Protecting Azure Infrastructure from silicon to systems

At Microsoft, our approach to secure design starts right at the base of our computing architecture—the silicon level—and extends seamlessly through every facet of the cloud.

At Microsoft, our strategy for secure design kicks off at the very foundation of our computing stack—the silicon level—and continues throughout every layer of the cloud. Since we’ve introduced the Secure Future Initiative (SFI), a commitment to security across the company, our focus remains on providing products and solutions that are secure by design, secure by default, and secure in operation.

SFI is central to Azure’s method for crafting hardware systems, revolutionising the architecture, deployment, and operation of our physical cloud and AI infrastructure. Azure is transforming security for workloads from the datacentre to the edge. Our all-encompassing strategy includes Azure Boost, which separates control and data planes for virtual machines; the Azure Integrated HSM, a bespoke security chip ensuring FIPS 140-3 Level 3 key protection within our servers; and confidential computing, which safeguards data in use through hardware-based Trusted Execution Environments (TEEs).

Microsoft is consistently working to advance systematic security audits and contribute to the open-source community with initiatives like Caliptra—a silicon root of trust designed to anchor security directly in hardware. By integrating these efforts with technologies such as confidential computing and code transparency services, we aim to ensure that every element in our supply chain can be verified securely.

Specialised Silicon for Enhanced Security

Azure Boost acts as the security controller for the system, ensuring secure access to Azure. Only systems with a verified and approved security setup can gain access.

To boost security and performance, Azure Boost transfers control plane services away from the host CPU to a dedicated Azure Boost system controller. This setup provides a clear hardware separation between Azure’s control plane—operating on the Azure Boost controller—and customer workloads—running on the CPU—ensuring robust isolation and protection.

The Azure Integrated HSM is a local Hardware Security Module (HSM) tailored for high-assurance workloads. It’s built to meet the demanding criteria of the Federal Information Processing Standards (FIPS) 140-3 Level 3, requiring strong isolation, tamper-proof hardware, identity-based authentication, and automatic zeroisation. Azure Integrated HSM keeps keys secure by ensuring they always remain within the HSM.

Unlike centralised remote HSM services, Azure Integrated HSM avoids network delays for key operations, and there’s no need to release keys into the workload environment. Instead of relying on remote access, the Azure Integrated HSM is securely tied to the local workload, offering oracle-style key usage to approved services within the local setup.

The Azure Datacentre Secure Control Module (DC-SCM) functions as a security and server control unit that houses Hydra—a Board Management Controller (BMC) designed with a security focus, featuring an integrated root of trust and hardware-based security protection across all management interfaces. This root of trust prevents unauthorised access to BMC firmware, ensuring its authentication and cryptographic validation.

Confidential Computing Provides Reliable Security Guarantees

Confidential computing utilises hardware-based Trusted Execution Environments (TEEs) to protect workloads—like virtual machines—from interference by other system software, including the hypervisor.

Microsoft, as a founding member of the Confidential Computing Consortium, collaborates closely with CPU and GPU manufacturers to design and embed confidential computing technologies into their hardware directly. Earlier this year, we shared at the Confidential Computing Summit how we defined a spectrum of guarantees that users can activate with confidential computing while porting their applications, including:

1. On by default, enabling the lift and shift of existing applications with minimal modifications.
2. Build in confidential computing by crafting services and applications that harness hardware-based protections more deeply.
3. Make use of transparent confidential computing for greater insights into secure interactions of confidential services.

Azure boasts the most extensive range of confidential computing solutions, which include confidential virtual machines, containers, generative AI, and services like Azure Confidential Ledger, Azure Attestation, and Managed HSM—each engineered to safeguard code and data throughout their life cycle with hardware-backed security.

Transparency in Hardware Security

Caliptra serves as a hardware root of trust that is crucial for device security. It establishes the chain of trust directly in silicon, laying down foundational security attributes that support the integrity of advanced features. This base allows workloads to verify the code and setup of the underlying platform, fostering trust in the hardware environment.

Caliptra is a completely open-source silicon root of trust developed collaboratively by Microsoft, AMD, Google, and NVIDIA. In April, we rolled out Caliptra 2.0, which introduced Adams Bridge—an open-source accelerator focused on post-quantum resilient cryptography. This made Caliptra the first open-source root of trust to incorporate advanced post-quantum cryptography, promoting wider adoption throughout the hardware community.

Systematic Security Reviews are vital in protecting hardware infrastructure, which relies on both fundamental hardware features and the firmware operating above them. Guaranteeing firmware security involves thorough code reviews, regular security assessments, and hardware-based attestation.

Traditionally, Microsoft performed these reviews internally. To improve transparency and extend security assurances beyond our boundaries, we teamed up with Google and the Open Compute Project in 2023 to create OCP SAFE—a structured framework for systematic security reviews.

Under the OCP SAFE framework, approved Security Review Providers (SRPs) conduct independent evaluations and provide verifiable endorsements of a manufacturer’s security compliance. These endorsements act as reliable evidence, supporting secure device attestations and reinforcing trust in the hardware supply chains.

Boosting Security with Code Transparency Services

Code Transparency Services (CTS) is an immutable ledger technology crafted to meet the standards of Supply Chain Integrity, Transparency, and Trust (SCITT). It operates solely within confidential computing environments, enhancing trust in Azure’s hardware and firmware by ensuring that each component is verifiably secure.

CTS tackles significant challenges concerning firmware origin, integrity, and auditability across both first-party and third-party supply chains. When combined with a silicon root of trust like Caliptra and audits such as OCP-SAFE, CTS guarantees that hardware and firmware are authorised, non-repudiable, and immutably auditable.

Currently, CTS is a key element in Azure’s confidential cloud services. Beyond its internal use, CTS will be offered as a managed service—enabling Azure customers to establish and operate their own transparency service instances.

Maintaining Security with Microsoft

Microsoft’s Secure Future Initiative (SFI) serves as a guiding principle for building a secure and reliable cloud infrastructure. By embedding security at every layer—from silicon through systems to services—Azure adopts a defence-in-depth strategy to cloud security. Through innovations like Azure Boost, Azure Integrated HSM, and confidential computing, alongside collaborative initiatives such as Caliptra, OCP SAFE, and SCITT, Microsoft is not only securing current workloads but also creating a foundation for a more secure and transparent future.