At least some Vega GPUs from AMD require firmware for the GPU to be signed by AMD. This prevents modding as well as theoretical open source GPU firmware development. AMD claims this is required in some way by Microsoft’s Secure Boot, although Secure Boot does not appear to require this in any way.
I originally found this mentioned here, about the RX Vega56:
The Validation & Security Blocks on BIOS section in
In a later video, they mention that as far as they know, such a guideline does not exist. (mentioned here)
In particular, I am saddened by the removal of the possibility for reverse-engineering the GPU firmware, like Fail0verflow did for an older AMD GPU:
Huh, I did not realise that the GPU firmware was loaded from GPU-ROM to system-RAM by the CPU. However, this means that the signature checker (which we know is part of the GPU hardware) has to act before the CPU reads the firmware.
GPU verifies GPU-firmware in GPU-ROM
CPU reads GPU-firmware from GPU-ROM
CPU writes GPU-firmware to system-RAM
GPU reads GPU-firmware from system-RAM
The only way this makes sense is if there is a FIRMWARE_SIGNATURE_VALID flag somewhere. We know verification failure does not bar access to the GPU-ROM, since they could verify the GPU-ROM-flashing was successful.