4. SD Memory Card Functional Description
4.3 Data Transfer Mode
4.3.7 Card Lock/Unlock Operation
4.3.7.1 General
The password protection feature enables the host to lock a card while providing a password, which later will be used for unlocking the card. The password and its size are kept in a 128-bit PWD and 8-bit PWD_LEN registers, respectively. These registers are non-volatile so that a power cycle will not erase them.
Locked cards respond to (and execute) all commands in the "basic" command class (class 0), ACMD41, CMD16 and “lock card” command class. Thus, the host is allowed to reset, initialize, select, query for status, etc., but not to access data on the card. If the password was previously set (the value of PWD_LEN is not 0), the card will be locked automatically after power on.
Similar to the existing CSD register write commands, the lock/unlock command is available in "transfer state" only. This means that it does not include an address argument and the card shall be selected before using it.
The card lock/unlock command has the structure and bus transaction type of a regular single block write command. The transferred data block includes all the required information of the command (password setting mode, PWD itself, card lock/unlock etc.). Table 4-4 describes the structure of the command data block. Note that the host compliant to the SD Physical Specification Version 2.00 shall set reserved bits (Bit7-4) to 0 when issuing CMD42.
Byte # Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
0 Reserved
(shall be set to 0)
ERASE LOCK_
UNLOCK
CLR_
PWD
SET_
PWD
1 PWDS_LEN 2
...
PWDS_LEN + 1
Password data
Table 4-4: Lock Card Data Structure
• ERASE: 1 Defines Forced Erase Operation. In byte 0, bit 3 will be set to 1 (all other bits shall be 0). All other bytes of this command will be ignored by the card.
• LOCK/UNLOCK: 1 = Locks the card. 0 = Unlock the card (note that it is valid to set this bit together with SET_PWD but it is not allowed to set it together with CLR_PWD).
• CLR_PWD: 1 = Clears PWD.
• SET_PWD: 1 = Set new password to PWD
• PWDS_LEN: Defines the following password(s) length (in bytes). In case of a password change, this field includes the total password lengths of old and new passwords.
The password length is up to 16 bytes. In case of a password change, the total length of the old password and the new password can be up to 32 bytes.
• Password data: In case of setting a new password, it contains the new password. In case of a password change, it contains the old password followed by the new password.
The data block size shall be defined by the host before it sends the card lock/unlock command. The block length shall be set to greater than or equal to the required data structure of the lock/unlock command. In the following explanation, changing block size by CMD16 is not a mandatory requirement for the lock/unlock command.
The following paragraphs define the various lock/unlock command sequences:
• Setting the Password
• Select a card (CMD7), if not previously selected.
• Define the block length (CMD16), given by the 8-bit card lock/unlock mode, the 8-bits password size (in bytes), and the number of bytes of the new password. In the case that a password replacement is done, then the block size shall consider that both passwords-the old and the new one-are sent with the command.
• Send the Card Lock/Unlock command with the appropriate data block size on the data line including the 16-bit CRC. The data block shall indicate the mode (SET_PWD), the length (PWDS_LEN) and the password itself. In the case that a password replacement is done, then the length value (PWDS_LEN) shall include both passwords (the old and the new one) and the password data field shall include the old password (currently used) followed by the new pass-word. Note that the card shall handle the calculation of the new password length internally by subtracting the old password length from PWDS_LEN field.
• In the case that the sent old password is not correct (not equal in size and content), then the LOCK_UNLOCK_FAILED error bit will be set in the status register and the old password does not change. In the case that the sent old password is correct (equal in size and content), then the given new password and its size will be saved in the PWD and PWD_LEN registers, respectively.
Note that the password length register (PWD_LEN) indicates if a password is currently set. When it equals 0, there is no password set. If the value of PWD_LEN is not equal to zero, the card will lock itself after power up. It is possible to lock the card immediately in the current power session by setting the LOCK/UNLOCK bit (while setting the password) or sending an additional command for card lock.
• Reset the Password:
• Select a card (CMD7), if not previously selected.
• Define the block length (CMD16), given by the 8-bit card lock/unlock mode, the 8-bit password size (in bytes), and the number of bytes of the currently used password.
• Send the card lock/unlock command with the appropriate data block size on the data line including the 16-bit CRC. The data block shall indicate the mode CLR_PWD, the length (PWDS_LEN), and the password itself. If the PWD and PWD_LEN content match the sent password and its size, then the content of the PWD register is cleared and PWD_LEN is set to 0.
If the password is not correct, then the LOCK_UNLOCK_FAILED error bit will be set in the status register.
• Locking a card:
• Select a card (CMD7), if not previously selected.
• Define the block length (CMD16), given by the 8-bit card lock/unlock mode, the 8-bit password size (in bytes), and the number of bytes of the currently used password.
• Send the card lock/unlock command with the appropriate data block size on the data line including the 16-bit CRC. The data block shall indicate the mode LOCK, the length (PWDS_LEN) and the password itself.
If the PWD content is equal to the sent password, then the card will be locked and the card-locked status bit will be set in the status register. If the password is not correct, then the LOCK_UNLOCK_FAILED error bit will be set in the status register.
Note that it is possible to set the password and to lock the card in the same sequence. In such a case, the host shall perform all the required steps for setting the password (as described above) including the bit LOCK set while the new password command is sent.
If the password was previously set (PWD_LEN is not 0), then the card will be locked automatically after
power on reset.
An attempt to lock a locked card or to lock a card that does not have a password will fail and the LOCK_UNLOCK_FAILED error bit will be set in the status register, unless it was done during a password definition or change operations.
• Unlocking the card:
• Select a card (CMD7), if not previously selected.
• Define the block length (CMD16), given by the 8-bit card lock/unlock mode, the 8-bit password size (in bytes), and the number of bytes of the currently used password.
• Send the card lock/unlock command with the appropriate data block size on the data line including the 16-bit CRC. The data block shall indicate the mode UNLOCK, the length (PWDS_LEN) and the password itself.
If the PWD content is equal to the sent password, then the card will be unlocked and the card-locked status bit will be cleared in the status register. If the password is not correct, then the LOCK_UNLOCK_FAILED error bit will be set in the status register.
Note that unlocking is done only for the current power session. As long as the PWD is not cleared, the card will be locked automatically on the next power up. The only way to unlock the card is by clearing the password.
An attempt to unlock an unlocked card will fail and LOCK_UNLOCK_FAILED error bit will be set in the status register, unless it was done during a password definition or change operation.
4.3.7.2 Parameter and the Result of CMD42
The block length shall be greater than or equal to the required data structure of CMD42; otherwise, the result of CMD42 is undefined and the card may be in the unexpected locked state. Table 4-5 clarifies the behavior of CMD42. The reserved bits in the parameter (bit7-4) of CMD42 shall be don't care. In the case that CMD42 requires the password, it is assumed that the old password and the new password are set correctly; otherwise the card indicates an error regardless of Table 4-5. If the password length is 0 or greater than 128 bits, the card indicates an error. If errors occur during execution of CMD42, the LOCK_UNLOCK_FAILED (Bit24 of Card Status) shall be set to 1 regardless of Table 4-5. The CARD_IS_LOCKED (Bit25 of Card Status) in the response of CMD42 shall be the same as Current Card State in Table 4-5. In the field of Card Status, 0 to 1 means the card changes to Locked and 1 to 0 means the card changes to Unlocked after execution of CMD42. It can be seen in the response of CMD13 after the CMD42. The LOCK_UNLOCK_FAILED (Bit24 of Card Status) as the result of CMD42 can be seen in the response of either CMD42 or the following CMD13.
CMD42 Parameter Card Status Bit3 Bit2 Bit1 Bit0
Current Card State
PWD_LEN and PWD
Result of the Function
Bit25 Bit24
Exist The card is locked 1 0
After Power On
Cleared The card is unlocked 0 0
1 0 0 0 Locked Exist Force Erase (Refer to Table 4-6) Table 4-6
1 0 0 0 Unlocked Exist Error 0 1
1 0 0 0 Unlocked Cleared Error 0 1
0 1 0 0 Locked Exist Error 1 1
0 1 0 0 Unlocked Exist Lock the card 0 to 1 0
0 1 0 0 Unlocked Cleared Error 0 1
0 1 0 1 Locked Exist Replace password and the card is still locked 1 0 0 1 0 1 Unlocked Exist Replace password and the card is locked 0 to 1 0 0 1 0 1 Unlocked Cleared Set Password and lock the card 0 to 1 0 0 0 1 0 Locked Exist Clear PWD_LEN and PWD and the card is unlocked 1 to 0 0
0 0 1 0 Unlocked Exist Clear PWD_LEN and PWD 0 0
0 0 1 0 Unlocked Cleared Error (Note *4 Refer to Table 4-8) 0 1 0 0 0 1 Locked Exist Replace password and the card is unlocked 1 to 0 0 0 0 0 1 Unlocked Exist Replace password and the card is unlocked 0 0 0 0 0 1 Unlocked Cleared Set password and the card is still unlocked 0 0
0 0 0 0 Locked Exist Unlock the card 1 to 0 0
0 0 0 0 Unlocked Exist Error 0 1
0 0 0 0 Unlocked Cleared Error 0 1
Other combinations Don't care Don't care Error (Note *1 Refer to Table 4-8) 0 or 1 1 Table 4-5: Lock Unlock Function (Basic Sequence for CMD42)
Application Note:
To replace password, the host should consider following cases. When PWD_LEN and password data exist, the card assumes old and new passwords are set in the data structure. When PWD_LEN and PWD are cleared, the card assumes only new password is set in the data structure. In this case, the host shall not set old password in the data structure; otherwise, unexpected password is set.
CMD42 Parameter in the data Bit3: ERASE
Bit2: LOCK_UNLOCK Bit1: CLR_PWD Bit0: SET_PWD
Related bits in the Card Status Bit25: CARD_IS_LOCKED Bit24: LOCK_UNLOCK_FAILED
4.3.7.3 Forcing Erase
In the case that the user forgot the password (the PWD content) it is possible to erase all the card data content along with the PWD content. This operation is called Forced Erase.
• Select a card (CMD7), if not previously selected already.
• Define the block length (CMD16) to 1 byte (8-bit card lock/unlock command). Send the card lock/unlock command with the appropriate data block of one byte on the data line including the 16 bit CRC. The data block shall indicate the mode ERASE (the ERASE bit shall be the only bit set).
If the ERASE bit is not the only bit set in the data field, the LOCK_UNLOCK_FAILED error bit will be set in the status register and the erase request is rejected. If the command was accepted, then ALL THE CARD CONTENT WILL BE ERASED including the PWD and PWD_LEN register content and the locked card will be unlocked. An attempt to force erase on an unlocked card will fail and LOCK_UNLOCK_FAILED error bit will be set in the status register.
4.3.7.3.1 Force Erase Function to the Locked Card
Table 4-6 clarifies the relation between force erase and Write Protection. The force erase does not erase the secure area. The card shall keep its locked state during the erase execution and change to the unlocked state after the erase of all user area is completed. Similarly, the card shall keep Temporary and Group Write Protection during the erase execution and clear Write Protection after the erase of all user area is completed. In the case of an erase error occurs, the card can continue force erase if the data of error sectors are destroyed.
CMD42 Parameter PWP TWP Result of the Function Card Status
Bit3 Bit2 Bit1 Bit0 GWP Bit25 Bit24
1 0 0 0 Yes don't care
Error (Note *2 Refer to Table 4-8) 1 1 1 0 0 0 No Yes Execute force erase and clear Temporary Write
Protect and Group Write Protect. (Note *3 Refer to Table 4-8)
1 to 0 0
1 0 0 0 No No Execute force erase. 1 to 0 0
Table 4-6: Force Erase Function to the Locked Card (Relation to the Write Protects) Write Protections
PWP: Permanent Write Protect (CSD Bit13) TWP: Temporary Write Protect (CSD Bit12)
GWP: Group Write Protect (CMD28, CMD29, CMD30)
4.3.7.4 Relation Between ACMD6 and Lock/Unlock State
ACMD6 is rejected when the card is locked and bus width can be changed only when the card is unlocked. Table 4-7 shows the relation between ACMD6 and the Lock/Unlock state.
Card State Bus Mode Result of the Function Unlocked 1-bit mode ACMD6 is accepted
Locked 1-bit mode ACMD6 is rejected and still in 1-bit mode Unlocked 4-bit mode ACMD6 is accepted
Locked 4-bit mode ACMD6 is rejected and still in 4-bit mode. CMD0 change to 1-bit mode Table 4-7: Relation between ACMD6 and the Lock/Unlock State
Application Note:
After power on (in 1-bit mode), if the card is locked, the SD mode host shall issue CMD42 in 1-bit mode. If the card is locked in 4-bit mode, the SD mode host shall issue CMD42 in 4-bit mode.
4.3.7.5 Commands Accepted for Locked Card
The locked card shall accept commands listed below and return response with setting CARD_IS_LOCKED.
1) Basic class (0) 2) Lock card class (7) 3) CMD16
4) ACMD41 5) ACMD42
All other commands including security commands are treated as illegal commands.
Application Note:
After power on, the host can recognize the card lock/unlock state by the CARD_IS_LOCKED in the response of CMD7 or CMD13.
4.3.7.6 Two Types of Lock/Unlock Card
There are two types of lock/unlock function-supported cards. The Type 1 is the earlier version of SD Memory Card and the Type 2 is defined in the Physical Layer Specification Version 1.10 and higher.
Table 4-8 shows the difference between these types of cards. The SD memory cards that support Lock/Unlock and comply with Version 1.01, can take either Type 1 or Type 2. The SD Memory Cards that support Lock/Unlock and comply with Version 1.10 and higher, shall take Type 2.
Notes Type 1 Card (Earlier Version) Type 2 Card (New Version)
*1 in Table 4-5 Treat CMD42 Parameter=0011b as 0001b.
Treat CMD42 Parameter=0111b as 0101b.
Treat CMD42 Parameter=0110b as 0010b.
Results of other combinations are Error.
All results are Error
*2 in Table 4-6 Execute force erase and set Permanent Write Protect. If force erase is completed, the CARD_IS_LOCKED is changed from 1 to 0.
A priority is given to force erase from Permanent Write Protect.
The result is Error
A priority is given to Permanent Write Protect from force erase.
*3 in Table 4-6 Execute force erase but Temporary Write Protect and Group Write Protect are not cleared. It should be cleared by the host.
Execute force erase and clear Temporary Write Protect and Group Write Protect.
*4 in Table 4-5 CMD42 Parameter=0010 and CMD42 Parameter=0110 The result is no error. Card status Bit24 will be 0
The result is Error. Card status Bit24 will be 1
Table 4-8: Version Difference of Lock/Unlock Functions Application Note:
The host can use both types of cards without checking the difference by taking account of the following points.
(1) The host should not set the parameters of CMD42 that return an error listed in Table 4-5.
(For *1)
(2) The host should not issue a force erase command if the Permanent Write Protect is set to 1, otherwise the Type 1 card can no longer be used even if the user remembers the password.
(For *2)
(3) After the force erase, if the Temporary Write Protect is not cleared, the host should clear it.
(For *3)