<millenialhacker>
I'm not an expert here, but I have found https://github.com/patjak/facetimehd/wiki, this a pre-M1 era, however when I enabled camera driver debugging in my MacOSX and then dumped strings from AppleCameraInterface it seems nothing has change dramatically. I think main difference now is that camera is not exposed anymore through PCI bus.
<rqou_>
yup, i mentioned that the other day
<millenialhacker>
Will try to check this lately.
<rqou_>
many of the commands are the same if you check the strings in the isp firmware
<rqou_>
the m1 version obviously has a lot more commands though
<millenialhacker>
Yeah, I think probably some kind of mailbox interface over ISP to talk with CAmera
kelito has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
<rqou_>
hmm, the scaler gets upset if i write to (presumably) read-only registers
kelito has quit [Remote host closed the connection]
<rqou_>
it just hangs the bus
millenialhacker has quit [Ping timeout: 480 seconds]
user982492 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<marcan>
this falls under the section "Referencing other open source code" and in particular the aution about Apple-specific stuff
<marcan>
*section
<marcan>
we don't know how that driver was developed, so unless we can verify that, we have to treat it similarly as we would Apple code
millenialhacker has joined #asahi-re
millenialhacker has quit [Ping timeout: 480 seconds]
millenialhacker has joined #asahi-re
millenialhacker has quit [Read error: No route to host]
millenialhacker has joined #asahi-re
pg12_ has quit []
millenialhacker has quit [Ping timeout: 480 seconds]
millenialhacker has joined #asahi-re
<chadmed>
how do i map IOVAs properly? is it just a matter of using iomon.add() on the ranges i (think) i need?
pg12 has joined #asahi-re
millenialhacker has quit [Ping timeout: 480 seconds]
millenialhacker has joined #asahi-re
the_lanetly_052___ has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
the_lanetly_052__ has quit [Ping timeout: 480 seconds]
<millenialhacker>
Maybe this is a silly question, but has anyone tried to run a custom version of XNU in M1 machines customized to dump traffic to coprocessors?
<millenialhacker>
Or is it still not possible to build custom XNU kernels for M1 SoCs?
<chadmed>
well most the stuff that makes it actually work is closed source, so id say to change that sort of thing youd have to bust out a hex editor and know which bytes to change and to what
<chadmed>
just like AMD hackintosh kernel patching ;)
<sven>
pretty sure everyone just uses the hypervisor to do that
the_lanetly_052__ has joined #asahi-re
<millenialhacker>
I wonder what camFWTrace boot-arg does :D
the_lanetly_052___ has quit [Ping timeout: 480 seconds]
the_lanetly_052___ has joined #asahi-re
the_lanetly_052__ has quit [Ping timeout: 480 seconds]
millenialhacker has quit []
millenialhacker has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
roxfan has quit [Ping timeout: 480 seconds]
millenia_ has joined #asahi-re
millenialhacker has quit [Ping timeout: 480 seconds]
millenia_ has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
roxfan has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
millenialhacker has quit [Ping timeout: 480 seconds]
user982492 has joined #asahi-re
millenialhacker has joined #asahi-re
millenialhacker has quit [Ping timeout: 480 seconds]
millenialhacker has joined #asahi-re
millenia_ has joined #asahi-re
millenialhacker has quit [Read error: Connection reset by peer]
millenia_ has quit [Ping timeout: 480 seconds]
millenialhacker has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
user982492 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
MajorBiscuit has joined #asahi-re
nicolas17 has joined #asahi-re
millenialhacker has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
millenia_ has joined #asahi-re
MajorBiscuit has quit [Ping timeout: 480 seconds]
millenialhacker has quit [Ping timeout: 480 seconds]
millenia_ has quit [Remote host closed the connection]
millenialhacker has joined #asahi-re
MajorBiscuit has joined #asahi-re
alexsv has quit [Ping timeout: 480 seconds]
user982492 has joined #asahi-re
<millenialhacker>
Coming from -dev channel.
<millenialhacker>
I see a lot of stuff related to DART and I2C in strings in AppleH13CameraInterface KEXT
<sven>
so i2c is probably much to slow for a video signal, but maybe they send configuration messages over it?
<millenialhacker>
I wonder if they have DMA capabilities, the can use I2C to chat or send commands, but actually video signal can be in DMA accessed from ISP
<sven>
yeah, I’d be surprised if it wasn’t dma
<millenialhacker>
you need a channel to control the ISP, but actually data transfer can just be DMA
<millenialhacker>
Btw, It seems boot-args: "camLoggingUsePrintf=1 camLogging=0x2B67 camEnableFWCore=1 camFWTrace=0x2B67" do some trick
<millenialhacker>
Yes, it seems it's one of the co-processors
<millenialhacker>
Chip name: Tonga, have your seen it before?
<sven>
hard to make sense of that without a proper MMIO trace :/
<millenialhacker>
I found physical dart addresses are printed as <private>
<millenialhacker>
:/
<sven>
iirc tonga is just the codename for the m1
<nicolas17>
ffs
<nicolas17>
wikipedia says "Apple M1 Ultra – Jade 2C-Die and Jade 4C-Die"
<rqou_>
millenialhacker: my complete guess is that i2c is used to poke extra settings in the camera sensor
<rqou_>
btw that boot log is similar to the old facetimehd boot log
<millenialhacker>
Yes, it's quite similar
<millenialhacker>
And which other bus do you think may be used ?
<rqou_>
it's just a mmio range
<rqou_>
probably has some ringbuffers configured somewhere in its register space
<millenialhacker>
So CMDs / Video over DMA and extra config over I2C
<rqou_>
probably video over dma and everything else configured via the whole RTBuddy/RTKit thing that i'm not familiar with
MajorBiscuit has quit [Ping timeout: 480 seconds]
millenialhacker has quit [Remote host closed the connection]
<robinp>
the camera is just a MIPI CSI-2 interface afaict - which includes i2c lines for control and then 2-4 lines for data transfer. Looking at the sch Apple only uses two.
<robinp>
the biggest problem is that these are all relayed thru a security switch from the SEP (along with the mic)
<nicolas17>
SEP really?
<nicolas17>
I knew it went through T2 on Intel Macs but I assumed it would involve its AP or other coprocessor, not SEP