Note that UEFI doesn't mean supporting most of those.

UEFI without runtime UEFI variable writes is a thing, and that configuration is incompatible with mokutil.

FWIU,

There is no SecureBoot without UEFI.

UEFI without SecureBoot does have advantages over legacy BIOS with DOS MBR.

> UEFI without runtime UEFI variable writes is a thing

Which vendors already support this?

Do any BIOS - e.g. coreboot - support disabling online writes to EFI? (with e.g. efibootmgr or efivar or /sys/firmware/efi)

One of the initial use cases for SecureBoot is preventing MBR malware.

What there be security value to addding checksums or signatures as args to each boot entry in grub.cfg for each kernel image and initial ramdrive?

Unless /boot is encrypted, it's possible for malware to overwrite grub.cfg to just omit signatures for example.

> Which vendors already support this?

One implementation I've seen in the wild is: https://docs.nvidia.com/jetson/archives/r36.4/DeveloperGuide...

Secure Boot is still supported in that configuration, but with PK/db/dbx being part of the firmware configuration and updating them requiring a UEFI capsule update.

Looks like UKI include the initrd in what EFI checks the signature of.

Add signature checking for grub.cfg (instead of just the EFI shim) but that requires enrolling a local key

Add initrd signatures to grub.cfg

U-Boot nowadays speaks UEFI :) (and so does LK)

New Android devices all use a UEFI bootloader: https://source.android.com/docs/core/architecture/bootloader...

Side note: USB 3 Lightning did exist on iPad Pros.

No. It existed with one special adapter.

SME2 is restricted in scope to matrix multiply workloads and isn't really designed for anything else.

The point of streaming SVE is to have a way to pre/post process data on the way in or out of a matrix multiply.

A list that I have around of chips which support various levels of SVE:

For SVE(1) deployment, chips that have it: - Fujitsu A64fx - AWS Graviton3

SVE2: - Snapdragon X2, 8/8 Elite Gen 5 and later - MediaTek Dimensity 9000 and later - NVIDIA Tegra Thor and later, NVIDIA "N1" or later (GB10 is an "N1x" SKU) - Samsung Exynos 2200 or later - AWS Graviton4, Microsoft Cobalt 100, Google Axion (and newer chips) - CIX P1

SME(1) instead of SME2:

- Snapdragon X2, 8/8 Elite Gen 5

SME2:

- Apple M4, A18 and later - Samsung Exynos 2600 - MediaTek Dimensity 9500

Note that the Snapdragon 8/8 Elite Gen 5 and X2 support sve2 but not svebitperm.

Qualcomm was odd like that for a long time yeah.

And yes the Gen 5 chips (8, 8 Elite and X2) do implement SVE2 and SME.

AmpereOne M with MTE is out nowadays

Good to know, still I bet there are more Solaris SPARC deployments on the wild than GNU/Linux on AmpereOne M.

LPCAMM2 is more present on business/high end machines unfortunately. It's not an Intel restriction.

There are Intel CPUs which come with bundled RAM. For example Intel Core Ultra 5 238V. It's like SoM: RAM is mounted directly on the CPU package, not even soldered on the motherboard. I'm not sure what particular advantages does that bring over traditional packaging, maybe shorter wires to allow for faster turnarounds between CPU and RAM. But there's zero chance of upgrading or replacing RAM for sure.

> I'm not sure what particular advantages does that bring over traditional packaging

Massive increase in bandwidth, which is useful for e.g. running local LLMs.

In theory, but that is not the case with Lunar Lake, which nowadays does not have a greater bandwidth than the current CPUs with external LPDDR memory.

However, at launch, a year and a half ago, it had a bandwidth about 15% higher than competing CPUs.

For a really "massive increase in bandwidth", it would have needed a wider memory interface, like AMD Ryzen Max, which has a 256-bit memory interface, instead of the 128-bit memory interface of most Intel/AMD laptop CPUs.

Yes, totally. By introduced I didn't mean they were the first in the space but rather they have introduced it to the laptops they're shipping now. But yes, it's been a thing for awhile on other architectures as well.

Google outright has worst in class SoCs on both CPU and GPU unfortunately.

If you want something more perf competitive, pick Dimensity, Exynos, or Snapdragon.

> While the parent article shows AMD Zen 5 having significantly better results in floating-point SPEC CPU2017, these benchmark results are still misleading, because in properly optimized for AVX-512 applications the difference between Zen 5 and Cortex-X925 would be much greater. I have no idea how SPEC has been compiled by the author of the article, but the floating-point results are not consistent with programs optimized for Zen 5.

The arithmetic intensity of most SPECfp subtests is quite low. You see this wall because it ends up reaching bandwidth limitations long before running out of compute on cores with beefy SIMD.

It took until Alder Lake-N for the atom-grade stuff to have AVX2 across the board.