start += io_len;
1709
sd->data_offset = 0;
1710
if (sd->data_start + io_len > sd->size) {
1711
sd->card_status |= ADDRESS_ERROR;
1717
case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1718
ret = sd->data[sd->data_offset ++];
1720
if (sd->data_offset >= 4)
1721
sd->state = sd_transfer_state;
1724
case 30: /* CMD30: SEND_WRITE_PROT */
1725
ret = sd->data[sd->data_offset ++];
1727
if (sd->data_offset >= 4)
1728
sd->state = sd_transfer_state;
1731
case 51: /* ACMD51: SEND_SCR */
1732
ret = sd->scr[sd->data_offset ++];
1734
if (sd->data_offset >= sizeof(sd->scr))
1735
sd->state = sd_transfer_state;
1738
case 56: /* CMD56: GEN_CMD */
1739
if (sd->data_offset == 0)
1740
APP_READ_BLOCK(sd->data_start, sd->blk_len);
1741
ret = sd->data[sd->data_offset ++];
1743
if (sd->data_offset >= sd->blk_len)
1744
sd->state = sd_transfer_state;
1748
fprintf(stderr, "sd_read_data: unknown command\n");
1755
bool sd_data_ready(SDState *sd)
1757
return sd->state == sd_sendingdata_state;
1760
void sd_enable(SDState *sd, bool enable)
1762
sd->enable = enable;