SIM卡的基本结构
SIM卡是带有微处理器的芯片, 内有5个模块,每个模块对应一个功能:
CPU(8位/16位/32位)
程序存储器ROM
工作存储器RAM
数据存储器EEPROM
串行通信单元
这5个模块集成在一块集成电路中。
SIM卡在与手机连接时,最少需要5个连接线:
电源(Vcc)
时钟(CLK)
数据I/O口(Data)
复位(RST)
接地端(GND)
其中:
GND 地 基准电压
VCC 电源输入
I/O 串行数据的输入/输出
CLK 时钟信号输入
RST 复位信号输入
VPP 编程电压输入 由卡选用
SIM卡的通信时序
SIM卡的上电复位有2种,一种是冷复位,另外一种是热复位。
所谓冷复位就是VCC会拉低后再拉高,即VCC先断电,然后再给电。所谓热复位就是VCC不断电,RESET管脚会先先拉低后再拉高。
冷复位的时序图如下:
热复位的时序图如下:
SIM卡之ART含义
SIM卡上电后,会与主机进行通信握手信号。在进行握手的过程中,主机可能会尝试电压从CLASS_A--CLASS_C的尝试,从而选择一个合适的电压供电。
当供电电压选定后,SIM卡会发出ATR(复位应答信号),主机会返回PPS,SIM卡会对PPS做出应答,其中PPS与PPS应答过程是可选的。
ATR包括的信息有:信号约定:即高电平有效(正向约定)还是低电平有效(反向约定)、通信速率、电压类型等信息(详细可以看规范ISO7816-3部分)。
PPS为通信速率协商。可以理解为SIM卡与主机协商双方用多大的速率来进行数据通信。
数据元 | 说明 |
TS | 起始字符(强制性的) |
T0 | 格式字符 (强制性的) |
TA1,TB1,TC1,TD1,… | 接口字符(可选) |
T1,T2,… ,TK |
|
TCK |
|
1.起始字符TS
TS为强制性的部分,该部分有两种约定,3B:表示正向约定,高电平为1 低电平为0;3F反向约定
2.格式字符T0
该字节用来表示接口字符的个数和历史字节的个数
该字节高四位的1 的位置表示是否有历史字符例如 1111表示TA1,TB1,TC1,TD1都有
3.接口字符TA1,TB1,TC1,TD1,…
TA1:公式为3571200/(Fi/Di),Fi为高四位查表Di为第四位查表
FI和DI编码如下:
2.SIM卡初始流程
1)模块开机上电时先开始检测SIM卡。1.8V供电给SIM卡(不成功切换3.0V供电voltage class)。基本上,模块会有尝试3次recovery的动作。
2)模块把SIM卡的controller 的RESET PIN拉动,当SIM卡收到controller 的RST后会回复一串字符串,称为ATR。
3)ATR里面包含了一些卡的信息。根据ATR里面的卡信息去分类SIM卡类型及之间的交互方式。
4)收到 ATR后,进入PPS negotiation,UICC与 modem将会协商clk rate和baud rate(FI,DI)。
对应的高通的部分log:
User Identity Module/High[ uimdrv.c 1850] UIM_1: Data_eDriveStrength 0x0 Clk_eDriveStrength 0x0 Reset_eDriveStrength 0x0 data_drivestrength_modified 0x0 clk_drivestrength_modified 0x0 reset_drivestrength_modified 0x0
RUIM Debug Length: 66
User Identity Module/High[ uim.c 2091] UIM_1: cmd status 0x0 SW1 0x0,SW2 0x0, Response data length 0x14
User Identity Module/High[ uimgen.c 8604] UIM_1: Processsing uim_generic_command_response for state 0x1
User Identity Module/High[ uimgen.c 8651] UIM_1: atr byte[0-3]:3b9d9580
User Identity Module/High[ uimgen.c 8651] UIM_1: atr byte[4-7]:1fc78031
User Identity Module/High[ uimgen.c 8651] UIM_1: atr byte[8-11]:e073fe21
User Identity Module/High[ uimgen.c 8651] UIM_1: atr byte[12-15]:1365d001
User Identity Module/High[ uimgen.c 8651] UIM_1: atr byte[16-19]:a4093394
User Identity Module/High[ uimgen.c 8836] UIM_1: clock_stop_indicator 0x3
User Identity Module/High[ uimgen.c 9149] UIM_1: uim_atr_td1_index 0x3
User Identity Module/High[ uimdrv_clk.c 554] UIM_1: FI and DI are supported
User Identity Module/High[ uimgen.c 9417] UIM_1: uim_atr_td_index 0x3
User Identity Module/High[ uimgen.c 9486] UIM_1: uim_atr_td_index 0x4 toggle_instrn_class 0x0
User Identity Module/High[ uimgen.c 9547] UIM_1: uim_ta3_ta4_clock_stop_bits 0x3
User Identity Module/High[ uim.c 2091] UIM_1: cmd status 0x0 SW1 0x0,SW2 0x0, Response data length 0x14
User Identity Module/High[ uimgen.c 8604] UIM_1: Processsing uim_generic_command_response for state 0x2
User Identity Module/High[ uimgen.c 5632] UIM_1: Sending Default PPS
RUIM Debug Length: 34
3.SIM卡相关的EVENT
这部分主要介绍了当SIM发生insert和remove操作后,会有哪些EVENT发生,根据这些EVENT,方便我们确认SIM卡处于哪一种状态。根据这些状态,分别做相应的处理。下面是QXDM log的关键点:
1)Card insert event
User Identity Module/High[ mmgsdi.c 8849] Received event: 0x0 in mmgsdi_evt_cb
User Identity Module/High[ mmgsdi.c 9220] MMGSDI_CARD_INSERTED_EVT, slot: 0x1
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 0, Session id: 0 Apps ID: 5, slot_id 1
2) Session changed event
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 13, Session id: 68 Apps ID: 0, slot_id 1
3) PIN1 event
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 14, Session id: 68 Apps ID: 0, slot_id 1
4) PIN2 event
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 15, Session id: 68 Apps ID: 0, slot_id 1
5)Personalization event
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 19, Session id: 68 Apps ID: 0, slot_id 0
6)Ready event
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 12, Session id: 68 Apps ID: 0, slot_id 1
当这个事件状态上报后,SIM卡的初始话工作已经基本完成,后续它还会把短信和电话本读取到cache中。
7)Card error error
当出现开机不识卡和掉卡等情况时,会有这个event发生。
User Identity Module/High[ mmgsdi.c 8849] Received event: 0x1 in mmgsdi_evt_cb
User Identity Module/High[ mmgsdi.c 9303] MMGSDI_CARD_ERROR, condition: 0x3, slot: 0x1
DS AT Command Parser/High[ dsatme_ex.c 1894] dsatme_mmgsdi_event_handler for event: 1, Session id: 0 Apps ID: 5, slot_id 1
8)Refresh event
这个事件一般发生在MBN更新或者网络下发特别短信触发的,这个短信可能触发BIP的动作或者修改某个文件。下面主要介绍下短信触发的流程:
1) 接收到特别短信(SMS_PP_DOWNLOAD)
User Identity Module/High[ gstk_envelope_cmd.c 3714] Rec'd PP DL:GSTK_SMS_PP_DOWNLOAD_IND
User Identity Module/High[ gstkpacker.c 411] ** Packing device ID
User Identity Module/High[ gstkpacker.c 1930] ** Packing address: TON=0x1 , NPI=0x1, data->address[0]=0x1
User Identity Module/High[ gstkpacker.c 2815] ** Packing sms tpdu
User Identity Module/High[ gstkutil.c 7788] Dumping array Env: SMS PP Data array size 0xae
User Identity Module/High[ gstkutil.c 7802] 0xd1 0x81 0xab 0x2 0x2 0x83 0x81 0x6 0x7
User Identity Module/High[ gstkutil.c 7802] 0x91 0x21 0x60 0x13 0x3 0x70 0xf9 0xb 0x81
User Identity Module/High[ gstkutil.c 7802] 0x9b 0x60 0x4 0xc9 0x92 0x73 0x7f 0xf6 0x22
User Identity Module/High[ gstkutil.c 7802] 0x11 0x20 0x0 0x91 0x93 0x8a 0x8c 0x7 0x0
User Identity Module/High[ gstkutil.c 7802] 0x3 0xc5 0x2 0x1 0x70 0x0 0x0 0xc8 0x15
User Identity Module/High[ gstkutil.c 7802] 0xe 0x22 0x15 0x15 0xb0 0x0 0x12 0xa1 0xa8
User Identity Module/High[ gstkutil.c 7802] 0xdb 0x0 0xfc 0xb4 0xe0 0xf 0x2b 0xa5 0xdb
User Identity Module/High[ gstkutil.c 7802] 0xdc 0xb 0xcc 0xde 0x83 0xa1 0x22 0x88 0xbe
User Identity Module/High[ gstkutil.c 7802] 0xa8 0x7 0x78 0x5b 0x92 0x87 0x6f 0x49 0xed
User Identity Module/High[ gstkutil.c 7802] 0x83 0xe3 0x8c 0x6b 0x81 0x5e 0xaa 0x23 0xc8
User Identity Module/High[ gstkutil.c 7802] 0x47 0x11 0x32 0x3c 0xa9 0x25 0x9f 0xa0 0x7a
User Identity Module/High[ gstkutil.c 7802] 0xc4 0x6e 0x40 0x36 0xef 0x68 0x75 0x2c 0x2b
User Identity Module/High[ gstkutil.c 7802] 0xd4 0xbf 0x73 0xe7 0xf8 0xf4 0xda 0xc 0x59
User Identity Module/High[ gstkutil.c 7802] 0x85 0x40 0x59 0x85 0xc 0x63 0x17 0x21 0xd2
User Identity Module/High[ gstkutil.c 7802] 0x4d 0xcf 0xf7 0xd9 0x71 0xc7 0xa8 0x3d 0xad
User Identity Module/High[ gstkutil.c 7802] 0xad 0x73 0x2e 0x54 0x89 0x3b 0xa6 0xee 0xbb
User Identity Module/High[ gstkutil.c 7802] 0x77 0xdd 0x64 0xc0 0x10 0xa 0xf0 0x4f 0xca
User Identity Module/High[ gstkutil.c 7802] 0x2f 0xe7 0xb6 0x41 0x39 0xc1 0x76 0xb 0x27
User Identity Module/High[ gstkutil.c 7802] 0x62 0x19 0x5a 0x5e 0x67 0x5a 0x83 0xf7 0x3d
User Identity Module/High[ gstkutil.c 7877] 0x8c 0x59 0xe1
2)启动Refresh过程
User Identity Module/High[ mmgsdi.c 9490] Queue of MMGSDI command: MMGSDI_REFRESH_REQ type 0x2 Status 0x0
User Identity Module/High[ mmgsdi.c 9490] Queue of MMGSDI command: MMGSDI_REFRESH_REQ type 0x2 Status 0x0
User Identity Module/Error[ mmgsdi_refresh.c 12629] Refresh Retry init EFS read returned error
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x57 for slot 0x4
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x57 for slot 0x4
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x57 for slot 0x4
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x48 for slot 0x4
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x48 for slot 0x4
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0x48 for slot 0x4
User Identity Module/High[ mmgsdi.c 9490] Queue of MMGSDI command: MMGSDI_REFRESH_REQ type 0x2 Status 0x0
User Identity Module/High[ mmgsdi.c 9490] Queue of MMGSDI command: MMGSDI_REFRESH_REQ type 0x2 Status 0x0
User Identity Module/High[ mmgsdi_refresh.c 10289] Refresh: Refresh State is 0x0, Req Type is 0x2, retry_req is 0xe for slot 0x4
5. SIM STK 过程
log说明:
MDM9205 SIM issue(voltage 3V).isf: SIM在交互过程中上报只支持3V和5V,因为MDM9205平台只支持1.8V,所以识别卡失败。
MDM9205 SIM card issue(Voltage 3V).isf
Line 140: 1418 00:06:14.629 0x1FEB uimdrv.c 1608 H UIM_1: uim power up @ 1.8 v
Line 189: 1698 00:06:14.757 0x1FEB uim.c 4610 H UIM_1: Requeue the Reset command due to UIM_SWITCH_VOLTAGE
Line 194: 1723 00:06:14.757 0x1FEB uimdrv.c 1626 H UIM_1: uim power up @ 3 v
Line 202: 1763 00:06:14.779 0x1FEB uim_rxtx.c 531 E UIM_1: Received Rx break error, setting timeout signal
Line 205: 1778 00:06:14.779 0x1FEB uim_sigs.c 1229 E UIM_1: Reset due to rx break errors
Line 224: 1873 00:06:14.793 0x1FEB uimdrv.c 1626 H UIM_1: uim power up @ 3 v
Line 233: 1918 00:06:14.816 0x1FEB uim_rxtx.c 531 E UIM_1: Received Rx break error, setting timeout signal
Line 235: 1928 00:06:14.816 0x1FEB uim_sigs.c 1229 E UIM_1: Reset due to rx break errors
// FCP indicates that UICC prefer 5V or 3V
1617 00:06:14.714 0x1098 RUIM Debug TX: 00 A4 00 04 02
1623 00:06:14.738 0x1098 RUIM Debug RX: A4
1629 00:06:14.739 0x1098 RUIM Debug TX: 3F 00
1635 00:06:14.740 0x1098 RUIM Debug RX: 61 25
1641 00:06:14.740 0x1098 RUIM Debug TX: 00 C0 00 00 25
1647 00:06:14.742 0x1098 RUIM Debug RX: C0 62 23 82 02 78 21 83 02 3F 00 A5 03 80 01 31 8A 01 05 8B 06 2F 06 00 01 01 01 C6 09 90 01 40 83 01 01 83 01 81 90 00
1647 00:06:14.742 0x1098 RUIM Debug :: SELECT, Logical Channel: 0, MF (0x3F00)
X62 SIM issue(FEATURE_UIM_5G).hdf :该卡比较特别,高通在X62平台相比X55多了个5G卡的宏FEATURE_UIM_5G ,对SIM的一些文件会做些检测判断。当发现有些问题是就会中断初始化,导致无法识别卡。
X62 SIM issue(FEATURE_UIM_5G).7z
[ 21/ 3] MSG 00:08:25.315603 User Identity Module/Error [ mmgsdi_card_init.c 3644] Service 130 is set, halt the initialization
[ 21/ 3] MSG 00:08:25.315605 User Identity Module/Error [ mmgsdi_card_init.c 3931] Halting initialization due to validation error
[ 21/ 2] MSG 00:08:25.315639 User Identity Module/High [ mmgsdi_card_init.c 10778] mmgsdi_card_init_read_impi ISIM already open
[ 21/ 3] MSG 00:08:25.315649 User Identity Module/Error [ mmgsdicache.c 955] Cache not initialized 0x6000
[ 21/ 3] MSG 00:08:25.315657 User Identity Module/Error [ mmgsdicache.c 955] Cache not initialized 0x6000
[ 21/ 2] MSG 00:08:25.315662 User Identity Module/High [ mmgsdicache.c 3537] Unknown Security Attr, Get File Attribute will be performed
[ 21/ 3] MSG 00:08:25.315664 User Identity Module/Error [ mmgsdiutil.c 17363] Invalid provisioning session_type 0x4
X55 SIM OK.hdf: 这个log是上面X62的有问题的卡,但是在X55上表现是正常的,通过对比代码发现X62多了个FEATURE_UIM_5G的宏定义,增加一些针对5GSIM卡的特别流程。
标签:初始化,00,mmgsdi,UIM,Module,High,SIM,Identity From: https://www.cnblogs.com/together-/p/17115721.html