2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 #define DPRINTF(fmt, args...) \
38 do { printf("SD: " fmt , ##args); } while (0)
40 #define DPRINTF(fmt, args...) do {} while(0)
44 sd_r0 = 0, /* no response */
45 sd_r1, /* normal response command */
46 sd_r2_i, /* CID register */
47 sd_r2_s, /* CSD register */
48 sd_r3, /* OCR register */
49 sd_r6 = 6, /* Published RCA response */
56 sd_card_identification_mode,
57 sd_data_transfer_mode,
60 sd_inactive_state = -1,
63 sd_identification_state,
67 sd_receivingdata_state,
77 uint8_t sd_status[64];
86 int function_group[6];
93 void (*readonly_cb)(void *, int);
94 void (*inserted_cb)(void *, int);
96 BlockDriverState *bdrv;
99 static void sd_set_status(SDState *sd)
102 case sd_inactive_state:
103 sd->mode = sd_inactive;
108 case sd_identification_state:
109 sd->mode = sd_card_identification_mode;
112 case sd_standby_state:
113 case sd_transfer_state:
114 case sd_sendingdata_state:
115 case sd_receivingdata_state:
116 case sd_programming_state:
117 case sd_disconnect_state:
118 sd->mode = sd_data_transfer_mode;
122 sd->card_status &= ~CURRENT_STATE;
123 sd->card_status |= sd->state << 9;
126 const sd_cmd_type_t sd_cmd_type[64] = {
127 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
128 sd_none, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
129 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
130 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
131 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
132 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
133 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
134 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
137 const sd_cmd_type_t sd_acmd_type[64] = {
138 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
144 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
148 static const int sd_cmd_class[64] = {
149 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
150 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
151 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
152 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
155 static uint8_t sd_crc7(void *message, size_t width)
158 uint8_t shift_reg = 0x00;
159 uint8_t *msg = (uint8_t *) message;
161 for (i = 0; i < width; i ++, msg ++)
162 for (bit = 7; bit >= 0; bit --) {
164 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 static uint16_t sd_crc16(void *message, size_t width)
174 uint16_t shift_reg = 0x0000;
175 uint16_t *msg = (uint16_t *) message;
178 for (i = 0; i < width; i ++, msg ++)
179 for (bit = 15; bit >= 0; bit --) {
181 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 static void sd_set_ocr(SDState *sd)
190 sd->ocr = 0x80fffff0;
193 static void sd_set_scr(SDState *sd)
195 sd->scr[0] = 0x00; /* SCR Structure */
196 sd->scr[1] = 0x2f; /* SD Security Support */
212 static void sd_set_cid(SDState *sd)
214 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
215 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
217 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
222 sd->cid[8] = PRV; /* Fake product revision (PRV) */
223 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
227 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
228 ((MDT_YR - 2000) / 10);
229 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
230 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
233 #define HWBLOCK_SHIFT 9 /* 512 bytes */
234 #define SECTOR_SHIFT 5 /* 16 kilobytes */
235 #define WPGROUP_SHIFT 7 /* 2 megs */
236 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
237 #define BLOCK_SIZE (1 << (HWBLOCK_SHIFT))
238 #define SECTOR_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT))
239 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
241 static const uint8_t sd_csd_rw_mask[16] = {
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
243 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
246 static void sd_set_csd(SDState *sd, uint32_t size)
248 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
249 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
250 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
252 sd->csd[0] = 0x00; /* CSD structure */
253 sd->csd[1] = 0x26; /* Data read access-time-1 */
254 sd->csd[2] = 0x00; /* Data read access-time-2 */
255 sd->csd[3] = 0x5a; /* Max. data transfer rate */
256 sd->csd[4] = 0x5f; /* Card Command Classes */
257 sd->csd[5] = 0x50 | /* Max. read data block length */
259 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
260 ((csize >> 10) & 0x03);
261 sd->csd[7] = 0x00 | /* Device size */
262 ((csize >> 2) & 0xff);
263 sd->csd[8] = 0x3f | /* Max. read current */
264 ((csize << 6) & 0xc0);
265 sd->csd[9] = 0xfc | /* Max. write current */
266 ((CMULT_SHIFT - 2) >> 1);
267 sd->csd[10] = 0x40 | /* Erase sector size */
268 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
269 sd->csd[11] = 0x00 | /* Write protect group size */
270 ((sectsize << 7) & 0x80) | wpsize;
271 sd->csd[12] = 0x90 | /* Write speed factor */
272 (HWBLOCK_SHIFT >> 2);
273 sd->csd[13] = 0x20 | /* Max. write data block length */
274 ((HWBLOCK_SHIFT << 6) & 0xc0);
275 sd->csd[14] = 0x00; /* File format group */
276 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
279 static void sd_set_rca(SDState *sd)
284 #define CARD_STATUS_A 0x02004100
285 #define CARD_STATUS_B 0x00c01e00
286 #define CARD_STATUS_C 0xfd39a028
288 static void sd_set_cardstatus(SDState *sd)
290 sd->card_status = 0x00000100;
293 static void sd_set_sdstatus(SDState *sd)
295 memset(sd->sd_status, 0, 64);
298 static int sd_req_crc_validate(struct sd_request_s *req)
301 buffer[0] = 0x40 | req->cmd;
302 buffer[1] = (req->arg >> 24) & 0xff;
303 buffer[2] = (req->arg >> 16) & 0xff;
304 buffer[3] = (req->arg >> 8) & 0xff;
305 buffer[4] = (req->arg >> 0) & 0xff;
307 return sd_crc7(buffer, 5) != req->crc; /* TODO */
310 void sd_response_r1_make(SDState *sd,
311 uint8_t *response, uint32_t last_status)
313 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
316 status = (sd->card_status & ~mask) | (last_status & mask);
317 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
319 response[0] = (status >> 24) & 0xff;
320 response[1] = (status >> 16) & 0xff;
321 response[2] = (status >> 8) & 0xff;
322 response[3] = (status >> 0) & 0xff;
325 void sd_response_r3_make(SDState *sd, uint8_t *response)
327 response[0] = (sd->ocr >> 24) & 0xff;
328 response[1] = (sd->ocr >> 16) & 0xff;
329 response[2] = (sd->ocr >> 8) & 0xff;
330 response[3] = (sd->ocr >> 0) & 0xff;
333 void sd_response_r6_make(SDState *sd, uint8_t *response)
339 status = ((sd->card_status >> 8) & 0xc000) |
340 ((sd->card_status >> 6) & 0x2000) |
341 (sd->card_status & 0x1fff);
343 response[0] = (arg >> 8) & 0xff;
344 response[1] = arg & 0xff;
345 response[2] = (status >> 8) & 0xff;
346 response[3] = status & 0xff;
349 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
354 bdrv_get_geometry(bdrv, §);
357 if (sect > 0x40000000)
358 size = 0x40000000; /* 1 gig */
362 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
364 sd->state = sd_idle_state;
369 sd_set_csd(sd, size);
370 sd_set_cardstatus(sd);
375 sd->wp_switch = bdrv_is_read_only(bdrv);
376 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
377 memset(sd->wp_groups, 0, sizeof(int) * sect);
378 memset(sd->function_group, 0, sizeof(int) * 6);
386 static void sd_cardchange(void *opaque)
388 SDState *sd = opaque;
390 sd->inserted_cb(sd->opaque, bdrv_is_inserted(sd->bdrv));
391 if (bdrv_is_inserted(sd->bdrv)) {
392 sd_reset(sd, sd->bdrv);
394 sd->readonly_cb(sd->opaque, sd->wp_switch);
398 SDState *sd_init(BlockDriverState *bs)
402 sd = (SDState *) qemu_mallocz(sizeof(SDState));
407 void sd_set_cb(SDState *sd, void *opaque,
408 void (*readonly_cb)(void *, int),
409 void (*inserted_cb)(void *, int))
412 sd->readonly_cb = readonly_cb;
413 sd->inserted_cb = inserted_cb;
415 sd->readonly_cb(sd->opaque, bdrv_is_read_only(sd->bdrv));
417 sd->inserted_cb(sd->opaque, bdrv_is_inserted(sd->bdrv));
418 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
421 static void sd_erase(SDState *sd)
424 if (!sd->erase_start || !sd->erase_end) {
425 sd->card_status |= ERASE_SEQ_ERROR;
429 start = sd->erase_start >>
430 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
431 end = sd->erase_end >>
432 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
437 for (i = start; i <= end; i ++)
438 if (sd->wp_groups[i])
439 sd->card_status |= WP_ERASE_SKIP;
442 static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
447 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
449 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
450 if (addr < sd->size && sd->wp_groups[wpnum])
456 static void sd_function_switch(SDState *sd, uint32_t arg)
458 int i, mode, new_func, crc;
459 mode = !!(arg & 0x80000000);
461 sd->data[0] = 0x00; /* Maximum current consumption */
463 sd->data[2] = 0x80; /* Supported group 6 functions */
465 sd->data[4] = 0x80; /* Supported group 5 functions */
467 sd->data[6] = 0x80; /* Supported group 4 functions */
469 sd->data[8] = 0x80; /* Supported group 3 functions */
471 sd->data[10] = 0x80; /* Supported group 2 functions */
473 sd->data[12] = 0x80; /* Supported group 1 functions */
475 for (i = 0; i < 6; i ++) {
476 new_func = (arg >> (i * 4)) & 0x0f;
477 if (mode && new_func != 0x0f)
478 sd->function_group[i] = new_func;
479 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
481 memset(&sd->data[17], 0, 47);
482 crc = sd_crc16(sd->data, 64);
483 sd->data[65] = crc >> 8;
484 sd->data[66] = crc & 0xff;
487 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
489 return sd->wp_groups[addr >>
490 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
493 static void sd_lock_command(SDState *sd)
495 int erase, lock, clr_pwd, set_pwd, pwd_len;
496 erase = !!(sd->data[0] & 0x08);
497 lock = sd->data[0] & 0x04;
498 clr_pwd = sd->data[0] & 0x02;
499 set_pwd = sd->data[0] & 0x01;
502 pwd_len = sd->data[1];
507 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
508 set_pwd || clr_pwd || lock || sd->wp_switch ||
509 (sd->csd[14] & 0x20)) {
510 sd->card_status |= LOCK_UNLOCK_FAILED;
513 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
514 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
515 sd->csd[14] &= ~0x10;
516 sd->card_status &= ~CARD_IS_LOCKED;
518 /* Erasing the entire card here! */
519 printf("SD: Card force-erased by CMD42\n");
523 if (sd->blk_len < 2 + pwd_len ||
524 pwd_len <= sd->pwd_len ||
525 pwd_len > sd->pwd_len + 16) {
526 sd->card_status |= LOCK_UNLOCK_FAILED;
530 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
531 sd->card_status |= LOCK_UNLOCK_FAILED;
535 pwd_len -= sd->pwd_len;
536 if ((pwd_len && !set_pwd) ||
537 (clr_pwd && (set_pwd || lock)) ||
538 (lock && !sd->pwd_len && !set_pwd) ||
539 (!set_pwd && !clr_pwd &&
540 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
541 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
542 sd->card_status |= LOCK_UNLOCK_FAILED;
547 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
548 sd->pwd_len = pwd_len;
556 sd->card_status |= CARD_IS_LOCKED;
558 sd->card_status &= ~CARD_IS_LOCKED;
561 static sd_rsp_type_t sd_normal_command(SDState *sd,
562 struct sd_request_s req)
564 uint32_t rca = 0x0000;
566 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
569 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
571 /* Basic commands (Class 0 and Class 1) */
572 case 0: /* CMD0: GO_IDLE_STATE */
574 case sd_inactive_state:
578 sd->state = sd_idle_state;
579 sd_reset(sd, sd->bdrv);
584 case 2: /* CMD2: ALL_SEND_CID */
587 sd->state = sd_identification_state;
595 case 3: /* CMD3: SEND_RELATIVE_ADDR */
597 case sd_identification_state:
598 case sd_standby_state:
599 sd->state = sd_standby_state;
608 case 4: /* CMD4: SEND_DSR */
610 case sd_standby_state:
618 case 6: /* CMD6: SWITCH_FUNCTION */
620 case sd_data_transfer_mode:
621 sd_function_switch(sd, req.arg);
622 sd->state = sd_sendingdata_state;
632 case 7: /* CMD7: SELECT/DESELECT_CARD */
634 case sd_standby_state:
638 sd->state = sd_transfer_state;
641 case sd_transfer_state:
642 case sd_sendingdata_state:
646 sd->state = sd_standby_state;
649 case sd_disconnect_state:
653 sd->state = sd_programming_state;
656 case sd_programming_state:
660 sd->state = sd_disconnect_state;
668 case 9: /* CMD9: SEND_CSD */
670 case sd_standby_state:
681 case 10: /* CMD10: SEND_CID */
683 case sd_standby_state:
694 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
696 case sd_transfer_state:
697 sd->state = sd_sendingdata_state;
698 sd->data_start = req.arg;
701 if (sd->data_start + sd->blk_len > sd->size)
702 sd->card_status |= ADDRESS_ERROR;
710 case 12: /* CMD12: STOP_TRANSMISSION */
712 case sd_sendingdata_state:
713 sd->state = sd_transfer_state;
716 case sd_receivingdata_state:
717 sd->state = sd_programming_state;
718 /* Bzzzzzzztt .... Operation complete. */
719 sd->state = sd_transfer_state;
727 case 13: /* CMD13: SEND_STATUS */
729 case sd_data_transfer_mode:
740 case 15: /* CMD15: GO_INACTIVE_STATE */
742 case sd_data_transfer_mode:
746 sd->state = sd_inactive_state;
754 /* Block read commands (Classs 2) */
755 case 16: /* CMD16: SET_BLOCKLEN */
757 case sd_transfer_state:
758 if (req.arg > (1 << HWBLOCK_SHIFT))
759 sd->card_status |= BLOCK_LEN_ERROR;
761 sd->blk_len = req.arg;
770 case 17: /* CMD17: READ_SINGLE_BLOCK */
772 case sd_transfer_state:
773 sd->state = sd_sendingdata_state;
774 sd->data_start = req.arg;
777 if (sd->data_start + sd->blk_len > sd->size)
778 sd->card_status |= ADDRESS_ERROR;
786 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
788 case sd_transfer_state:
789 sd->state = sd_sendingdata_state;
790 sd->data_start = req.arg;
793 if (sd->data_start + sd->blk_len > sd->size)
794 sd->card_status |= ADDRESS_ERROR;
802 /* Block write commands (Class 4) */
803 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
805 case sd_transfer_state:
806 sd->state = sd_receivingdata_state;
807 sd->data_start = req.arg;
811 if (sd->data_start + sd->blk_len > sd->size)
812 sd->card_status |= ADDRESS_ERROR;
813 if (sd_wp_addr(sd, sd->data_start))
814 sd->card_status |= WP_VIOLATION;
815 if (sd->csd[14] & 0x30)
816 sd->card_status |= WP_VIOLATION;
824 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
826 case sd_transfer_state:
827 sd->state = sd_receivingdata_state;
828 sd->data_start = req.arg;
832 if (sd->data_start + sd->blk_len > sd->size)
833 sd->card_status |= ADDRESS_ERROR;
834 if (sd_wp_addr(sd, sd->data_start))
835 sd->card_status |= WP_VIOLATION;
836 if (sd->csd[14] & 0x30)
837 sd->card_status |= WP_VIOLATION;
845 case 26: /* CMD26: PROGRAM_CID */
847 case sd_transfer_state:
848 sd->state = sd_receivingdata_state;
858 case 27: /* CMD27: PROGRAM_CSD */
860 case sd_transfer_state:
861 sd->state = sd_receivingdata_state;
871 /* Write protection (Class 6) */
872 case 28: /* CMD28: SET_WRITE_PROT */
874 case sd_transfer_state:
875 if (req.arg >= sd->size) {
876 sd->card_status = ADDRESS_ERROR;
880 sd->state = sd_programming_state;
881 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
882 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
883 /* Bzzzzzzztt .... Operation complete. */
884 sd->state = sd_transfer_state;
892 case 29: /* CMD29: CLR_WRITE_PROT */
894 case sd_transfer_state:
895 if (req.arg >= sd->size) {
896 sd->card_status = ADDRESS_ERROR;
900 sd->state = sd_programming_state;
901 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
902 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
903 /* Bzzzzzzztt .... Operation complete. */
904 sd->state = sd_transfer_state;
912 case 30: /* CMD30: SEND_WRITE_PROT */
914 case sd_transfer_state:
915 sd->state = sd_sendingdata_state;
916 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
917 sd->data_start = req.arg;
926 /* Erase commands (Class 5) */
927 case 32: /* CMD32: ERASE_WR_BLK_START */
929 case sd_transfer_state:
930 sd->erase_start = req.arg;
938 case 33: /* CMD33: ERASE_WR_BLK_END */
940 case sd_transfer_state:
941 sd->erase_end = req.arg;
949 case 38: /* CMD38: ERASE */
951 case sd_transfer_state:
952 if (sd->csd[14] & 0x30) {
953 sd->card_status |= WP_VIOLATION;
957 sd->state = sd_programming_state;
959 /* Bzzzzzzztt .... Operation complete. */
960 sd->state = sd_transfer_state;
968 /* Lock card commands (Class 7) */
969 case 42: /* CMD42: LOCK_UNLOCK */
971 case sd_transfer_state:
972 sd->state = sd_receivingdata_state;
982 /* Application specific commands (Class 8) */
983 case 55: /* CMD55: APP_CMD */
987 sd->card_status |= APP_CMD;
990 case 56: /* CMD56: GEN_CMD */
991 printf("SD: GEN_CMD 0x%08x\n", req.arg);
994 case sd_transfer_state:
997 sd->state = sd_sendingdata_state;
999 sd->state = sd_receivingdata_state;
1008 sd->card_status |= ILLEGAL_COMMAND;
1010 printf("SD: Unknown CMD%i\n", req.cmd);
1014 sd->card_status |= ILLEGAL_COMMAND;
1015 printf("SD: CMD%i in a wrong state\n", req.cmd);
1019 static sd_rsp_type_t sd_app_command(SDState *sd,
1020 struct sd_request_s req) {
1023 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1024 rca = req.arg >> 16;
1026 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1028 case 6: /* ACMD6: SET_BUS_WIDTH */
1029 switch (sd->state) {
1030 case sd_transfer_state:
1031 sd->sd_status[0] &= 0x3f;
1032 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1040 case 13: /* ACMD13: SD_STATUS */
1041 switch (sd->state) {
1042 case sd_transfer_state:
1044 sd->data_offset = 0;
1052 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1053 switch (sd->state) {
1054 case sd_transfer_state:
1055 *(uint32_t *) sd->data = sd->blk_written;
1058 sd->data_offset = 0;
1066 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1067 switch (sd->state) {
1068 case sd_transfer_state:
1076 case 41: /* ACMD41: SD_APP_OP_COND */
1077 switch (sd->state) {
1079 /* We accept any voltage. 10000 V is nothing. */
1081 sd->state = sd_ready_state;
1090 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1091 switch (sd->state) {
1092 case sd_transfer_state:
1093 /* Bringing in the 50KOhm pull-up resistor... Done. */
1101 case 51: /* ACMD51: SEND_SCR */
1102 switch (sd->state) {
1103 case sd_transfer_state:
1104 sd->state = sd_sendingdata_state;
1106 sd->data_offset = 0;
1115 /* Fall back to standard commands. */
1116 sd->card_status &= ~APP_CMD;
1117 return sd_normal_command(sd, req);
1120 printf("SD: ACMD%i in a wrong state\n", req.cmd);
1124 int sd_do_command(SDState *sd, struct sd_request_s *req,
1125 uint8_t *response) {
1126 uint32_t last_status = sd->card_status;
1127 sd_rsp_type_t rtype;
1130 if (!bdrv_is_inserted(sd->bdrv)) {
1134 if (sd_req_crc_validate(req)) {
1135 sd->card_status &= ~COM_CRC_ERROR;
1139 sd->card_status &= ~CARD_STATUS_B;
1142 if (last_status & CARD_IS_LOCKED)
1143 if (((last_status & APP_CMD) &&
1145 (!(last_status & APP_CMD) &&
1146 (sd_cmd_class[req->cmd] == 0 ||
1147 sd_cmd_class[req->cmd] == 7 ||
1148 req->cmd == 16 || req->cmd == 55))) {
1149 sd->card_status |= ILLEGAL_COMMAND;
1150 printf("SD: Card is locked\n");
1154 if (last_status & APP_CMD)
1155 rtype = sd_app_command(sd, *req);
1157 rtype = sd_normal_command(sd, *req);
1159 sd->current_cmd = req->cmd;
1164 sd_response_r1_make(sd, response, last_status);
1169 memcpy(response, sd->cid, sizeof(sd->cid));
1175 memcpy(response, sd->csd, sizeof(sd->csd));
1181 sd_response_r3_make(sd, response);
1186 sd_response_r6_make(sd, response);
1196 if (sd->card_status & ILLEGAL_COMMAND)
1202 DPRINTF("Response:");
1203 for (i = 0; i < rsplen; i++)
1204 printf(" %02x", response[i]);
1205 printf(" state %d\n", sd->state);
1207 DPRINTF("No response %d\n", sd->state);
1214 /* No real need for 64 bit addresses here */
1215 static void sd_blk_read(BlockDriverState *bdrv,
1216 void *data, uint32_t addr, uint32_t len)
1219 uint32_t end = addr + len;
1221 if (!bdrv || bdrv_read(bdrv, addr >> 9, buf, 1) == -1) {
1222 printf("sd_blk_read: read error on host side\n");
1226 if (end > (addr & ~511) + 512) {
1227 memcpy(data, buf + (addr & 511), 512 - (addr & 511));
1229 if (bdrv_read(bdrv, end >> 9, buf, 1) == -1) {
1230 printf("sd_blk_read: read error on host side\n");
1233 memcpy(data + 512 - (addr & 511), buf, end & 511);
1235 memcpy(data, buf + (addr & 511), len);
1238 static void sd_blk_write(BlockDriverState *bdrv,
1239 void *data, uint32_t addr, uint32_t len)
1242 uint32_t end = addr + len;
1244 if ((addr & 511) || len < 512)
1245 if (!bdrv || bdrv_read(bdrv, addr >> 9, buf, 1) == -1) {
1246 printf("sd_blk_write: read error on host side\n");
1250 if (end > (addr & ~511) + 512) {
1251 memcpy(buf + (addr & 511), data, 512 - (addr & 511));
1252 if (bdrv_write(bdrv, addr >> 9, buf, 1) == -1) {
1253 printf("sd_blk_write: write error on host side\n");
1257 if (bdrv_read(bdrv, end >> 9, buf, 1) == -1) {
1258 printf("sd_blk_write: read error on host side\n");
1261 memcpy(buf, data + 512 - (addr & 511), end & 511);
1262 if (bdrv_write(bdrv, end >> 9, buf, 1) == -1)
1263 printf("sd_blk_write: write error on host side\n");
1265 memcpy(buf + (addr & 511), data, len);
1266 if (!bdrv || bdrv_write(bdrv, addr >> 9, buf, 1) == -1)
1267 printf("sd_blk_write: write error on host side\n");
1271 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd->bdrv, sd->data, a, len)
1272 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd->bdrv, sd->data, a, len)
1273 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1274 #define APP_WRITE_BLOCK(a, len)
1276 void sd_write_data(SDState *sd, uint8_t value)
1280 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1283 if (sd->state != sd_receivingdata_state) {
1284 printf("sd_write_data: not in Receiving-Data state\n");
1288 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1291 switch (sd->current_cmd) {
1292 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1293 sd->data[sd->data_offset ++] = value;
1294 if (sd->data_offset >= sd->blk_len) {
1295 /* TODO: Check CRC before committing */
1296 sd->state = sd_programming_state;
1297 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1299 sd->csd[14] |= 0x40;
1300 /* Bzzzzzzztt .... Operation complete. */
1301 sd->state = sd_transfer_state;
1305 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1306 sd->data[sd->data_offset ++] = value;
1307 if (sd->data_offset >= sd->blk_len) {
1308 /* TODO: Check CRC before committing */
1309 sd->state = sd_programming_state;
1310 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1312 sd->data_start += sd->blk_len;
1313 sd->data_offset = 0;
1314 if (sd->data_start + sd->blk_len > sd->size) {
1315 sd->card_status |= ADDRESS_ERROR;
1318 if (sd_wp_addr(sd, sd->data_start)) {
1319 sd->card_status |= WP_VIOLATION;
1322 sd->csd[14] |= 0x40;
1324 /* Bzzzzzzztt .... Operation complete. */
1325 sd->state = sd_receivingdata_state;
1329 case 26: /* CMD26: PROGRAM_CID */
1330 sd->data[sd->data_offset ++] = value;
1331 if (sd->data_offset >= sizeof(sd->cid)) {
1332 /* TODO: Check CRC before committing */
1333 sd->state = sd_programming_state;
1334 for (i = 0; i < sizeof(sd->cid); i ++)
1335 if ((sd->cid[i] | 0x00) != sd->data[i])
1336 sd->card_status |= CID_CSD_OVERWRITE;
1338 if (!(sd->card_status & CID_CSD_OVERWRITE))
1339 for (i = 0; i < sizeof(sd->cid); i ++) {
1341 sd->cid[i] &= sd->data[i];
1343 /* Bzzzzzzztt .... Operation complete. */
1344 sd->state = sd_transfer_state;
1348 case 27: /* CMD27: PROGRAM_CSD */
1349 sd->data[sd->data_offset ++] = value;
1350 if (sd->data_offset >= sizeof(sd->csd)) {
1351 /* TODO: Check CRC before committing */
1352 sd->state = sd_programming_state;
1353 for (i = 0; i < sizeof(sd->csd); i ++)
1354 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1355 (sd->data[i] | sd_csd_rw_mask[i]))
1356 sd->card_status |= CID_CSD_OVERWRITE;
1358 /* Copy flag (OTP) & Permanent write protect */
1359 if (sd->csd[14] & ~sd->data[14] & 0x60)
1360 sd->card_status |= CID_CSD_OVERWRITE;
1362 if (!(sd->card_status & CID_CSD_OVERWRITE))
1363 for (i = 0; i < sizeof(sd->csd); i ++) {
1364 sd->csd[i] |= sd_csd_rw_mask[i];
1365 sd->csd[i] &= sd->data[i];
1367 /* Bzzzzzzztt .... Operation complete. */
1368 sd->state = sd_transfer_state;
1372 case 42: /* CMD42: LOCK_UNLOCK */
1373 sd->data[sd->data_offset ++] = value;
1374 if (sd->data_offset >= sd->blk_len) {
1375 /* TODO: Check CRC before committing */
1376 sd->state = sd_programming_state;
1377 sd_lock_command(sd);
1378 /* Bzzzzzzztt .... Operation complete. */
1379 sd->state = sd_transfer_state;
1383 case 56: /* CMD56: GEN_CMD */
1384 sd->data[sd->data_offset ++] = value;
1385 if (sd->data_offset >= sd->blk_len) {
1386 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1387 sd->state = sd_transfer_state;
1392 printf("sd_write_data: unknown command\n");
1397 uint8_t sd_read_data(SDState *sd)
1399 /* TODO: Append CRCs */
1402 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv))
1405 if (sd->state != sd_sendingdata_state) {
1406 printf("sd_read_data: not in Sending-Data state\n");
1410 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1413 switch (sd->current_cmd) {
1414 case 6: /* CMD6: SWITCH_FUNCTION */
1415 ret = sd->data[sd->data_offset ++];
1417 if (sd->data_offset >= 64)
1418 sd->state = sd_transfer_state;
1421 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1422 if (sd->data_offset == 0)
1423 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1424 ret = sd->data[sd->data_offset ++];
1426 if (sd->data_offset >= sd->blk_len) {
1427 sd->data_start += sd->blk_len;
1428 sd->data_offset = 0;
1429 if (sd->data_start + sd->blk_len > sd->size) {
1430 sd->card_status |= ADDRESS_ERROR;
1436 case 13: /* ACMD13: SD_STATUS */
1437 ret = sd->sd_status[sd->data_offset ++];
1439 if (sd->data_offset >= sizeof(sd->sd_status))
1440 sd->state = sd_transfer_state;
1443 case 17: /* CMD17: READ_SINGLE_BLOCK */
1444 if (sd->data_offset == 0)
1445 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1446 ret = sd->data[sd->data_offset ++];
1448 if (sd->data_offset >= sd->blk_len)
1449 sd->state = sd_transfer_state;
1452 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1453 if (sd->data_offset == 0)
1454 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1455 ret = sd->data[sd->data_offset ++];
1457 if (sd->data_offset >= sd->blk_len) {
1458 sd->data_start += sd->blk_len;
1459 sd->data_offset = 0;
1460 if (sd->data_start + sd->blk_len > sd->size) {
1461 sd->card_status |= ADDRESS_ERROR;
1467 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1468 ret = sd->data[sd->data_offset ++];
1470 if (sd->data_offset >= 4)
1471 sd->state = sd_transfer_state;
1474 case 30: /* CMD30: SEND_WRITE_PROT */
1475 ret = sd->data[sd->data_offset ++];
1477 if (sd->data_offset >= 4)
1478 sd->state = sd_transfer_state;
1481 case 51: /* ACMD51: SEND_SCR */
1482 ret = sd->scr[sd->data_offset ++];
1484 if (sd->data_offset >= sizeof(sd->scr))
1485 sd->state = sd_transfer_state;
1488 case 56: /* CMD56: GEN_CMD */
1489 if (sd->data_offset == 0)
1490 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1491 ret = sd->data[sd->data_offset ++];
1493 if (sd->data_offset >= sd->blk_len)
1494 sd->state = sd_transfer_state;
1498 printf("sd_read_data: unknown command\n");
1505 int sd_data_ready(SDState *sd)
1507 return sd->state == sd_sendingdata_state;
projects / qemu / blob