We weren't tracing the SPI control registers before, and the output
was borked due to changes in m1n1. These have been fixed. Still
doesn't show much useful information..
Signed-off-by: James Calligeros <jcalligeros99@gmail.com>
Mesa is Apple's codename for the TouchID sensor. On M1-based
systems, it is connected to the SPI bus and communicates via
SIO on DMA channels 0x18 and 0x19. The application processors
seem to have very little to do with its operation.
After power on, the command buffer is encrypted by the SEP and
very little useful data can be gleaned from snooping the SIO
messages. While the commands are garbled by the SEP, we can see
that it has a few recurring themes:
* A power on routine involving some sort of calibration, perhaps
to get a noise image to subtract from each fingerprint
* A polling mode where it is kicked by the kernel and acks if
there's no finger on the sensor (runs while macOS waits for a
print)
* A data transfer mode, where a SIO message is sent to an unmapped
EP and the fingerprint scanned into memory. Likely triggered by
an interrupt coming off the finger detection ring, but I haven't
been able to verify this.
Signed-off-by: James Calligeros <jcalligeros99@gmail.com>
