Microsoft revealed on April 30, 2026 that it will open-source the core components of its Azure Integrated HSM, a custom-designed hardware security module that is being embedded into next-generation Azure servers. The move aims to provide cloud customers with verifiable, tamper-resistant key management that eliminates the need to trust the cloud provider with encryption keys. By releasing the hardware design, firmware, and software stack under an open-source license, Microsoft is inviting external audits, community contributions, and independent verification of the technology’s security properties.

The announcement marks a significant step in the company’s confidential computing strategy, which has already delivered AMD SEV-SNP and Intel TDX backed virtual machines. Those technologies protect data in use by encrypting memory pages within a trusted execution environment (TEE). However, the integrity of encryption keys and attestation secrets has still relied on separate hardware security modules (HSMs) that operate outside the customer’s direct visibility. Azure Integrated HSM changes that by integrating a fully auditable HSM directly onto the server motherboard, tightly coupled with the host CPU’s secure enclave.

What Is Azure Integrated HSM?

Hardware security modules are specialized processors that generate, store, and manage cryptographic keys within a hardened physical boundary. Traditional cloud HSMs, such as those offered as dedicated appliances or network services, are shared infrastructure operated by the provider. While they meet stringent compliance standards like FIPS 140-2 Level 3 or 4, customers must trust that the provider has implemented and configured them correctly—and that no backdoor exists.

Azure Integrated HSM is different. It is not a separate appliance but an embedded component inside the server itself, connected directly to the host bus. This physical proximity allows it to serve multiple security functions simultaneously: it can provision keys for confidential VMs, attest to the health of the platform, seal secrets to specific TEE measurements, and offload cryptographic operations for performance. Because the module is fully integrated with the hardware root of trust, it can bind keys to the exact combination of CPU firmware, BIOS, and TEE configuration—ensuring that a key can only be unwrapped inside a verified, untampered environment.

Microsoft initially disclosed the concept of an integrated HSM in 2024 during the unveiling of its custom Cobalt 100 processors. The first implementation was built on an FPGA, allowing rapid iteration. Over the past two years, the engineering team has hardened the design into an ASIC that will ship in Azure’s V7 server platform. The V7 generation, expected to reach general availability later in 2026, will house the integrated HSM alongside the latest AMD and Intel processors with hardware TEE support.

The Open-Source Release

The open-source release encompasses the complete hardware description language (HDL) source code for the FPGA variant, the firmware running on the module’s secure microcontroller, the software libraries used to interact with it from the host, and the tools required to build and simulate the entire stack. The repository, available on GitHub under the MIT license, also includes a formal specification of the HSM’s API and a reference implementation of the attestation protocol.

By contributing the design to the Open Compute Project (OCP), Microsoft aims to create an industry standard for verifiable server-local HSMs. Any hardware manufacturer, hyperscaler, or enterprise can inspect, audit, and even build their own compatible modules. This openness addresses a persistent concern in cloud computing: the difficulty of verifying that a remote platform has not been compromised by the operator. With access to the source code, a third-party auditor can confirm that the HSM’s firmware does not contain backdoors, that the key derivation logic follows cryptographic best practices, and that the hardware design prevents physical extraction of secrets.

Technical Architecture

The Azure Integrated HSM consists of a hardened secure processing element, a dedicated cryptographic engine, and a small amount of non-volatile memory for storing persistent keys. The module interfaces with the host CPU over a serial bus, such as SPI or I3C, and communicates with the TEE using a lightweight mailbox protocol. During a confidential VM’s launch sequence, the HSM participates in the remote attestation flow: it generates an attestation key that is endorsed by the module’s own hardware-unique key, signs the CPU’s attestation report, and then provisions the VM’s encryption keys only if the report matches a known good configuration.

One of the innovative aspects disclosed in the open-source code is the use of a measured boot chain within the HSM itself. The module’s firmware is divided into multiple stages, each cryptographically measured before execution. The root of trust is a physically unclonable function (PUF) that generates the device’s unique master secret without storing it in non-volatile memory. This means that even if an attacker were to gain physical possession of the server and decap the chip, they could not recover the master key; it only exists as a transient value when the PUF is freshly evaluated.

The HSM also supports post-quantum cryptography (PQC) algorithms. The open-source cryptographic engine includes hardware acceleration for CRYSTALS-Dilithium and CRYSTALS-Kyber, alongside traditional algorithms like ECDSA and RSA. Microsoft stated that this makes the module “future-proof” against the eventual arrival of practical quantum computers.

Impact on Confidential Computing

Confidential computing promises to encrypt data not only at rest and in transit, but also while it is being processed in the server’s memory. Until now, the weakest link has often been the provisioning of the initial encryption keys. If a cloud operator can spoof the attestation or tamper with the key delivery mechanism, the entire TEE security model collapses. Azure Integrated HSM removes the operator from that trust chain by providing a hardware-enforced binding between the platform’s attestation state and the release of secrets.

For customers, this means they can now verify independently—using the published source code and reproducible builds—that their confidential VMs receive keys only after a successful attestation. The open-source model also allows organizations to integrate the HSM’s attestation into their existing security policies using standard frameworks like the Confidential Consortium Framework (CCF).

A major cloud financial services customer, speaking on background, noted that the ability to inspect the firmware source was a “game-changer” for their regulatory compliance. Regulators in several jurisdictions have expressed skepticism about cloud-based key management; with open-source HSMs, auditors can satisfy themselves that no unauthorized access to keys is possible.

Community and Industry Reaction

The open-source hardware community has responded enthusiastically. The Open Compute Project issued a statement calling the contribution “one of the most significant security-oriented hardware disclosures in OCP’s history.” Currently, several silicon vendors are evaluating the design for potential integration into their own server platforms.

Independent security researcher Joanna Rutkowska, known for her work on Qubes OS, commented that “making the HSM firmware verifiable is crucial. Without it, attested execution is just theater.” Meanwhile, competitors like Google Cloud and AWS have not announced similar initiatives, though both offer dedicated HSM services. Industry analysts see Microsoft’s move as a calculated bet: by commoditizing the hardware security layer and making it open, Azure can differentiate on transparency rather than proprietary hardware.

What’s Next?

Microsoft plans to submit the design for FIPS 140-3 Level 3 certification as a standalone module. The certification is expected by early 2027, at which point the integrated HSM will be available for all V7-based confidential computing instances. The company also announced that it will release an on-premises version of the module as a PCIe card, enabling hybrid cloud scenarios where the same verifiable key management is available in private data centers.

Over the longer term, the Azure team hinted at integrating the HSM with the upcoming Azure Boost DPU, offloading network and storage virtualization while maintaining cryptographic isolation. There are also plans to support zero-knowledge proofs directly within the HSM’s secure processing element, enabling privacy-preserving analytics and machine learning.

Conclusion

The open-sourcing of Azure Integrated HSM is more than a code drop—it is a foundational rethinking of how trust is established in the cloud. By allowing anyone to inspect, rebuild, and verify the hardware that safeguards encryption keys, Microsoft is betting that radical transparency will become the new standard for enterprise security. As confidential computing moves from niche deployments to mainstream production workloads, hardware-based, auditable trust anchors like Azure Integrated HSM could decide which cloud earns the loyalty of the world’s most sensitive data.