Firmware security

This article describes how Microsoft secures the cloud hardware ecosystem and supply chains.

Securing the cloud hardware ecosystem

Microsoft actively partners within the cloud hardware ecosystem to drive continuous security improvements by:

  • Collaborating with Azure hardware and firmware partners (such as component manufacturers and system integrators) to meet Azure hardware and firmware security requirements.

  • Enabling partners to perform continuous assessment and improvement of their products’ security posture using Microsoft-defined requirements in areas such as:

    • Firmware secure boot
    • Firmware secure recovery
    • Firmware secure update
    • Firmware cryptography
    • Locked down hardware
    • Granular debug telemetry
    • System support for TPM 2.0 hardware to enable measured boot
  • Engaging in and contributing to the Open Compute Project (OCP) security project through the development of specifications. Specifications promote consistency and clarity for secure design and architecture in the ecosystem.


    An example of our contribution to the OCP Security Project is the Hardware Secure Boot specification.

Securing hardware and firmware supply chains

Cloud hardware suppliers and vendors for Azure are also required to adhere to supply chain security processes and requirements developed by Microsoft. Hardware and firmware development and deployment processes are required to follow the Microsoft Security Development Lifecycle (SDL) processes such as:

  • Threat modeling
  • Secure design reviews
  • Firmware reviews and penetration testing
  • Secure build and test environments
  • Security vulnerability management and incident response

Next steps

To learn more about what we do to drive platform integrity and security, see: