Breaking News — Microsoft today announced that it will open-source the firmware, drivers, and software stack of its Azure Integrated Hardware Security Module (HSM), a tamper-resistant chip built into every new Azure server. The disclosure came at the Open Compute Project (OCP) EMEA Summit, where the company also pledged to release hardware designs to the open ecosystem.
“We believe transparency builds trust, and open-sourcing our HSM firmware allows independent validation of security controls,” said Mark Russinovich, Azure CTO, in a statement. “This move reduces reliance on proprietary protocols and strengthens cryptographic foundations for AI and sovereign cloud workloads.”
Background
Azure Integrated HSM is a Microsoft-designed hardware security module integrated directly into the compute platform, not a centralized service. It meets FIPS 140-3 Level 3, the highest standard for tamper resistance and hardware-enforced isolation required by governments and regulated industries.
Previously, customers relied solely on vendor claims about HSM security. With this open-source release — now available on GitHub — external auditors, partners, and regulators can inspect the firmware, review the OCP SAFE audit report, and participate in a new OCP workgroup guiding ongoing development.
What This Means
For regulated industries like finance, healthcare, and defense, independent validation of cryptographic trust is now possible at the hardware level. “This enables customers to assess implementation details directly, rather than relying solely on vendor assertions,” Russinovich noted.
The move also supports sovereign cloud scenarios, where national security requirements demand verifiable, non-proprietary security modules. By open-sourcing the firmware and design, Microsoft reduces lock-in and accelerates community-driven improvements.
At a time when AI inference and national digital infrastructure depend on cryptographic trust, Azure Integrated HSM’s transparency establishes a more verifiable foundation for cloud security. The firmware repository includes independent validation artifacts, and the OCP workgroup will guide architectural specs, protocol definitions, and hardware evolution.
Next Steps
Microsoft plans to release the full Azure Integrated HSM hardware through OCP soon, enabling third-party manufacturers to build compatible modules. The company also invites collaborators to join the OCP workgroup to shape future versions.
For additional details, visit the Azure Integrated HSM documentation or read more about Azure Security.