I'll go a little further on why i think it's not a backdoor.
If you look at the debug info in the Kernel dev kits, you can see the internal SDK (which has existed forever - i had access to it 2 decades ago when i was working on compilers at IBM, for apple) has chip/register info in it:
Just some examples.
The first one is a header file containing the register names/structures/flags etc for the DART.
The second is for recent p-cores.
etc
Depending on what the kernel uses, sometimes they accidentally leak most of the data (more than once).
So for example, the current XNU debug info leaks the register bits/structure of the hid18 register (a p-core register):
(I put this in a GIST because i am too lazy to try to get the formatting right in-comment)
So you can see the bits of HID18 and what they mean, just from the debug info.
Now, current XNU dumps contain info on 2-3 registers like this out of the thousand+.
But, the header files contain all the data, presumably, on CPU, GPU, DART, etc.
They have also leaked much more before.
Regardless, it is much more likely to me that someone got a recent internal SDK (which again, was at least shared with partners at various points in time), went looking through the header files, and then started testing things out, than it is to me that they engineered a backdoor from scratch into the GPU.
If you look at the debug info in the Kernel dev kits, you can see the internal SDK (which has existed forever - i had access to it 2 decades ago when i was working on compilers at IBM, for apple) has chip/register info in it:
Just some examples. The first one is a header file containing the register names/structures/flags etc for the DART. The second is for recent p-cores. etcDepending on what the kernel uses, sometimes they accidentally leak most of the data (more than once).
So for example, the current XNU debug info leaks the register bits/structure of the hid18 register (a p-core register):
https://gist.github.com/dberlin/ec277fc61c33419e658a17f743e1...
(I put this in a GIST because i am too lazy to try to get the formatting right in-comment)
So you can see the bits of HID18 and what they mean, just from the debug info.
Now, current XNU dumps contain info on 2-3 registers like this out of the thousand+.
But, the header files contain all the data, presumably, on CPU, GPU, DART, etc.
They have also leaked much more before.
Regardless, it is much more likely to me that someone got a recent internal SDK (which again, was at least shared with partners at various points in time), went looking through the header files, and then started testing things out, than it is to me that they engineered a backdoor from scratch into the GPU.