News AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked

[Admin]

AMD's source code for its Navi 10, Navi 21 and 'Arden' Xbox Series X GPUs was posted to Github.

AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked : Read more

 

[bit_user]

Oops?

 

[drea.drechsler]

What's the real significance of this?

Can someone build pirate X-Box's now? With who's CPU/GPU?

 

[bit_user]

What's the real significance of this?

Unless someone has seen the pirated repos, we don't know. However, this makes it sound fairly harmless:

we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products

Leaks of test files wouldn't worry me much. However, tests are usually stored in the same source control repositories as the core IP.

Can someone build pirate X-Box's now? With who's CPU/GPU?

If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm. They have developed their own IP to a point where it's not worth the legal risk of even peeking at AMD's code. That's not to say some of their employees wouldn't, on their own, if the code ever were to be released into the wild. But, I'm sure if any of those companies found AMD code being imported into their own IP, that would get the person fired and maybe even reported to AMD.

There was an incident where some ex-AMD employees stole some IP from AMD, before going to work for Nvidia. It didn't end well, for said employees.

 

[kokotas]

Ouch... Amd must be using Intel CPUs in their servers I guess

 

[hotaru251]

What's the real significance of this?

you still dont have the masterkey to console so you couldnt do anything with it w/o 1st cracking the console itself.

 

[drea.drechsler]

...
If the hacker stole the entire source code for the GPUs mentioned (or even just key bits), then the concern would be that their competitors could either lift whole blocks, or at least study it to see how they implemented certain features and functions. In other words, it could give would-be competitors (and, if we're honest, that's basically China) a huge leg up.

I believe Nvidia is not interested, nor Intel, ARM, or Qualcomm.
...

They are the ones I think indeed would be most interested...but are also more than smart enough not to use pirated IP in any of their products. Maybe to "see what she's got", as they say, but don't they have the ability to reverse engineer everything anyway? Costly I imagine...but surely not $100,000,000 costly; at that price they'll just do business as usual.

Besides, I've read elsewhere it's far cheaper and simple to hire AMD's engineering staff. What you got in your head is IP that can never be erased, they just mustn't use or share it. It's a dangerous game if someone does and it's not caught.

And China already DOES reverse engineer everything/anything they want to copy. It would appear to me that all they're buying is 'time' when they buy that data.

 

[fball922]

Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."

 

[spongiemaster]

Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."

If there were competing entities for the code, it would be in the interest of each party to pay the ransom to prevent everyone else from getting the code. $100 million is completely absurd though. The code is certainly not worth that much.

 

[digitalgriffin]

Hacker: "I have this source code!"
Buyer: "I will give you $10,000 for it."
Hacker: "It is worth $100,000,000!!!"
Buyer: "Ok, how about $15,000?"
Hacker: "If I don't get the amount I want, I am just going to RELEASE IT FOR FREE."
Buyer: "Offer rescinded."

They aren't that smart. Anything over 10,000 is easily tracked. It's not like anyone is going to hand over bitcoin either.

Somehow I doubt this code includes uCode. (Actual masking and circuit design info)

The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.

 

[dalauder]

The only bad thing here is if there is a private key for things like CODECS/HDCP that gets compromised. If this is the case it will be revoked and a new one will have to be issued, which can be quite costly.

That's what I was thinking. The only real impact of releasing the code is slightly decreasing the security of the architecture.

 

[derekullo]

"AMD says that all while of the information hasn't been posted yet, the leaked information is not core to its competitiveness "

Intel being stuck at 14nm+++++ (i think that was enough +'s) is the core to AMD's competitiveness.

AMD's source code helps Intel just as much as the knowledge of a solar panel would have helped Tom Hank's character in Cast Away.

 

[Chung Leong]

The Department of Energy needs to cancel the contracts for the Frontier and El Capitan supercomputers and restart the bidding process. I mean, if AMD can't keep its crown jewels safe from random hackers on the Internet, it certainly isn't capable of protecting matters concerning national security.

 

[bit_user]

I've read elsewhere it's far cheaper and simple to hire AMD's engineering staff. What you got in your head is IP that can never be erased, they just mustn't use or share it. It's a dangerous game if someone does and it's not caught.

Yeah, California bans non-compete agreements. So, there's a lot of movement by staff between competing employers. However, I'm not sure how much of AMD's GPU design is done in California, since ATI was headquartered in Ontario.

China already DOES reverse engineer everything/anything they want to copy. It would appear to me that all they're buying is 'time' when they buy that data.

They have state-sponsored industrial espionage, where divisions in the Chinese military hack foreign companies and harvest IP for use by Chinese companies. I'm not sure China would even want this IP, since AMD has done some hardware design in China for more than a decade. The engineers working there have probably learned quite a lot about the secret sauce in AMD's GPUs, and maybe even leaked some IP themselves.

Plus, you've got to think that if anyone does pay the $100M and then the hacker gets caught, they wouldn't want the hacker ratting them out in some kind of plea deal. So, I think maybe the hacker bit off more than she/they can chew.

 

[bit_user]

If there were competing entities for the code, it would be in the interest of each party to pay the ransom to prevent everyone else from getting the code.

The problem with that is that you can never know that the hacker didn't also sell it to someone else.

This is also one reason AMD would never pay a ransom for it - because they can't be guaranteed that all copies were destroyed, and therefore it could still end up in the hands of their competitors.

$100 million is completely absurd though. The code is certainly not worth that much.

If it's the IP for an entire cutting-edge GPU, it's actually pretty cheap. For one thing, look at the revenues AMD generates with these products - it's in the $Billions, annually. As another point of reference, a Chinese company is believed to have contracted AMD to build a custom APU for the Subor Z console for about $60M:

https://www.anandtech.com/show/13381/subor-z-console-pc-hybrid-fireflight

Of course, that includes CPU cores and the firmware, drivers, and probably other services needed to get the whole thing running and pushing pixels. But, if you have the IP, you could theoretically make multiple generations your own chips.

 

[bit_user]

The Department of Energy needs to cancel the contracts for the Frontier and El Capitan supercomputers and restart the bidding process. I mean, if AMD can't keep its crown jewels safe from random hackers on the Internet, it certainly isn't capable of protecting matters concerning national security.

That makes no sense. Please explain. Give an example of a scenario you're worried about, and how this makes it seem any more likely.

 

[redgarl]

The Department of Energy needs to cancel the contracts for the Frontier and El Capitan supercomputers and restart the bidding process. I mean, if AMD can't keep its crown jewels safe from random hackers on the Internet, it certainly isn't capable of protecting matters concerning national security.

Tin foil hat fanboyism BS. Intel has more than 100+ security flaws documented.

 

[Deicidium369]

AMD's source code for its Navi 10, Navi 21 and 'Arden' Xbox Series X GPUs was posted to Github.

AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked : Read more

Maybe someone can help them with their driver issues - i hear that the night janitor who writes their drivers after hours is out with COVID.

Tin foil hat fanboyism BS. Intel has more than 100+ security flaws documented.

AND exactly ZERO of them are exploitable - and requires complete physical access to the machine to possibly use one.

The Markets have spoken regarding the "issues" - Intel sales going up, AMD not able to provide a product that can exploit the supposed issues with Intel and make some sales....

 

[Deicidium369]

Tin foil hat fanboyism BS. Intel has more than 100+ security flaws documented.

Look I am not an AMD fan - but this is hardly the crown jewels... Not really a huge issue - the little Hacker Girl who thinks she is getting $100M is going to be in juvenile hall or be facing quite alot of time in the system and a long time on probation.

 

[Deicidium369]

The problem with that is that you can never know that the hacker didn't also sell it to someone else.

This is also one reason AMD would never pay a ransom for it - because they can't be guaranteed that all copies were destroyed, and therefore it could still end up in the hands of their competitors.


If it's the IP for an entire cutting-edge GPU, it's actually pretty cheap. For one thing, look at the revenues AMD generates with these products - it's in the $Billions, annually. As another point of reference, a Chinese company is believed to have contracted AMD to build a custom APU for the Subor Z console for about $60M:

https://www.anandtech.com/show/13381/subor-z-console-pc-hybrid-fireflight

Of course, that includes CPU cores and the firmware, drivers, and probably other services needed to get the whole thing running and pushing pixels. But, if you have the IP, you could theoretically make multiple generations your own chips.

Well AMD sold China the IP to build their own Ryzen CPUs - and for these types to get their hands on all of the microcode for CPUs and GPUs would be trivial. This is a nothing story with zero implications other than a horrible infosec policy - which unfortunately is all too common...

Which cutting edge GPU is that:? It's AMD not Nvidia or Intel.

 

[bit_user]

AND exactly ZERO of them are exploitable - and requires complete physical access to the machine to possibly use one.

Whoever told you that is someone you definitely shouldn't believe.

 

[bit_user]

Well AMD sold China the IP to build their own Ryzen CPUs

That's some disinformation, right there.

They didn't sell the IP to make new ones. What AMD did was akin to Coke selling someone the syrup for one their beverages, but not giving them the recipe or instructions for how to make it. AMD only gave them enough info so they could drop in their own security processor and get the chips manufactured.

Their Chinese partner can't now decide that they want to make some improvements to the cores and fab another generation on 7 nm. AMD isn't that dumb.

I'm guessing you're sitting on a bunch of Intel stock that's now underwater. Too bad for you.

 

[Joe15555]

I do find it fascinating that we're taking the word of an 'unknown' hacker, that she actually has " hardware source code" for a subset of AMD's current GPUs-- even though this has not been proven and is actively dismissed by AMD. The only thing AMD has confirmed, is that they were approached by someone (~4 months ago) who CLAIMED to have 'TEST FILES'-- which frankly could be anything as innocent as product performance tests or sub-component simulator testing/results.

Unless we actually have proof that COMPLETE HARDWARE SOURCE CODE has indeed been stolen and leaked, the hyped up dramatizations exuded from this article's presentation are speculative and exaggerated.

The fact that Tom's then makes a front page click bait cannon fodder article, with the title of "AMD's Big Navi and Xbox Series X GPU 'Arden' Source Code Stolen and Leaked", without any real proof of the serious accusations being made, makes me further question the journalistic integrity of this site.



All the best,

Joe

 

[drea.drechsler]

The Department of Energy needs to cancel the contracts for the Frontier and El Capitan supercomputers and restart the bidding process. I mean, if AMD can't keep its crown jewels safe from random hackers on the Internet, it certainly isn't capable of protecting matters concerning national security.

If contracts were cancelled and re-bid for every (arguably in this case) minor and unrelated exploit then none would ever conclude, no program would ever conclude with nobody ever getting their computing resources delivered.

And most notably, Intel would be left with no customers. Period.

 

[Olle P]

What's the real significance of this?
Can someone build pirate X-Box's now? ...

What about more easily crack games?
Find an attack vector to install malware on the device?