Two days ago, we covered news from AMD that the company had suffered an IP breach. We now know more about what was taken from the company and how serious the theft is — or more appropriately, isn’t.
At first glance, the news looks bad. The data in question is supposedly for Big Navi and Arden, the codename for the Xbox Series X GPU. Given how important both of these products are to AMD’s future, theft of their underlying core technology would be quite damaging.
WCCFTech has published a story — corroborated by certain sources ExtremeTech has spoken to — arguing that this IP theft is, while serious by its very nature, didn’t actually get the thief all that much. What was reportedly stolen were some Verilog files with information on how to implement a specific GPU function. If you don’t know what Verilog is, it’s a Hardware Description Language (HDL). You could say that a GPU or CPU is “written” in Verilog, and that’s where all the statements about AMD having had a “source code” theft are coming from. It’s not even clear the Verilog files could be useful to a third party; they’re reportedly built on a proprietary schematic that’s only compatible with AMD’s internal design language in the first place.
The important takeaway is this: There’s no way to build a product based on what was stolen and the data cannot be used to reverse engineer product performance. It might be possible to derive some high-level specification data from the full file list, but since most or all of this information is public, there’s not a lot of reason to do so. There are no known security implications from the theft at this time, though there is a slim chance that there might be an exploitable bug in the functions that were stolen. This is more-or-less a given: While we haven’t talked about security audits lately, auditing software (and Verilog is software) is an intensely time-consuming process.
We are watching the story as it develops, and obviously AMD has a very good reason to downplay the significance of what happened, but thus far everything points in the same direction: The idiot trying to extort $ 100M out of AMD doesn’t realize that he’s sitting on something worth much less money. Given how many people are currently sitting at home twiddling their thumbs, law enforcement would probably be glad to have something to do.
Even if it were possible for someone to buy this IP and build something off it, it wouldn’t be a smart move. You can bet AMD would be keeping a sharp eye on the horizon for any company shipping a new consumer part with conspicuously crimson capabilities. While it might be fair to say the hacker took “some” source code for these GPU families, there’s no evidence they got away with “the” source code in the manner required to reverse engineer confidential capabilities or improve a competitor product.