Microsoft provides full transparency of the codebase in our UEFI through the Open Source Project Mu on GitHub, managed by Microsoft Intune admin center. Microsoft Surface has been using a unified approach to firmware protection and device security since 2015 through complete end-to-end ownership of the hardware design, in-house firmware development, and a holistic approach to device updates and management.įor Surface, our Unified Extensible Firmware Interface (UEFI) 1 is maintained in-house, regularly updated through Windows Update, and seamlessly deployed for management through Windows Autopilot, minimizing risk and maximizing control at the firmware level before the device boots. Ultimately, this can limit the ability of hardware manufacturers to detect and push out timely updates in response to threats. Today, managing device firmware is an inconsistent experience and often involves third-party providers making firmware challenging to monitor and complicated to maintain. Recent advances in security research demonstrate that as more protections are built into the OS and connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target.