AMI’s Open-Source Bet: How We Learned to Build Firmware with the Community

blog title card that reads AMI's Open-Source Bet: How We Learned to Build Firmware with the Community on a red and black abstract background

May 15, 2026

By Zachary Bobroff, Chief Product Officer, AMI

AMI has been a firmware company for 40 years. For the first 35 of those, we built strictly proprietary BIOS and BMC solutions, and those products still serve most of our customers very well. But a gradual shift was quietly underway, so that by 2021 the Open Compute Project had become the gravitational center of data center innovation. From there forward, hyperscalers, ODMs, and silicon vendors were all building in the open. We could either participate or watch the industry move without us. That was not a hard call.

Where the Real Value Lives

The thing that most customers value from AMI is not the base capability of booting a platform or managing it. Value lies in the advanced features, the speed of security fixes, and the path to market. Open-source foundations like EDK II and OpenBMC™ sat on the periphery for years, handling those base layers. Contributing our code to OCP across Aptio®, MegaRAC®, and Tektagon® let the community share in validation and core innovation while we focused higher in the stack, on the work that can truly differentiate our customers’ products.

AMI sits between system manufacturers like OEMs and ODMs and data center operators like hyperscalers and neoclouds. While open-source projects like EDK II and OpenBMC offer great places for collaboration, OCP is where you find the most interaction between operators and manufacturers. Leveraging these open-source projects and AMI’s unique market connections provides a great way for AMI to contribute to OCP-specific platforms. That position gives us a rare line of sight across the whole firmware landscape, and we take the responsibility that comes with it seriously.

Learning to Move at Open-Source Speed

That shift is still underway. Open source moves at a pace that catches many by surprise. In the traditional OEM world, firmware updates ship every six months – after months of broad testing. Hyperscalers operate differently. They use systems one way, replace them like field components, and expect regular updates. We had to build product solutions for both speeds: rapid cadence for hyperscalers, and a more stable and longer-validated code base for everyone else.

Speed alone is not the point, though. Our CEO Sanjoy Maity recently described the challenges facing AI data center operators as a 5-Headed Hydra: fragmentation, security, power and thermal management, fleet scale, and the criticality of the control plane. Each one feeds the others. You cannot ship firmware faster without also tightening security. You cannot unify a fragmented code base without thinking about how it scales across thousands of nodes. The velocity question we wrestled with inside AMI is just one head of that Hydra, and open source is how we started fighting all five at once.

Contributing code also taught us something we did not expect. Committing is not enough. You must explain why a change matters to the community. Every contribution goes through two to three months of review before it merges. A community-led project moves fast in some directions and slower than you would predict in others. We are still learning that rhythm.

A Distribution, Not a Fork

One of our biggest initiatives at AMI right now is MegaRAC OneTree™ Community Edition (CE), our distribution of OpenBMC built as an open foundation for production-ready deployments. The Linux Foundation version is the upstream source of truth, but in practice, hardware and silicon vendors have forked it in different directions. If you are using a BMC from one vendor and a host processor from another, you are cherry-picking from scattered branches to assemble a working stack. That is the fragmentation problem. Other forks in the market tend to be tied to specific hardware vintages or a single vendor’s platform.

MegaRAC OneTree CE is hardware-agnostic by design, built to support multi-vendor environments because that is the reality most operators live in. Think of it the way Ubuntu™ or Fedora relate to the Linux® kernel. The kernel is the foundation; the distribution makes it usable at scale.

Our principle is upstream-first. We pre-vet features with maintainers to streamline reviews and commit to upstreaming everything that the OpenBMC project will accept. Some changes ship in MegaRAC OneTree CE first because we can move faster on our own code base, but they go upstream on the back end. This is not a fork. It is a release and versioning discipline layered on top of a project that, candidly, is not well-versioned today.

With so many contributors on different release cycles and different priorities, the hardest engineering problem is one that outsiders rarely see: version control. Who decides when a version is cut? How do you patch it without breaking someone else’s cycle? That coordination challenge is the real work behind the scenes.

Transparency as a Security Posture

I understand the concern that open-source firmware makes security teams nervous. But the algorithms at work here are known industry standards, and nothing needs to be hidden. Opening the code means third-party audits and community review can happen in parallel. When zero-day attacks can materialize in minutes, transparency and fast patching cycles beat obscurity.

Tektagon, our open-source Platform Root of Trust solution, operates as a secure orchestration layer. It verifies that firmware is authentic and correctly signed. It manages the boot process rather than trying to control it. AMI is also the only vendor with OCP SAFE compliance across boot, manageability, and security firmware. That gives operators an auditable, defensible foundation that a closed stack cannot match at the same speed.

Growing the Market, Not Just Competing in It

One impact of open source stands out that many underestimate: it grows the total addressable market. OpenBMC opened manageability beyond servers, into CDUs, power shelves, switches, and other infrastructure that never had it before. Lower barriers to entry create more devices that need servicing, and that creates more opportunity for our commercial capabilities on top. I do not see this stopping as AI factories continue to scale. Complexity will only increase, and that complexity will directly drive new hardware innovation, expanding the surface area for manageability and control.

Built With, Not For

Our open-source work is not a gift to the community. It is something we build with the community. Likewise, our Community Edition solutions are not stripped-down versions of our commercial products. They are a genuine baseline for innovation, a foundation that stands on its own. Some users will deploy that code and never pay AMI a dime. That requires investment and risk tolerance on their side, and that is fine.

But for those who hit the limits of community-based code and want production-grade support and lifecycle management, we are already in the conversation. The shift from proprietary to open contributor is not finished. I do not think it ever will be. That is the nature of building in the open.

Finally, open source is not a destination you arrive at. It is a discipline you practice. From our first contribution in 2019, AMI is admittedly still early in that practice relative to some of our peers. But as the graph below shows, we have made a concerted effort to meaningfully increase our contributions to the OpenBMC project in the last 6 months across our total number of contributions, merged changes and the number of qualified contributors.

What we bring to the table is deep platform expertise, a broad view of the firmware landscape, and a genuine willingness to do the work in public. We expect criticism along the way. We also expect to earn trust the only way open source allows: one contribution, one review cycle, one upstream commit at a time.

OpenBMC is a trademark of LF Projects, LLC. MegaRAC OneTree is a trademark of AMI US Holdings, Inc. Ubuntu is a trademark of Canonical, Ltd. Fedora is a registered trademark of Red Hat, Inc., or its subsidiaries in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. All other trademarks and registered trademarks are the property of their respective owners.

Trusted for What’s Critical

AMI is your low-risk partner for high-stakes innovation. Our firmware solutions drive performance, reliability and time to market when it matters most.

When you work with AMI, you get deep expertise, proven stability and hands-on support throughout your development journey. Contact us to learn how AMI firmware solutions can help you reduce risk, simplify complexity and scale with confidence.

Contact Us

DOWNLOAD LICENSE AGREEMENT

NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEBSITE (ami.com) OR ANY OTHER AMI OWNED, OPERATED, LICENSED OR CONTROLLED SITE

 Any software that is made available to download from this server ("Software") is the copyrighted work of AMI and/or its suppliers. Use of the Software is governed by the terms of the end user license agreement, if any, which accompanies or is included with the Software ("License Agreement"). An end user will be unable to install any Software that is accompanied by or includes a License Agreement, unless he or she first agrees to the License Agreement terms.

 The Software is made available for downloading solely for use by end users according to the License Agreement. Any reproduction or redistribution of the Software not in accordance with the License Agreement is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.

 WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE SOFTWARE TO ANY OTHER SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED, UNLESS SUCH REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PERMITTED BY THE LICENSE AGREEMENT ACCOMPANYING SUCH SOFTWARE.

 THE SOFTWARE IS WARRANTED, IF AT ALL, ONLY ACCORDING TO THE TERMS OF THE LICENSE AGREEMENT. EXCEPT AS WARRANTED IN THE LICENSE AGREEMENT, AMI HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.

 FOR YOUR CONVENIENCE, AMI MAY MAKE AVAILABLE ON THIS SERVICE OR IN ITS SOFTWARE PRODUCTS, TOOLS AND UTILITIES FOR USE AND/OR DOWNLOAD. AMI DOES NOT MAKE ANY ASSURANCES WITH REGARD TO THE ACCURACY OF THE RESULTS OR OUTPUT THAT DERIVES FROM SUCH USE OF ANY SUCH TOOLS AND UTILITIES. PLEASE RESPECT THE INTELLECTUAL PROPERTY RIGHTS OF OTHERS WHEN USING THE TOOLS AND UTILITIES MADE AVAILABLE ON THIS SERVICE OR IN AMI SOFTWARE PRODUCTS.

 RESTRICTED RIGHTS LEGEND. Any Software which is downloaded from this Server (ami.com) any other AMI owned, operated, licensed or controlled site for or on behalf of the United States of America, its agencies and/or instrumentalities ("U.S. Government"), is provided with Restricted Rights. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software - Restricted Rights at 48 CFR 52.227-19, as applicable. Manufacturer is AMI 3095 Satellite Boulevard, Building 800, Suite 425, Duluth, GA 30096.

NOTICE SPECIFIC TO DOCUMENTS AVAILABLE ON THIS WEBSITE

 Permission to use Documents (such as white papers, press releases, datasheets and FAQs) from this server (ami.com) any other AMI owned, operated, licensed or controlled site ("Server") is granted, provided that (1) the below copyright notice appears in all copies and that both the copyright notice and this permission notice appear, (2) use of such Documents from this Server is for informational and non-commercial or personal use only and will not be copied or posted on any network computer or broadcast in any media and (3) no modifications of any Documents are made. Educational institutions ( specifically K-12, universities and state community colleges) may download and reproduce the Documents for distribution in the classroom. Distribution outside the classroom requires express written permission. Use for any other purpose is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.

 Documents specified above do not include the design or layout of the ami.com website or any other AMI owned, operated, licensed or controlled site. Elements of AMI websites are protected by trade dress, trademark, unfair competition and other laws and may not be copied or imitated in whole or in part. No logo, graphic, sound or image from any AMI website may be copied or retransmitted unless expressly permitted by AMI.

 AMI AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. AMI AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL AMI AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE FROM THIS SERVER.

 THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS SERVER COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. AMI AND/OR ITS RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME.

NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COPYRIGHT INFRINGEMENT

 Pursuant to Title 17, United States Code, Section 512(c)(2), notifications of claimed copyright infringement should be sent to Service Provider's Designated Agent. ALL INQUIRIES NOT RELEVANT TO THE FOLLOWING PROCEDURE WILL NOT RECEIVE A RESPONSE.

 See Notice and Procedure for Making Claims of Copyright Infringement.

LINKS TO THIRD PARTY SITES

 THE LINKS IN THIS AREA WILL LET YOU LEAVE AMI'S SITE. THE LINKED SITES ARE NOT UNDER THE CONTROL OF AMI AND AMI IS NOT RESPONSIBLE FOR THE CONTENTS OF ANY LINKED SITE OR ANY LINK CONTAINED IN A LINKED SITE, OR ANY CHANGES OR UPDATES TO SUCH SITES. AMI IS NOT RESPONSIBLE FOR WEBCASTING OR ANY OTHER FORM OF TRANSMISSION RECEIVED FROM ANY LINKED SITE. AMI IS PROVIDING THESE LINKS TO YOU ONLY AS A CONVENIENCE, AND THE INCLUSION OF ANY LINK DOES NOT IMPLY ENDORSEMENT BY AMI OF THE SITE.

UNSOLICITED IDEA SUBMISSION POLICY

 Neither AMI, nor its employees, agents and/or subsidiaries, shall accept or consider unsolicited ideas, including but not limited to ideas for new advertising campaigns, new promotions, new products or technologies, processes, materials, marketing plans or new product names. Submission of any original creative artwork, samples, demos, or other works to AMI is expressly prohibited. In the event a submission including unsolicited materials of any nature is received by AMI, said submission shall be destroyed and AMI shall not be liable for any direct or consequential damages suffered by the sender, nor shall AMI be under any obligation to treat such material as confidential or proprietary. It is expressly understood that the rationale for AMI's policy on unsolicited idea submission is to prevent a third party from making a claim of infringement against AMI on the basis of an idea, product, or other material that is developed by AMI, that may be similar to or the same as an idea, product, or other material contained in an unsolicited submission that may have been submitted to and/or received by AMI.

FEEDBACK AND INFORMATION

 ANY FEEDBACK YOU PROVIDE AT THIS SITE SHALL BE DEEMED TO BE NON-CONFIDENTIAL. AMI IS FREE TO USE SUCH INFORMATION ON AN UNRESTRICTED BASIS.

Terms & Conditions