Commercially-supportable open firmware enables vertical integration for cloud computing and edge hardware appliances. The 2023 OpenSIL announcement included vendors who contribute to open-source firmware and reference hardware in OpenCompute and other projects.
AMD believes one of the ways to attain an improved security posture is to open Silicon Initialization Firmware architecture, development, and validation to the open-source community. AMD is committed to open-source software and is now expanding into the various firmware domains with the re-architecture of its x86 AGESA FW stack - designed with UEFI as the host firmware that prevented scaling, to other host firmware solutions such as coreboot, oreboot, FortiBIOS, Project µ and others.
AMD, in close collaboration with a few other organizations (9elements, AMI, AWS, 3mdeb, Datacom, Google, Meta, Oxide) from the open-source landscape, developed the first instance of AMD openSIL..
This is precisely it. Also, maybe some regulatory requirements of cloud providers and organizations like OCP. Commoditizing their complement is probably another obvious goal.
We also have to note that AMD seems to be heading for being a market leader in the server market (some signals are active in OCP Caliptra and OSF). We can see their presence at the upcoming OCP Summit, where they (together with Intel) will push forward the agenda of a generic framework for bootstrapping firmware, which is called openSFI:
https://youtu.be/1CE6olXT604
Overhead should be minimal but something is preventing it from working as well as it theoretically should. AFAIK Microsoft has been improving VBS but I don't think it's completely fixed yet.
BF6 requiring VBS (or at least "VBS capable" systems) will probably force games to find a way to deal with VBS as much as they can, but for older titles it's not always a bad idea to turn off VBS to get a less stuttery experience.
As a network engineer I mainly like VMware workstation because of its awesome virtual network editor that lets me easily build complex topologies but it doesn't work when you use Hyper-V.
Same. Have to disable VBS for VirtualBox, and it gets more and more obscure with each update because some features like Windows Hello force it back on.
We're working on HPC / graphics / computer-vision software and noticed a particularly nasty issue with VBS enabled just last week. Although, have to be mentioned it was on Win10 Pro.
Only if you want to virtualize it or have vms, for VBS it simply disables hardware pcie memory space isolation. (With IOMMU on, each pcie device gets an isolated memory buffer).
> The PFB is found in many different application domains such as radio astronomy, wireless communication, radar, ultrasound imaging and quantum computing.. the authors worked on the evaluation of a PFB on the AIE.. [developing] a performant dataflow implementation.. which made us curious about the AMD Ryzen NPU.
> The [NPU] PFB figure shows.. speedup of circa 9.5x compared to the Ryzen CPU.. TINA allows running a non-NN algorithm on the NPU with just two extra operations or approximately 20 lines of added code.. on [Nvidia] GPUs CUDA memory is a limiting factor.. This limitation is alleviated on the AMD Ryzen NPU since it shares the same memory with the CPU providing up to 64GB of memory.
Just a random powered USB-C Hub with a few external drives on one port and a Thunderbolt SSD I had from an old project on the other.
For now, I just use the SMB server built into MacOS because I've not gotten around to installing Asahi on it.
I think I turned auto update off on this machine but if it reboots, you would have to login first. Doesn't bother me, though. I don't have any uptime requirements.
> the best modern laptops I have found are the Dell Latitude/Precision laptops with an Intel vPro Enterprise CPU. The second best group of laptops I have found are modern Lenovo Thinkpads with Intel vPro Enterprise or AMD Ryzen Pro CPUs. These are relatively easy to acquire and share these common security properties.. [firmware protection, custom CA, memory encryption, SMM mitigation, DRTM, microcode updates]
> [2023] 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.. [2024] update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances.. transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available.
I know I have been involved in multiple efforts to move the same workloads into and then out of the cloud, as corporate budgeting requirements prioritized either capex or opex at different times.
Is the software open-source with reproducible builds of any runtime binaries?
Oxide has been remarkably transparent about the development and architecture of critical system components. We can only hope they succeed and inspire others to follow their transparency lead.
Open source is a requirement but not the only one. There are countless examples of companies building integrated solutions based off of open source projects that, when they went bankrupt, there was nobody to pick up the available pieces and continue moving the stack forward. Just pointing out that open source is not this magical escape hatch that some people think (at least not in corporate environments).
Especially so for Oxide's decidedly non-Linux setup. They are in a niche software ecosystem with practically no one else. Apparently mostly because they're practically all ex-Solaris staff.
I remember many Linux fans saying that monocultures were bad until Linux became so popular that Linux was the one benefiting from a monoculture. Despite that, the rationale against monocultures still applies.
That said, Illumos is influential as an organ donor to many others. There are a number of awesome technologies in it.
Oh I would love to have some healthy competition to Linux, but I am not rooting for Solaris to do that, I'd rather have one of the Rust-based microkernel actually git gud. Time to shake the foundations of the age-old security and isolation models, not resuscitate a dusty old thing built on piles of C and shell on top of a large monolithic kernel and pretend everything's fine.
You want to run dynamic workloads on a PC? As in a desktop PC? That is clearly a completely different market than Oxide serves.
Or do you mean PC as in rackmounted servers? If that's what you meant, PC is a very poor word for it. That's kind of the point Oxide made from the beginning. Why are you running server workloads on a PC with a funny shape? Why do you need 84 power supplies (2/shelf) in your rack? Why do you need any keyboard or graphics controllers? Why don't you design for purpose a rack-sized server?
Or did you mean exactly what you wrote: "a PC"? You only need one server, not a whole rack's worth? Again, that is not the market Oxide is targeting.
Or you need to be able to run "dynamic workloads" that could require 40-4000 CPUs? You need hypervisors and orchestration, etc.? And you don't want them to be Solaris, or to run on Solaris? And you know all about Hubris and you don't want that either? But you think it would be nice if they weren't Linux? Maybe if they were modern microkernels written in something like Rust? But not the Hubris microkernel written in Rust?
I'm going to have to take you at your word. Your needs are "a bit of a different world" than Oxide fits.
But it's pretty cool that you still got some friendly personal attention from two big-name Oxide employees who seem willing to try to help you if they can. If you ever do find yourself in a world that aligns with theirs it appears that they are willing to try to accommodate you.
We're talking about healthy competition for Linux, Rusty microkernels, and I'm saying Hubris is not what I'm looking for because of the stated reasons. Hubris workloads are defined at build time and it does not target x86.
When I say PC I mean the large ecosystem of compatible performant hardware that exist out there, as opposed to e.g. RISC-V at this stage.
Even if a binary blob requires silicon vendor signature, open-source code can be reviewed and built by customers, to reproduce the signed binary.
reply