As the Open community gathers in Taipei this week for the 2025 OCP APAC Summit, AMI will take the opportunity to highlight our continued involvement with the OCP Security Appraisal Framework and Enablement (S.A.F.E.) Program, and our achievement as the first and only independent firmware vendor (IFV) approved under its guidelines.
Announced during the 2023 OCP Global Summit, the OCP S.A.F.E. Program is designed to provide a strong degree of security assurance for the provenance, code quality and software supply chain for hardware and firmware releases for the wide variety of processing devices that are found in modern data centers.
To earn this prominent distinction as “OCP S.A.F.E Approved”, AMI previously completed two in-depth security audits with an OCP-approved security review provider. During the 2024 OCP Global Summit in San Jose, we announced that our Aptio Community Edition™ had successfully completed the OCP S.A.F.E. audit process, and later that year we completed the same for our MegaRAC Community Edition™. As part of the security reviews, Short Form Reports (SFR) from the audit process were published on the OCP marketplace, available through the links below:
- https://github.com/opencomputeproject/OCP-Security-SAFE/blob/main/Reports/AMI/2024/Aptio%20CE%20for%20Genoa/AMI_OCP-SAFE-Review_Final-Report-(UEFI)_2024-10-10.json
- https://github.com/opencomputeproject/OCP-Security-SAFE/blob/main/Reports/AMI/2024/MegaRAC%20Community%20Edition/2024-12-10_AMI_OCP-SAFE-Review_Final-Report-(BMC).json
Helping Bring Order and Transparency to the Open-Source Firmware Supply Chain
Through four decades of firmware development and early adoption of open-source architectures, AMI has a keen understanding of how fragmentation of open-source solutions can lead to sacrifices in transparency and security. Community-driven verification of software clones – exacerbated by inconsistent branching – can become impossible without a single source of truth, leading to increased fragmentation and potentially jeopardizing the security of the ecosystem.
We believe that our approach is one of many ways that AMI stands out from the competition: by not only providing development services – which alone may increase fragmentation – but also maintaining an open-source contribution on which to base those development services. In this way, AMI is well positioned as the IFV best suited to drive security, transparency, and reliability over a multitude of fragmented solutions.
Through our OCP S.A.F.E verified development services and open-source contributions to the OCP GitHub repository, AMI distinguishes itself as a single source of truth bringing secure and transparent provenance to the firmware supply chain. Our contribution to the OCP GitHub helps bring a level of order and reliability to an open ecosystem, attested by the security audit – and is why we are honored to hold the first and only OCP S.A.F.E approvals granted to an IFV.
Learn More during 2025 OCP APAC Summit
We invite the community to our OCP S.A.F.E. presentation on August 5 at the 2025 OCP APAC Summit to better understand the advantages that an OCP S.A.F.E. audited open-source contribution provides, to both AMI customers and the entire open community. We also invite you to meet with AMI experts in Booth G09 during the Summit and learn about our cutting-edge technologies and initiatives that are helping to drive the open ecosystem and the future of computing forward.